[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ccbe81f by Salvatore Bonaccorso at 2024-05-21T10:18:22+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,23 +1,23 @@ CVE-2024-5145 (A vulnerability was found in SourceCodester Vehicle Management System ...) - TODO: check + NOT-FOR-US: SourceCodester Vehicle Management System CVE-2024-4985 (An authentication bypass vulnerability was present in the GitHub Enter ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server (GHES CVE-2024-4943 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-4710 (The UberMenu plugin for WordPress is vulnerable to Stored Cross-Site S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4470 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4442 (The Salon booking system plugin for WordPress is vulnerable to arbitra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4372 (The Carousel Slider WordPress plugin before 2.2.11 does not sanitise a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4290 (The Sailthru Triggermail WordPress plugin through 1.1 does not sanitis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4289 (The Sailthru Triggermail WordPress plugin through 1.1 does not sanitis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4061 (The Survey Maker WordPress plugin before 4.2.9 does not sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3155 (The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Block ...) TODO: check CVE-2024-35195 (Requests is a HTTP library. Prior to 2.32.0, when making requests thro ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ccbe81f74cb476b72c695786eef3bd0845861e4 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ccbe81f74cb476b72c695786eef3bd0845861e4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 242b558c by Salvatore Bonaccorso at 2024-05-20T17:47:41+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1927,29 +1927,29 @@ CVE-2023-51424 (Improper Privilege Management vulnerability in Saleswonder Team CVE-2023-51401 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: WordPress plugin CVE-2023-51398 (Improper Privilege Management vulnerability in Brainstorm Force Ultima ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51356 (Improper Privilege Management vulnerability in Repute Infosystems ARMe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-50890 (Improper Privilege Management vulnerability in Brainstorm Force Ultima ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49753 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-48757 (Improper Privilege Management vulnerability in Crocoblock JetEngine al ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-48319 (Improper Privilege Management vulnerability in Salon Booking System Sa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47868 (Improper Privilege Management vulnerability in wpForo wpForo Forum all ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47782 (Improper Privilege Management vulnerability in Thrive Themes Thrive Th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47683 (Improper Privilege Management vulnerability in miniOrange WordPress So ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47682 (Improper Privilege Management vulnerability in weDevs WP User Frontend ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47679 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47178 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46784 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) TODO: check CVE-2023-46205 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) @@ -2055,13 +2055,13 @@ CVE-2024-21774 (Uncontrolled search path in some Intel(R) Processor Identificati CVE-2024-21772 (Uncontrolled search path in some Intel(R) Advisor software before vers ...) NOT-FOR-US: Intel CVE-2023-49614 (Out of bounds write in firmware for some Intel(R) FPGA products before ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-48727 (NULL pointer dereference in some Intel(R) oneVPL software before versi ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-48368 (Improper input validation in Intel(R) Media SDK software all versions ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-47859 (Improper access control for some Intel(R) Wireless Bluetooth products ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-47282 (Out-of-bounds write in Intel(R) Media SDK all versions and some Intel( ...) TODO: check CVE-2023-47210 (Improper input validation for some Intel(R) PROSet/Wireless WiFi softw ...) @@ -2511,7 +2511,7 @@ CVE-2024-20326 (A vulnerability in the ConfD CLI and the Cisco Crosswork Networ CVE-2024-1417 (Improper Neutralization of Special Elements used in a Command ('Comman ...) NOT-FOR-US: WatchGuard AuthPoint Password Manager on MacOS CVE-2023-48643 (Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthen ...) - TODO: check + NOT-FOR-US: tac_plus CVE-2023-47717 (IBM Security Guardium 12.0 could allow a privileged user to perform un ...) NOT-FOR-US: IBM CVE-2024-4910 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) @@ -2673,9 +2673,9 @@ CVE-2023-6324 (ThroughTek Kalay SDK uses a predictable PSK value in the DTLS ses CVE-2023-6323 (ThroughTek Kalay SDK does not verify the authenticity of received mess ...) NOT-FOR-US: ThroughTek Kalay SDK CVE-2023-6322 (A stack-based buffer overflow vulnerability exists in the message pars ...) - TODO: check + NOT-FOR-US: ThroughTek Kalay CVE-2023-6321 (A command injection vulnerability exists in the IOCTL that manages OTA ...) - TODO: check + NOT-FOR-US: ThroughTek Kalay CVE-2023-5938 (Multiple functions use archives without properly validating the filena ...) NOT-FOR-US: Nozomi Networks CVE-2023-5937 (On Windows systems, the Arc configuration files resulted to be world-r ...) @@ -3195,7 +3195,7 @@ CVE-2024-0862 (The
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9d7efab7 by Salvatore Bonaccorso at 2024-05-15T11:05:20+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -41,69 +41,69 @@ CVE-2024-3748 (The SP Project & Document Manager WordPress plugin through 4.71 i CVE-2024-3744 (A security issue was discovered in azure-file-csi-driver where an acto ...) TODO: check CVE-2024-3634 (The month name translation benaceur WordPress plugin before 2.3.8 does ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3631 (The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF c ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3630 (The HL Twitter WordPress plugin through 2014.1.18 does not sanitise an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3629 (The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF c ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3548 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3407 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3406 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3405 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3189 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-35175 (sshpiper is a reverse proxy for sshd. Starting in version 1.0.50 and p ...) - TODO: check + NOT-FOR-US: sshpiper CVE-2024-35109 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35108 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-32888 (The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provi ...) TODO: check CVE-2024-31556 (An issue in Reportico Web before v.8.1.0 allows a local attacker to ex ...) - TODO: check + NOT-FOR-US: Reportico Web CVE-2024-31483 (An authenticated sensitive information disclosure vulnerability exists ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31482 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31481 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31480 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31479 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31478 (Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31477 (Multiple authenticated command injection vulnerabilities exist in the ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31476 (Multiple authenticated command injection vulnerabilities exist in the ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31475 (There is an arbitrary file deletion vulnerability in the Central Commu ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31474 (There is an arbitrary file deletion vulnerability in the CLI service a ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31473 (There is a command injection vulnerability in the underlying deauthent ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31472 (There are command injection vulnerabilities in the underlying Soft AP ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31471 (There is a command injection vulnerability in the underlying Central C ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31470 (There is a buffer overflow vulnerability in the underlying SAE (Simult ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31469 (There are buffer overflow vulnerabilities in the underlying Central Co ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31468 (There are buffer overflow vulnerabilities in the underlying Central Co ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31467 (There are buffer overflow vulnerabilities in the underlying CLI servic ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31466 (There are buffer
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bef4386e by Salvatore Bonaccorso at 2024-05-12T07:41:12+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49,9 +49,9 @@ CVE-2024-32990 (Permission verification vulnerability in the system sharing pop- CVE-2024-32989 (Insufficient verification vulnerability in the system sharing pop-up m ...) TODO: check CVE-2024-28761 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-28760 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-27460 (A privilege escalation exists in the updater for Plantronics Hub 3.25. ...) TODO: check CVE-2023-5447 (Missing lock check in SynHsaService may create a use-after-free condit ...) @@ -67,11 +67,11 @@ CVE-2023-52384 (Double-free vulnerability in the RSMC module Impact: Successful CVE-2023-52383 (Double-free vulnerability in the RSMC module Impact: Successful exploi ...) TODO: check CVE-2023-47712 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local u ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-47711 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authen ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-47709 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-4735 (A vulnerability has been found in Campcodes Legal Case Management Syst ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4732 (A vulnerability, which was classified as problematic, has been found i ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bef4386e7e312881ce9cff46c555cb5628b29cc6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bef4386e7e312881ce9cff46c555cb5628b29cc6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60291c8e by Salvatore Bonaccorso at 2024-05-12T07:38:40+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,31 +1,31 @@ CVE-2024-4738 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4737 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4736 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4630 (The Starter Templates \u2014 Elementor, WordPress & Beaver Builder Tem ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4574 (The Graphina \u2013 Elementor Charts and Graphs plugin for WordPress i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4560 (The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4487 (The Blocksy Companion plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4430 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4417 (The Falang multilanguage for WordPress plugin for WordPress is vulnera ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4413 (The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Objec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4329 (The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4213 (The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4209 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4046 (Cracking vulnerability in the OS security module Impact: Successful ex ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-3055 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) TODO: check CVE-2024-32999 (Cracking vulnerability in the OS security module Impact: Successful ex ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60291c8e98ca4a3174cb07d602fe2613d36aa686 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60291c8e98ca4a3174cb07d602fe2613d36aa686 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8081e905 by Salvatore Bonaccorso at 2024-05-04T07:15:53+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -259,7 +259,7 @@ CVE-2024-34062 (tqdm is an open source progress bar for Python and CLI. Any opti NOTE: https://github.com/tqdm/tqdm/security/advisories/GHSA-g7vv-2v7x-gj9p NOTE: Fixed by: https://github.com/tqdm/tqdm/commit/b53348c73080b4edeb30b4823d1fa0d8d2c06721 (v4.66.3) CVE-2024-34061 (changedetection.io is a free open source web page change detection, we ...) - TODO: check + NOT-FOR-US: changedetection.io CVE-2024-34033 (Delta Electronics DIAEnergie has insufficient input validation which m ...) NOT-FOR-US: Delta Electronics CVE-2024-34032 (Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnera ...) @@ -385,7 +385,7 @@ CVE-2024-32831 (Improper Neutralization of Input During Web Page Generation ('Cr CVE-2024-32810 (Missing Authorization vulnerability in ShortPixel ShortPixel Critical ...) NOT-FOR-US: WordPress plugin CVE-2024-32638 (Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling' ...) - TODO: check + NOT-FOR-US: Apache APISIX CVE-2024-32359 (An RBAC authorization risk in Carina v0.13.0 and earlier allows local ...) TODO: check CVE-2024-32114 (In Apache ActiveMQ 6.x, the default configuration doesn't secure the A ...) @@ -455,43 +455,43 @@ CVE-2024-2542 (The Jotform Online Forms \u2013 Drag & Drop Form Builder, Securel CVE-2024-2503 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-2417 (The User Registration \u2013 Custom Registration Form, Login Form, and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2410 (The JsonToBinaryStream()function is part of the protocol buffers C++ i ...) TODO: check CVE-2024-2401 (The Admin Page Spider plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2349 (The Fancy Elementor Flipbox plugin for WordPress is vulnerable to Stor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2346 (The FileBird \u2013 WordPress Media Library Folders & File Manager plu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2345 (The FileBird \u2013 WordPress Media Library Folders & File Manager plu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2328 (The Real Media Library: Media Library Folder & File Manager plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2324 (The FileOrganizer \u2013 Manage WordPress and Website Files plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2273 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2109 (The Booster Extension plugin for WordPress is vulnerable to Sensitive ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2085 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2084 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2082 (The EleForms \u2013 All In One Form Integration including DB for Eleme ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2043 (The EleForms \u2013 All In One Form Integration including DB for Eleme ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29417 (Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1 ...) TODO: check CVE-2024-29309 (An issue in Alfresco Content Services v.23.3.0.7 allows a remote attac ...) TODO: check CVE-2024-28519 (A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld ...) - TODO: check + NOT-FOR-US: MicroWorld Technologies Inc eScan Antivirus CVE-2024-28072 (A highly privileged account can overwrite arbitrary files on the syste ...) NOT-FOR-US: SolarWinds CVE-2024-27453 (In Extreme XOS through 22.6.1.4, a read-only user can escalate privile ...) - TODO: check + NOT-FOR-US: Extreme XOS CVE-2024-25290 (An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to ...) NOT-FOR-US: Casa Systems NL1901ACV R6B032 CVE-2024-25047 (IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 i ...) @@ -505,99 +505,99 @@ CVE-2024-23913 (Use of Out-of-range Pointer Offset vulnerability in Merge DICOM CVE-2024-23912 (Out-of-bounds Read vulnerability in Merge DICOM Toolkit C/C++ on Windo
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 51eea416 by Salvatore Bonaccorso at 2024-05-04T07:07:31+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -209,17 +209,17 @@ CVE-2024-3021 (The Mhr Post Ticker plugin for WordPress is vulnerable to Stored CVE-2024-3005 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) NOT-FOR-US: WordPress plugin CVE-2024-34455 (Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directo ...) - TODO: check + NOT-FOR-US: Buildroot CVE-2024-34453 (TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to ...) NOT-FOR-US: TwoNav CVE-2024-34449 (Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the v ...) - TODO: check + NOT-FOR-US: Vditor CVE-2024-34447 (An issue was discovered in Bouncy Castle Java Cryptography APIs before ...) TODO: check CVE-2024-34446 (Mullvad VPN through 2024.1 on Android does not set a DNS server in the ...) NOT-FOR-US: Mullvad VPN CVE-2024-34408 (Tencent libpag through 4.3.51 has an integer overflow in DecodeStream: ...) - TODO: check + NOT-FOR-US: libpag CVE-2024-34404 (A vulnerability was discovered in the Alta Recovery Vault feature of V ...) NOT-FOR-US: Veritas NetBackup CVE-2024-34403 (An issue was discovered in uriparser through 0.9.7. ComposeQueryMalloc ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51eea4168c50f83625c1530a22d7c1448ff0d179 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51eea4168c50f83625c1530a22d7c1448ff0d179 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4cbbd3fc by Salvatore Bonaccorso at 2024-05-03T22:19:13+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -491,7 +491,7 @@ CVE-2024-27453 (In Extreme XOS through 22.6.1.4, a read-only user can escalate p CVE-2024-25290 (An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to ...) TODO: check CVE-2024-25047 (IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 i ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-24710 (Missing Authorization vulnerability in SlickRemix Feed Them Social.Thi ...) TODO: check CVE-2024-23914 (Use of Externally-Controlled Format String vulnerability in Merge DICO ...) @@ -851,7 +851,7 @@ CVE-2023-50188 (Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable CVE-2023-50187 (Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code ...) TODO: check CVE-2023-47727 (IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar S ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-47220 (An OS command injection vulnerability has been reported to affect Medi ...) TODO: check CVE-2023-44472 (Missing Authorization vulnerability in ThemeFuse Unyson.This issue aff ...) @@ -1263,9 +1263,9 @@ CVE-2023-41182 (NETGEAR ProSAFE Network Management System ZipUtils Directory Tra CVE-2023-41181 (LG SuperSign Media Editor getSubFolderList Directory Traversal Informa ...) TODO: check CVE-2023-40696 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expe ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-40695 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate s ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-40517 (LG SuperSign Media Editor ContentRestController getObject Directory Tr ...) TODO: check CVE-2023-40516 (LG Simple Editor Incorrect Permission Assignment Local Privilege Escal ...) @@ -1453,7 +1453,7 @@ CVE-2023-39458 (Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credent CVE-2023-39457 (Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerab ...) TODO: check CVE-2023-38724 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-38125 (Softing edgeAggregator Permissive Cross-domain Policy with Untrusted D ...) TODO: check CVE-2023-38124 (Inductive Automation Ignition OPC UA Quick Client Task Scheduling Expo ...) @@ -1549,7 +1549,7 @@ CVE-2023-38078 (Kofax Power PDF U3D File Parsing Use-After-Free Information Disc CVE-2023-38077 (Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Information Disclo ...) TODO: check CVE-2023-37407 (IBM Aspera Orchestrator 4.0.1 could allow a remote authenticated attac ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-37359 (Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Information Disclo ...) TODO: check CVE-2023-37358 (Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Information Disclo ...) @@ -75901,7 +75901,7 @@ CVE-2023-28954 CVE-2023-28953 (IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker ...) NOT-FOR-US: IBM CVE-2023-28952 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to inje ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-28951 RESERVED CVE-2023-28950 (IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user infor ...) @@ -93018,7 +93018,7 @@ CVE-2023-23476 (IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is v CVE-2023-23475 (IBM Infosphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2023-23474 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-23473 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site req ...) NOT-FOR-US: IBM CVE-2023-23472 @@ -177311,7 +177311,7 @@ CVE-2022-22366 (IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2. CVE-2022-22365 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax ...) NOT-FOR-US: IBM CVE-2022-22364 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to exte ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-22363 RESERVED CVE-2022-22362 @@ -249834,7 +249834,7 @@ CVE-2021-20558 CVE-2021-20557 (IBM Security Guardium 11.2 could allow a remote authenticated attacker ...) NOT-FOR-US: IBM CVE-2021-20556 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-20555 RESERVED CVE-2021-20554 (IBM Sterling Order Management 9.4, 9.5,
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e6a1c60 by Salvatore Bonaccorso at 2024-04-29T11:42:21+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2024-4303 (ArmorX Android APP's multi-factor authentication (MFA) for the login f ...) TODO: check CVE-2024-4302 (Super 8 Live Chat online customer service platform fails to properly f ...) - TODO: check + NOT-FOR-US: Super 8 Live Chat online customer service platform CVE-2024-4301 (N-Reporter and N-Cloud, products of the N-Partner, have an OS Command ...) TODO: check CVE-2024-4300 (E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in ...) @@ -37,73 +37,73 @@ CVE-2024-33899 (RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows a CVE-2024-33891 (Delinea Secret Server before 11.7.01 allows attackers to bypass au ...) TODO: check CVE-2024-33686 (Missing Authorization vulnerability in Extend Themes Pathway, Extend T ...) - TODO: check + NOT-FOR-US: WordPress themes CVE-2024-33681 (Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Regen ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33649 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33648 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33646 (Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Stick ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33645 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33643 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33641 (Deserialization of Untrusted Data vulnerability in Team Yoast Custom f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33640 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33637 (Insertion of Sensitive Information into Log File vulnerability in Soli ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33634 (Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Ad ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33633 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33632 (Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Add ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33631 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33630 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33629 (Server-Side Request Forgery (SSRF) vulnerability in Creative Motion Au ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33627 (Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33584 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in D ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33575 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33571 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33566 (Missing Authorization vulnerability in N-Media OrderConvo allows OS Co ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33562 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33559 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33553 (Deserialization of Untrusted Data vulnerability in 8theme XStore Core. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33551 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fa5c0f7c by Salvatore Bonaccorso at 2024-04-25T09:23:57+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -82,7 +82,7 @@ CVE-2024-4066 (A vulnerability classified as critical has been found in Tenda AC CVE-2024-3371 (MongoDB Compass may accept and use insufficiently validated input from ...) TODO: check CVE-2024-3261 (The Strong Testimonials WordPress plugin before 3.1.12 does not valida ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33531 (cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsi ...) TODO: check CVE-2024-32958 (Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannid ...) @@ -208,21 +208,21 @@ CVE-2024-32678 (Missing Authorization vulnerability in TrackShip TrackShip for W CVE-2024-32677 (Missing Authorization vulnerability in LoginPress LoginPress Pro.This ...) NOT-FOR-US: WordPress plugin CVE-2024-32675 (Missing Authorization vulnerability in Xfinity Soft Order Limit for Wo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32662 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) TODO: check CVE-2024-32432 (Missing Authorization vulnerability in Ovic Team Ovic Addon Toolkit.Th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32078 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32051 (Insertion of sensitive information into log file issue exists in RoamW ...) - TODO: check + NOT-FOR-US: RoamWiFi CVE-2024-31616 (An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S ro ...) TODO: check CVE-2024-31406 (Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45 ...) - TODO: check + NOT-FOR-US: RoamWiFi CVE-2024-30886 (A stored cross-site scripting (XSS) vulnerability in the remotelink fu ...) - TODO: check + NOT-FOR-US: HadSky CVE-2024-2972 (The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, ...) TODO: check CVE-2024-2404 (The Better Comments WordPress plugin before 1.5.6 does not sanitise an ...) @@ -230,15 +230,15 @@ CVE-2024-2404 (The Better Comments WordPress plugin before 1.5.6 does not saniti CVE-2024-2402 (The Better Comments WordPress plugin before 1.5.6 does not sanitise an ...) TODO: check CVE-2024-28977 (Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-28976 (Dell Repository Manager, versions prior to 3.4.5, contains a Path Trav ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-28963 (Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-28825 (Improper restriction of excessive authentication attempts on some auth ...) TODO: check CVE-2024-28613 (SQL Injection vulnerability in PHP Task Management System v.1.0 allows ...) - TODO: check + NOT-FOR-US: PHP Task Management System CVE-2024-27791 (The issue was addressed with improved checks. This issue is fixed in i ...) TODO: check CVE-2024-27537 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa5c0f7c0cdc5f001350031443a630450e27c77b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa5c0f7c0cdc5f001350031443a630450e27c77b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d191669a by Salvatore Bonaccorso at 2024-04-25T09:16:38+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -86,127 +86,127 @@ CVE-2024-3261 (The Strong Testimonials WordPress plugin before 3.1.12 does not v CVE-2024-33531 (cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsi ...) TODO: check CVE-2024-32958 (Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannid ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32956 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32955 (Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32954 (Unrestricted Upload of File with Dangerous Type vulnerability in Tribu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32953 (Insertion of Sensitive Information into Log File vulnerability in News ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32952 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32951 (Missing Authorization vulnerability in BloomPixel Max Addons Pro for B ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32950 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32948 (Missing Authorization vulnerability in Repute Infosystems ARMember.Thi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32947 (Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Se ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32879 (Python Social Auth is a social authentication/registration mechanism. ...) TODO: check CVE-2024-32876 (NewPipe is an Android app for video streaming written in Java. It supp ...) - TODO: check + NOT-FOR-US: NewPipe Android app CVE-2024-32875 (Hugo is a static site generator. Starting in version 0.123.0 and prior ...) TODO: check CVE-2024-32872 (Umbraco workflow provides workflows for the Umbraco content management ...) - TODO: check + NOT-FOR-US: Umbraco CVE-2024-32869 (Hono is a Web application framework that provides support for any Java ...) - TODO: check + NOT-FOR-US: Hono CVE-2024-32866 (Conform, a type-safe form validation library, allows the parsing of ne ...) TODO: check CVE-2024-32836 (Unrestricted Upload of File with Dangerous Type vulnerability in WP La ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32835 (Deserialization of Untrusted Data vulnerability in WebToffee Import Ex ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32834 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32833 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32825 (Insertion of Sensitive Information into Log File vulnerability in Patr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32823 (Authorization Bypass Through User-Controlled Key vulnerability in Feed ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32819 (Server-Side Request Forgery (SSRF) vulnerability in Culqi.This issue a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32817 (Deserialization of Untrusted Data vulnerability in Import and export u ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32816 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32815 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32812 (Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Po ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32808 (Authorization Bypass Through User-Controlled Key vulnerability in Meta ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32806 (Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule Headline ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32803 (Server-Side Request Forgery (SSRF) vulnerability in 2day.Sk, Webikon S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32801 (Improper Neutralization of Input
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 00498fc0 by Salvatore Bonaccorso at 2024-04-17T22:23:12+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,17 +3,17 @@ CVE-2024-3914 (Use after free in V8 in Google Chrome prior to 124.0.6367.60 allo [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3910 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3909 (A vulnerability classified as critical was found in Tenda AC500 2.0.1. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3908 (A vulnerability classified as critical has been found in Tenda AC500 2 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3907 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been ra ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3906 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been de ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3905 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been cl ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3900 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long ...) TODO: check CVE-2024-3825 (Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw ...) @@ -21,133 +21,133 @@ CVE-2024-3825 (Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a CVE-2024-3817 (HashiCorp\u2019s go-getter library is vulnerable to argument injection ...) TODO: check CVE-2024- (The Essential Addons for Elementor plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3323 (Cross Site Scripting in UI Request/Response Validation in TIBCO Ja ...) - TODO: check + NOT-FOR-US: TIBCO JasperReports Server CVE-2024-32550 (Cross-Site Request Forgery (CSRF) vulnerability in BMI Adult & Kid Cal ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32549 (Cross-Site Request Forgery (CSRF) vulnerability in Microkid Related Po ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32547 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32546 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32545 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32544 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32543 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32542 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32540 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32539 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32538 (Cross-Site Request Forgery (CSRF) vulnerability in Joshua Eldridge Eas ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32535 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32534 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32533 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32531 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32530 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32529 (Improper Neutralization of
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5275e308 by Salvatore Bonaccorso at 2024-04-17T10:28:21+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -93,7 +93,7 @@ CVE-2024-32023 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_s CVE-2024-32022 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is ...) TODO: check CVE-2024-31887 (IBM Security Verify Privilege 11.6.25 could allow an unauthenticated a ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31760 (An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attac ...) TODO: check CVE-2024-31759 (An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to esc ...) @@ -133,9 +133,9 @@ CVE-2024-25911 (Missing Authorization vulnerability in Skymoon Labs MoveTo.This CVE-2024-22440 (A potential security vulnerability has been identified in HPE Compute ...) TODO: check CVE-2024-22354 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Applicatio ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22329 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Applicatio ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-21676 (This High severity Injection vulnerability was introduced in versions ...) TODO: check CVE-2024-21121 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5275e30827732a7db85de4b85ba92ce78c027604 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5275e30827732a7db85de4b85ba92ce78c027604 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6dfa6504 by Salvatore Bonaccorso at 2024-04-15T10:45:36+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,29 +1,29 @@ CVE-2024-3778 (The file upload functionality of Ai3 QbiBot does not properly restrict ...) - TODO: check + NOT-FOR-US: Ai3 QbiBot CVE-2024-3777 (The password reset feature of Ai3 QbiBot lacks proper access control, ...) - TODO: check + NOT-FOR-US: Ai3 QbiBot CVE-2024-3776 (The parameter used in the login page of Netvision airPASS is not prope ...) - TODO: check + NOT-FOR-US: Netvision airPASS CVE-2024-3775 (aEnrich Technology a+HRD's functionality for downloading files using y ...) - TODO: check + NOT-FOR-US: aEnrich Technology CVE-2024-3774 (aEnrich Technology a+HRD's functionality for front-end retrieval of sy ...) - TODO: check + NOT-FOR-US: aEnrich Technology CVE-2024-3772 (Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 all ...) TODO: check CVE-2024-3771 (A vulnerability was found in PHPGurukul Student Record System 3.20 and ...) - TODO: check + NOT-FOR-US: PHPGurukul Student Record System CVE-2024-3770 (A vulnerability has been found in PHPGurukul Student Record System 3.2 ...) - TODO: check + NOT-FOR-US: PHPGurukul Student Record System CVE-2024-3769 (A vulnerability, which was classified as critical, was found in PHPGur ...) - TODO: check + NOT-FOR-US: PHPGurukul Student Record System CVE-2024-3768 (A vulnerability, which was classified as critical, has been found in P ...) - TODO: check + NOT-FOR-US: PHPGurukul News Portal CVE-2024-3767 (A vulnerability classified as critical was found in PHPGurukul News Po ...) - TODO: check + NOT-FOR-US: PHPGurukul News Portal CVE-2024-3766 (A vulnerability, which was classified as problematic, has been found i ...) TODO: check CVE-2024-3765 (A vulnerability classified as critical was found in Xiongmai AHB7804R- ...) - TODO: check + NOT-FOR-US: Xiongmai CVE-2024-3764 (A vulnerability classified as problematic has been found in Tuya Camer ...) TODO: check CVE-2024-3763 (A vulnerability was found in Emlog Pro 2.2.10. It has been rated as pr ...) @@ -33,85 +33,85 @@ CVE-2024-3762 (A vulnerability was found in Emlog Pro 2.2.10. It has been declar CVE-2024-3701 (The system application (com.transsion.kolun.aiservice) component does ...) TODO: check CVE-2024-3505 (JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to ...) - TODO: check + NOT-FOR-US: JFrog Artifactory Self-Hosted CVE-2024-32489 (TCPDF before 6.7.4 mishandles calls that use HTML syntax.) TODO: check CVE-2024-32488 (In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalati ...) - TODO: check + NOT-FOR-US: Foxit CVE-2024-32454 (Server-Side Request Forgery (SSRF) vulnerability in Wappointment Appoi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32453 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32452 (Cross-Site Request Forgery (CSRF) vulnerability in WP EasyCart.This is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32451 (Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages.T ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32450 (Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team WpT ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32449 (Cross-Site Request Forgery (CSRF) vulnerability in MagniGenie RestroPr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32448 (Cross-Site Request Forgery (CSRF) vulnerability in VideoYield.Com Ads. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32447 (Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Tea ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32446 (Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet Sy ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32445 (Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team We ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32443 (Cross-Site Request Forgery (CSRF) vulnerability in IP2Location Downloa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32442 (Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32441 (Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This ...) -
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4fe38318 by Salvatore Bonaccorso at 2024-04-14T08:54:40+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,23 +1,23 @@ CVE-2024-3739 (A vulnerability classified as critical was found in cym1102 nginxWebUI ...) - TODO: check + NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3738 (A vulnerability classified as critical has been found in cym1102 nginx ...) - TODO: check + NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3737 (A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has be ...) - TODO: check + NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3736 (A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has be ...) - TODO: check + NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3735 (A vulnerability was found in Smart Office up to 20240405. It has been ...) - TODO: check + NOT-FOR-US: Smart Office CVE-2024-3721 (A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 ...) - TODO: check + NOT-FOR-US: TBK DVR-4104 and DVR-4216 CVE-2024-3720 (A vulnerability has been found in Tianwell Fire Intelligent Command Pl ...) - TODO: check + NOT-FOR-US: Tianwell Fire Intelligent Command Platform CVE-2024-3719 (A vulnerability, which was classified as critical, was found in Campco ...) - TODO: check + NOT-FOR-US: Campcodes House Rental Management System CVE-2024-3662 (The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerab ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6494 (The WPC Smart Quick View for WooCommerce plugin for WordPress is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32487 (less through 653 allows OS command execution via a newline character i ...) - less (bug #1068938) NOTE: https://www.openwall.com/lists/oss-security/2024/04/12/5 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fe38318d7fc3cdd64cdb80ac86535537ee9381d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fe38318d7fc3cdd64cdb80ac86535537ee9381d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 05ff1779 by Salvatore Bonaccorso at 2024-04-07T10:22:44+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2024-3417 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3416 (A vulnerability classified as critical was found in SourceCodester Onl ...) - TODO: check + NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3415 (A vulnerability was found in SourceCodester Human Resource Information ...) - TODO: check + NOT-FOR-US: SourceCodester Human Resource Information System CVE-2024-3414 (A vulnerability was found in SourceCodester Human Resource Information ...) - TODO: check + NOT-FOR-US: SourceCodester Human Resource Information System CVE-2024-30415 (Vulnerability of improper permission control in the window management ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-30414 (Command injection vulnerability in the AccountManager module. Impact: ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-30413 (Vulnerability of improper permission control in the window management ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-6877 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3413 (A vulnerability has been found in SourceCodester Human Resource Inform ...) NOT-FOR-US: SourceCodester Human Resource Information System CVE-2024-3378 (A vulnerability has been found in iboss Secure Web Gateway up to 10.1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05ff1779d4965cb06afbe0a8eb7bb4b0c90c94cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05ff1779d4965cb06afbe0a8eb7bb4b0c90c94cf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c5d96ae2 by Salvatore Bonaccorso at 2024-04-02T22:21:47+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,69 +1,69 @@ CVE-2024-3151 (A vulnerability, which was classified as problematic, was found in Bdt ...) - TODO: check + NOT-FOR-US: Bdtask Multi-Store Inventory Management System CVE-2024-31109 (Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Wooc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31105 (Cross-Site Request Forgery (CSRF) vulnerability in Adam Bowen Tax Rate ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30965 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-30946 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-30809 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2024-30808 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2024-30807 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2024-30806 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2024-30621 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName par ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30620 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName pa ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30532 (Server-Side Request Forgery (SSRF) vulnerability in Builderall Team Bu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30531 (Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nel ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30335 (Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Di ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30248 (Piccolo Admin is an admin interface/content management system for Pyth ...) TODO: check CVE-2024-2931 (The WPFront User Role Editor plugin for WordPress is vulnerable to Sen ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2745 (Rapid7's InsightVM maintenance mode login page suffers from a sensitiv ...) - TODO: check + NOT-FOR-US: Rapid7 CVE-2024-2435 (For an attacker with pre-existing access to send a signal to a workflo ...) TODO: check CVE-2024-2389 (In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system c ...) - TODO: check + NOT-FOR-US: Flowmon CVE-2024-29949 (There is a command injection vulnerability in some Hikvision NVRs. Thi ...) - TODO: check + NOT-FOR-US: Hikvision CVE-2024-29948 (There is an out-of-bounds read vulnerability in some Hikvision NVRs. A ...) - TODO: check + NOT-FOR-US: Hikvision CVE-2024-29947 (There is a NULL dereference pointer vulnerability in some Hikvision NV ...) - TODO: check + NOT-FOR-US: Hikvision CVE-2024-29834 (This vulnerability allows authenticated users with produce or consume ...) - TODO: check + NOT-FOR-US: Apache Pulsar CVE-2024-29514 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...) - TODO: check + NOT-FOR-US: Lepton CMS CVE-2024-28287 (A DOM-based open redirection in the returnUrl parameter of INSTINCT UI ...) - TODO: check + NOT-FOR-US: INSTINCT UI Web Client CVE-2024-24888 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenbe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-22780 (Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows a r ...) - TODO: check + NOT-FOR-US: CA17 TeamsACS CVE-2024-22248 (VMware SD-WAN Orchestrator contains an open redirect vulnerability. A ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-22247 (VMware SD-WAN Edge contains a missing authentication and protection me ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-22246 (VMware SD-WAN Edge contains an unauthenticated command injection vulne ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-1946 (The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1807 (The Product Sort and Display for WooCommerce plugin for WordPress is v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1732 (The
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cab3ce90 by Salvatore Bonaccorso at 2024-03-31T13:29:41+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,13 @@ CVE-2024-3118 (A vulnerability, which was classified as critical, has been found in D ...) - TODO: check + NOT-FOR-US: Dreamer CMS CVE-2024-3117 (A vulnerability classified as critical was found in YouDianCMS up to 9 ...) - TODO: check + NOT-FOR-US: YouDianCMS CVE-2023-46808 (An file upload vulnerability in Ivanti ITSM before 2023.4, allows an a ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-41724 (A command injection vulnerability in Ivanti Sentry prior to 9.19.0 all ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2015-10131 (A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3091 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3090 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) @@ -49,7 +49,7 @@ CVE-2024-2086 (The Integrate Google Drive \u2013 Browse, Upload, Download, Embed CVE-2024-2047 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-29278 (funboot v1.1 is vulnerable to Cross Site Scripting (XSS) via the title ...) - TODO: check + NOT-FOR-US: funboot CVE-2024-28288 (Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when re ...) NOT-FOR-US: Ruijie RG-NBR700GW router CVE-2024-1692 (The BoldGrid Easy SEO \u2013 Simple and Effective SEO plugin for WordP ...) @@ -731,7 +731,7 @@ CVE-2024-25923 (Insertion of Sensitive Information into Log File vulnerability i CVE-2024-25599 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25354 (RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to cra ...) - TODO: check + NOT-FOR-US: domain-suffix Nodejs module CVE-2024-23500 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenbe ...) NOT-FOR-US: WordPress plugin CVE-2024-22138 (Insertion of Sensitive Information into Log File vulnerability in Sera ...) @@ -747,13 +747,13 @@ CVE-2024-0673 (The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise CVE-2024-0672 (The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2024-0079 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - TODO: check + NOT-FOR-US: NVIDIA GPU Display Driver CVE-2024-0077 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) - TODO: check + NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2024-0073 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA GPU Display Driver CVE-2024-0071 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA GPU Display Driver CVE-2023-6371 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - gitlab CVE-2023-52628 (In the Linux kernel, the following vulnerability has been resolved: n ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cab3ce90c25ed050bde96741b55ef1124f48721f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cab3ce90c25ed050bde96741b55ef1124f48721f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0586dfef by Salvatore Bonaccorso at 2024-03-26T09:26:44+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,61 +1,61 @@ CVE-2024-2889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2888 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2873 (A vulnerability was found in wolfSSH's server-side state machine befor ...) TODO: check CVE-2024-2732 (The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2427 (A denial-of-service vulnerability exists in the Rockwell Automation Po ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2024-2426 (A denial-of-service vulnerability exists in the Rockwell Automation Po ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2024-2425 (A denial-of-service vulnerability exists in the Rockwell Automation Po ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2024-2303 (The Easy Textillate plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2170 (The VK All in One Expansion Unit plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29442 (An unauthorized access vulnerability has been discovered in ROS2 Humbl ...) TODO: check CVE-2024-29440 (An unauthorized access vulnerability has been discovered in ROS2 Humbl ...) TODO: check CVE-2024-29303 (The delete admin users function of SourceCodester PHP Task Management ...) - TODO: check + NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-29302 (SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Inj ...) - TODO: check + NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-29301 (SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Inj ...) - TODO: check + NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-29199 (Nautobot is a Network Source of Truth and Network Automation Platform. ...) - TODO: check + NOT-FOR-US: Nautobot CVE-2024-29196 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) - TODO: check + NOT-FOR-US: phpMyFAQ CVE-2024-29195 (The azure-c-shared-utility is a C library for AMQP/MQTT communication ...) TODO: check CVE-2024-29189 (PyAnsys Geometry is a Python client library for the Ansys Geometry ser ...) - TODO: check + NOT-FOR-US: Ansys CVE-2024-29179 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) - TODO: check + NOT-FOR-US: phpMyFAQ CVE-2024-29041 (Express.js minimalist web framework for node. Versions of Express.js p ...) TODO: check CVE-2024-28421 (SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to ...) TODO: check CVE-2024-21914 (A vulnerability exists in the affected product that allows a malicious ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2024-1973 (By leveraging the vulnerability, lower-privileged users of Content Man ...) - TODO: check + NOT-FOR-US: Microfocus CVE-2024-1745 (The Testimonial Slider WordPress plugin before 2.3.7 does not properly ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0901 (Remotely executed SEGV and out of bounds read allows malicious packet ...) TODO: check CVE-2024-0866 (The Check & Log Email plugin for WordPress is vulnerable to Unauthenti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7232 (The Backup and Restore WordPress WordPress plugin through 1.45 does n ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51416 (Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple Env\x ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49839 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47430 (Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 al ...) TODO: check CVE-2024-30205 (In Emacs before 29.3, Org mode considers contents of remote files to b ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0586dfef6db5ad6a5eb4aa3b0bb18f04041dfd0b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0586dfef6db5ad6a5eb4aa3b0bb18f04041dfd0b You're receiving
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 171757a9 by Salvatore Bonaccorso at 2024-03-22T09:24:16+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,67 +1,67 @@ CVE-2024-2817 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2816 (A vulnerability classified as problematic was found in Tenda AC15 15.0 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2815 (A vulnerability classified as critical has been found in Tenda AC15 15 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2814 (A vulnerability was found in Tenda AC15 15.03.20_multi. It has been ra ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2813 (A vulnerability was found in Tenda AC15 15.03.20_multi. It has been de ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2812 (A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2811 (A vulnerability was found in Tenda AC15 15.03.20_multi and classified ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2810 (A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_mult ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2809 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2808 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2807 (A vulnerability classified as critical was found in Tenda AC15 15.03.0 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2806 (A vulnerability classified as critical has been found in Tenda AC15 15 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2805 (A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2780 (A vulnerability was found in Campcodes Online Marriage Registration Sy ...) - TODO: check + NOT-FOR-US: Campcodes Online Marriage Registration System CVE-2024-2779 (A vulnerability was found in Campcodes Online Marriage Registration Sy ...) - TODO: check + NOT-FOR-US: Campcodes Online Marriage Registration System CVE-2024-2778 (A vulnerability was found in Campcodes Online Marriage Registration Sy ...) - TODO: check + NOT-FOR-US: Campcodes Online Marriage Registration System CVE-2024-2777 (A vulnerability has been found in Campcodes Online Marriage Registrati ...) - TODO: check + NOT-FOR-US: Campcodes Online Marriage Registration System CVE-2024-2776 (A vulnerability, which was classified as critical, was found in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Online Marriage Registration System CVE-2024-2775 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Campcodes Online Marriage Registration System CVE-2024-2774 (A vulnerability classified as critical was found in Campcodes Online M ...) - TODO: check + NOT-FOR-US: Campcodes Online Marriage Registration System CVE-2024-2773 (A vulnerability classified as problematic has been found in Campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Online Marriage Registration System CVE-2024-2770 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Beauty Parlor Management System CVE-2024-2769 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Beauty Parlor Management System CVE-2024-2768 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Beauty Parlor Management System CVE-2024-2767 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Beauty Parlor Management System CVE-2024-2766 (A vulnerability has been found in Campcodes Complete Online Beauty Par ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Beauty Parlor Management System CVE-2024-2764 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2763 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2500 (The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Sc ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2453 (There is an SQL
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 11611325 by Salvatore Bonaccorso at 2024-03-21T21:27:47+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,53 +1,53 @@ CVE-2024-2742 (Operating system command injection vulnerability in Planet IGS-4215-16 ...) - TODO: check + NOT-FOR-US: Planet IGS-4215-16T2S CVE-2024-2741 (Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T ...) - TODO: check + NOT-FOR-US: Planet IGS-4215-16T2S CVE-2024-2740 (Information exposure vulnerability in Planet IGS-4215-16T2S, affecting ...) - TODO: check + NOT-FOR-US: Planet IGS-4215-16T2S CVE-2024-2580 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2579 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2494 (A flaw was found in the RPC library APIs of libvirt. The RPC server de ...) TODO: check CVE-2024-2465 (Open redirection vulnerability in CDeX applicationallows to redirect u ...) - TODO: check + NOT-FOR-US: CDeX CVE-2024-2464 (This issue occurs during password recovery, where a difference in mess ...) - TODO: check + NOT-FOR-US: CDeX CVE-2024-2463 (Weak password recovery mechanism in CDeX application allows to retriev ...) - TODO: check + NOT-FOR-US: CDeX CVE-2024-29937 (NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and Free ...) TODO: check CVE-2024-29916 (The dormakaba Saflok system before the November 2023 software update a ...) - TODO: check + NOT-FOR-US: dormakaba Saflok system CVE-2024-29880 (In JetBrains TeamCity before 2023.11 users with access to the agent ma ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-29879 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through / ...) - TODO: check + NOT-FOR-US: Sentrifugo CVE-2024-29878 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through / ...) - TODO: check + NOT-FOR-US: Sentrifugo CVE-2024-29877 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through / ...) - TODO: check + NOT-FOR-US: Sentrifugo CVE-2024-29876 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/in ...) - TODO: check + NOT-FOR-US: Sentrifugo CVE-2024-29875 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/ind ...) - TODO: check + NOT-FOR-US: Sentrifugo CVE-2024-29874 (SQL injection vulnerability in Sentrifugo 3.2, through/sentrifugo/inde ...) - TODO: check + NOT-FOR-US: Sentrifugo CVE-2024-29873 (SQL injection vulnerability in Sentrifugo 3.2, through/sentrifugo/inde ...) - TODO: check + NOT-FOR-US: Sentrifugo CVE-2024-29872 (SQL injection vulnerability in Sentrifugo 3.2, through/sentrifugo/inde ...) - TODO: check + NOT-FOR-US: Sentrifugo CVE-2024-29871 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/ind ...) - TODO: check + NOT-FOR-US: Sentrifugo CVE-2024-29870 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/ind ...) - TODO: check + NOT-FOR-US: Sentrifugo CVE-2024-29866 (Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Inco ...) - TODO: check + NOT-FOR-US: Datalust Seq CVE-2024-29732 (A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewe ...) - TODO: check + NOT-FOR-US: SCAN_VISIO eDocument Suite Web Viewer of Abast CVE-2024-29374 (A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3. ...) TODO: check CVE-2024-29244 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discover ...) @@ -57,77 +57,77 @@ CVE-2024-29243 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was di CVE-2024-29180 (Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware ...) TODO: check CVE-2024-29019 (ESPHome is a system to control microcontrollers remotely through Home ...) - TODO: check + NOT-FOR-US: ESPHome CVE-2024-28402 (TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-s ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-27995 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27994 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c3aece1f by Salvatore Bonaccorso at 2024-03-20T09:18:16+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,33 +1,33 @@ CVE-2024-2682 (A vulnerability classified as problematic has been found in Campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2681 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2680 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2679 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2678 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2677 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2676 (A vulnerability, which was classified as critical, was found in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2675 (A vulnerability, which was classified as critical, has been found in C ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2674 (A vulnerability classified as critical was found in Campcodes Online J ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2673 (A vulnerability classified as critical has been found in Campcodes Onl ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2672 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2671 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2670 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2669 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2668 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2649 (A vulnerability has been found in Netentsec NS-ASG Application Securit ...) TODO: check CVE-2024-2648 (A vulnerability, which was classified as problematic, was found in Net ...) @@ -67,7 +67,7 @@ CVE-2024-2129 (The WPBITS Addons For Elementor Page Builder plugin for WordPress CVE-2024-2124 (The Translate WordPress and go Multilingual \u2013 Weglot plugin for W ...) TODO: check CVE-2024-28715 (Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows ...) - TODO: check + NOT-FOR-US: DOraCMS CVE-2024-28584 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...) TODO: check CVE-2024-28583 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) @@ -117,9 +117,9 @@ CVE-2024-28562 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 CVE-2024-28389 (SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before a ...) TODO: check CVE-2024-28283 (There is stack-based buffer overflow vulnerability in pc_change_act fu ...) - TODO: check + NOT-FOR-US: KnowBand spinwheel CVE-2024-28092 (UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a r ...) - TODO: check + NOT-FOR-US: UBEE DDW365 XCNDDW365 CVE-2024-24336 (A multiple Cross-site scripting (XSS) vulnerability in the '/members/m ...) TODO: check CVE-2024-22258 (Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3aece1f9f09478eac5aab649b69913869c08d3f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3aece1f9f09478eac5aab649b69913869c08d3f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c658dd07 by Salvatore Bonaccorso at 2024-03-10T13:45:30+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2024-2353 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Totolink CVE-2024-2352 (A vulnerability, which was classified as critical, has been found in 1 ...) - TODO: check + NOT-FOR-US: 1Panel CVE-2024-2351 (A vulnerability classified as critical was found in CodeAstro Ecommerc ...) - TODO: check + NOT-FOR-US: CodeAstro Ecommerce Site CVE-2024-27698 REJECTED CVE-2024-28757 (libexpat through 2.6.1 allows an XML Entity Expansion attack when ther ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c658dd07f6f6602b5385f284c4ce3bfe9d1398eb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c658dd07f6f6602b5385f284c4ce3bfe9d1398eb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ee373b23 by Salvatore Bonaccorso at 2024-03-06T09:21:58+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-2179 (Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via th ...) - TODO: check + NOT-FOR-US: Concrete CMS CVE-2024-27765 (Directory Traversal vulnerability in Jeewms v.3.7 and before allows a ...) NOT-FOR-US: Jeewms CVE-2024-27764 (An issue in Jeewms v.3.7 and before allows a remote attacker to escala ...) @@ -33,23 +33,23 @@ CVE-2024-24275 (Cross Site Scripting vulnerability in Teamwire Windows desktop c CVE-2024-22889 (Due to incorrect access control in Plone version v6.0.9, remote attack ...) TODO: check CVE-2024-1989 (The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1901 (Denial of service in PAM password rotation during the check-in process ...) - TODO: check + NOT-FOR-US: Devolutions CVE-2024-1900 (Improper session management in the identity provider authentication fl ...) - TODO: check + NOT-FOR-US: Devolutions CVE-2024-1898 (Improper access control in the notification feature in Devolutions Ser ...) - TODO: check + NOT-FOR-US: Devolutions CVE-2024-1771 (The Total theme for WordPress is vulnerable to unauthorized modificati ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-1764 (Improper privilege management in Just-in-time (JIT) elevation module i ...) - TODO: check + NOT-FOR-US: Devolutions CVE-2024-1760 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1356 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-1220 (A stack-based buffer overflow in the built-in web server in Moxa NPort ...) - TODO: check + NOT-FOR-US: Moxa CVE-2023-49977 (A cross-site scripting (XSS) vulnerability in Customer Support System ...) TODO: check CVE-2023-49976 (A cross-site scripting (XSS) vulnerability in Customer Support System ...) @@ -57,21 +57,21 @@ CVE-2023-49976 (A cross-site scripting (XSS) vulnerability in Customer Support S CVE-2023-49974 (A cross-site scripting (XSS) vulnerability in Customer Support System ...) TODO: check CVE-2023-49973 (A cross-site scripting (XSS) vulnerability in Customer Support System ...) - TODO: check + NOT-FOR-US: Customer Support System CVE-2023-49971 (A cross-site scripting (XSS) vulnerability in Customer Support System ...) - TODO: check + NOT-FOR-US: Customer Support System CVE-2023-48644 (An issue was discovered in the Archibus app 4.0.3 for iOS. There is an ...) - TODO: check + NOT-FOR-US: Archibus app for iOS CVE-2023-43318 (TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows at ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2023-38946 (An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_p ...) - TODO: check + NOT-FOR-US: Multilaser RE160 firmware CVE-2023-38945 (Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser R ...) - TODO: check + NOT-FOR-US: Multilaser CVE-2023-38944 (An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser ...) - TODO: check + NOT-FOR-US: Multilaser CVE-2023-33677 (Sourcecodester Lost and Found Information System's Version 1.0 is vuln ...) - TODO: check + NOT-FOR-US: Sourcecodester Lost and Found Information System CVE-2024-2176 - chromium 122.0.6261.111-1 [bullseye] - chromium (see #1061268) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee373b2331ca03a2fceff7384c72edcad152c256 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee373b2331ca03a2fceff7384c72edcad152c256 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8daf80ca by Salvatore Bonaccorso at 2024-03-05T09:29:08+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49,53 +49,53 @@ CVE-2024-1936 (The encrypted subject of an email message could be incorrectly an - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/#CVE-2024-1936 CVE-2024-1782 (The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Refle ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1769 (The JM Twitter Cards plugin for WordPress is vulnerable to Information ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1731 (The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1478 (The Maintenance Mode plugin for WordPress is vulnerable to Sensitive I ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1381 (The Page Builder Sandwich \u2013 Front End WordPress Page Builder Plug ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1319 (The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1316 (The Event Tickets and Registration WordPress plugin before 5.8.1, Even ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1285 (The Page Builder Sandwich \u2013 Front End WordPress Page Builder Plug ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1178 (The SportsPress \u2013 Sports Club & League Manager plugin for WordPre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1095 (The Build & Control Block Patterns \u2013 Boost up Gutenberg Editor pl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1093 (The Change Memory Limit plugin for WordPress is vulnerable to unauthor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1088 (The Password Protected Store for WooCommerce plugin for WordPress is v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0825 (The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0698 (The Easy!Appointments plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52432 (Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril pri ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-49970 (Customer Support System v1 was discovered to contain a SQL injection v ...) - TODO: check + NOT-FOR-US: Customer Support System CVE-2023-49969 (Customer Support System v1 was discovered to contain a SQL injection v ...) - TODO: check + NOT-FOR-US: Customer Support System CVE-2023-49968 (Customer Support System v1 was discovered to contain a SQL injection v ...) - TODO: check + NOT-FOR-US: Customer Support System CVE-2023-49548 (Customer Support System v1 was discovered to contain a SQL injection v ...) - TODO: check + NOT-FOR-US: Customer Support System CVE-2023-49547 (Customer Support System v1 was discovered to contain a SQL injection v ...) - TODO: check + NOT-FOR-US: Customer Support System CVE-2023-49546 (Customer Support System v1 was discovered to contain a SQL injection v ...) - TODO: check + NOT-FOR-US: Customer Support System CVE-2023-42419 (Maintenance Server, inCybellum'sQCOW air-gapped distribution (China Ed ...) - TODO: check + NOT-FOR-US: Cybellum CVE-2023-41829 (An improper export vulnerability was reported in the Motorola Carrier ...) - TODO: check + NOT-FOR-US: Motorola CVE-2023-41827 (An improper export vulnerability was reported in the Motorola OTA upda ...) - TODO: check + NOT-FOR-US: Motorola CVE-2024-2002 - dwarfutils NOTE: https://www.prevanders.net/dwarfbug.html#DW202402-002 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8daf80caaf5f56518ccb31ed60dcafcbb30b9890 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8daf80caaf5f56518ccb31ed60dcafcbb30b9890 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a5ce978 by Salvatore Bonaccorso at 2024-03-05T09:22:06+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,49 +1,49 @@ CVE-2024-2168 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) - TODO: check + NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2024-27718 (SQL Injection vulnerability in Baizhuo Network Smart s200 Management P ...) - TODO: check + NOT-FOR-US: Baizhuo Network Smart s200 Management Platform CVE-2024-26333 (swftools v0.9.2 was discovered to contain a segmentation violation via ...) TODO: check CVE-2024-25731 (The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Androi ...) - TODO: check + NOT-FOR-US: Elink Smart eSmartCam (com.cn.dq.ipc) application CVE-2024-25269 (libheif <= 1.17.6 contains a memory leak in the function JpegEncoder:: ...) TODO: check CVE-2024-25164 (iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows u ...) - TODO: check + NOT-FOR-US: iDURAR CVE-2024-22383 (Missing release of resource after effective lifetime (CWE-772) in the ...) - TODO: check + NOT-FOR-US: Gallagher CVE-2024-22188 (TYPO3 before 13.0.1 allows an authenticated admin user (with system ma ...) TODO: check CVE-2024-21838 (Improper neutralization of special elements in output (CWE-74) used by ...) - TODO: check + NOT-FOR-US: Gallagher CVE-2024-21815 (Insufficiently protected credentials (CWE-522) for third party DVR int ...) - TODO: check + NOT-FOR-US: Gallagher CVE-2024-20841 (Improper Handling of Insufficient Privileges in Samsung Account prior ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20840 (Improper access control in Samsung Voice Recorder prior to versions 21 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20839 (Improper access control in Samsung Voice Recorder prior to versions 21 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20838 (Improper validation vulnerability in Samsung Internet prior to version ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20837 (Improper handling of granting permission for Trusted Web Activities in ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20836 (Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.s ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20835 (Improper access control vulnerability in CustomFrequencyManagerService ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20834 (The sensitive information exposure vulnerability in WlanTest prior to ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20833 (Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20832 (Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Rel ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20831 (Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Re ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20830 (Incorrect default permission in AppLock prior to SMR MAr-2024 Release ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20829 (Missing proper interaction for opening deeplink in Samsung Internet pr ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-1936 (The encrypted subject of an email message could be incorrectly and per ...) TODO: check CVE-2024-1782 (The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Refle ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a5ce9787eb6e0e7fe92e8694c183bc2329575b3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a5ce9787eb6e0e7fe92e8694c183bc2329575b3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f788af44 by Salvatore Bonaccorso at 2024-03-04T21:20:22+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,87 +1,87 @@ CVE-2024-2167 REJECTED CVE-2024-2048 (Vault and Vault Enterprise (\u201cVault\u201d) TLS certificate auth me ...) - TODO: check + NOT-FOR-US: HashiCorp Vault CVE-2024-27889 (Multiple SQL Injection vulnerabilities exist in the reporting applicat ...) - TODO: check + NOT-FOR-US: Arista CVE-2024-27694 (FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CS ...) - TODO: check + NOT-FOR-US: FlyCms CVE-2024-27684 (A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-27680 (Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the " ...) - TODO: check + NOT-FOR-US: Flusity-CMS CVE-2024-27668 (Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custo ...) - TODO: check + NOT-FOR-US: Flusity-CMS CVE-2024-27199 (In JetBrains TeamCity before 2023.11.4 path traversal allowing to perf ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-27198 (In JetBrains TeamCity before 2023.11.4 authentication bypass allowing ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-24901 (Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient lo ...) - TODO: check + NOT-FOR-US: Dell PowerScale OneFS CVE-2024-22463 (Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken ...) - TODO: check + NOT-FOR-US: Dell PowerScale OneFS CVE-2024-22452 (Dell Display and Peripheral Manager for macOS prior to 1.3 contains an ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-1788 REJECTED CVE-2024-0686 REJECTED CVE-2024-0156 (Dell Digital Delivery, versions prior to 5.0.86.0, contain a Buffer Ov ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-0155 (Dell Digital Delivery, versions prior to 5.0.86.0, contain a Use After ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-6241 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm ...) TODO: check CVE-2023-6143 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm ...) TODO: check CVE-2023-6068 (On affected 7130 Series FPGA platforms running MOS and recent versions ...) - TODO: check + NOT-FOR-US: Arista CVE-2023-5451 (Forcepoint NGFW Security Management Center Management Server has SMC ...) - TODO: check + NOT-FOR-US: Forcepoint CVE-2023-43553 (Memory corruption while parsing beacon/probe response frame when AP se ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43552 (Memory corruption while processing MBSSID beacon containing several su ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43550 (Memory corruption while processing a QMI request for allocating memory ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43549 (Memory corruption while processing TPC target power table in FTM TPC.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43548 (Memory corruption while parsing qcp clip with invalid chunk data size.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43547 (Memory corruption while invoking IOCTLs calls in Automotive Multimedia ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43546 (Memory corruption while invoking HGSL IOCTL context create.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43541 (Memory corruption while invoking the SubmitCommands call on Gfx engine ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43540 (Memory corruption while processing the IOCTL FM HCI WRITE request.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43539 (Transient DOS while processing an improperly formatted 802.11az Fine T ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-38362 (IBM CICS TX Advanced 10.1 could disclose sensitive information to a re ...) NOT-FOR-US: IBM CVE-2023-38360 (IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2023-33105 (Transient DOS in WLAN Host and Firmware when large number of open auth ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-33104 (Transient DOS while processing PDU Release command with a parameter PD ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-33103 (Transient DOS while processing CAG info IE received from NW.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-33096 (Transient DOS while processing DL NAS Transport message, as specified ...) -
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3e4cba32 by Salvatore Bonaccorso at 2024-03-02T09:19:41+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2024-27747 (File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allo ...) - TODO: check + NOT-FOR-US: Petrol Pump Mangement Software CVE-2024-27746 (SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 al ...) - TODO: check + NOT-FOR-US: Petrol Pump Mangement Software CVE-2024-27744 (Cross Site Scripting vulnerability in Petrol Pump Mangement Software v ...) - TODO: check + NOT-FOR-US: Petrol Pump Mangement Software CVE-2024-27743 (Cross Site Scripting vulnerability in Petrol Pump Mangement Software v ...) - TODO: check + NOT-FOR-US: Petrol Pump Mangement Software CVE-2024-27101 (SpiceDB is an open source, Google Zanzibar-inspired database for creat ...) TODO: check CVE-2024-25438 (A cross-site scripting (XSS) vulnerability in the Submission module of ...) @@ -29,11 +29,11 @@ CVE-2024-22182 (A remote, unauthenticated attacker may be able to send crafted m CVE-2024-21767 (A remote attacker may be able to bypass access control of Commend WS20 ...) TODO: check CVE-2024-1869 (Certain HP DesignJet print products are potentially vulnerable to info ...) - TODO: check + NOT-FOR-US: HP CVE-2024-1775 (The Nextend Social Login and Register plugin for WordPress is vulnerab ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1592 (The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7244 (Industrial Control Systems Network Protocol Parsers (ICSNPP) - Etherca ...) TODO: check CVE-2023-7243 (Industrial Control Systems Network Protocol Parsers (ICSNPP) - Etherca ...) @@ -41,15 +41,15 @@ CVE-2023-7243 (Industrial Control Systems Network Protocol Parsers (ICSNPP) - Et CVE-2023-7242 (Industrial Control Systems Network Protocol Parsers (ICSNPP) - Etherca ...) TODO: check CVE-2023-49545 (A directory listing vulnerability in Customer Support System v1 allows ...) - TODO: check + NOT-FOR-US: Customer Support System CVE-2023-49544 (A local file inclusion (LFI) in Customer Support System v1 allows atta ...) - TODO: check + NOT-FOR-US: Customer Support System CVE-2023-49543 (Incorrect access control in Book Store Management System v1 allows att ...) - TODO: check + NOT-FOR-US: Book Store Management System CVE-2023-49540 (Book Store Management System v1.0 was discovered to contain a cross-si ...) - TODO: check + NOT-FOR-US: Book Store Management System CVE-2023-49539 (Book Store Management System v1.0 was discovered to contain a cross-si ...) - TODO: check + NOT-FOR-US: Book Store Management System CVE-2021-47081 (In the Linux kernel, the following vulnerability has been resolved: h ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/115726c5d312b462c9d9931ea42becdfa838a076 (5.13-rc3) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e4cba32d6311e2902ef248194e6b981044a1375 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e4cba32d6311e2902ef248194e6b981044a1375 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f67f4612 by Salvatore Bonaccorso at 2024-02-27T10:28:09+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35,21 +35,21 @@ CVE-2024-22544 (An issue was discovered in Linksys Router E1700 version 1.0.04 ( CVE-2024-22543 (An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allo ...) NOT-FOR-US: Linksys CVE-2024-1698 (The NotificationX \u2013 Best FOMO, Social Proof, WooCommerce Sales Po ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1687 (The Thank You Page Customizer for WooCommerce \u2013 Increase Your Sal ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1686 (The Thank You Page Customizer for WooCommerce \u2013 Increase Your Sal ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1323 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0759 (Should an instance of AnythingLLM be hosted on an internal network and ...) TODO: check CVE-2023-7033 (Insufficient Resource Pool vulnerability in Ethernet function of Mitsu ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2023-41506 (An arbitrary file upload vulnerability in the Update/Edit Student's Pr ...) - TODO: check + NOT-FOR-US: Update/Edit Student's Profile Picture function of Student Enrollment In PHP CVE-2023-36237 (Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 all ...) - TODO: check + NOT-FOR-US: Bagisto CVE-2021-46920 (In the Linux kernel, the following vulnerability has been resolved: d ...) TODO: check CVE-2021-46919 (In the Linux kernel, the following vulnerability has been resolved: d ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f67f4612821c9a033f184afd2bd8a2dd76d76885 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f67f4612821c9a033f184afd2bd8a2dd76d76885 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0a7387f9 by Salvatore Bonaccorso at 2024-02-23T10:01:27+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -28,29 +28,29 @@ CVE-2024-26151 (The `mjml` PyPI package, found at the `FelixSchwarz/mjml-python` CVE-2024-26128 (baserCMS is a website development framework. Prior to version 5.0.9, t ...) NOT-FOR-US: baserCMS CVE-2024-25876 (A cross-site scripting (XSS) vulnerability in the Header module of Enh ...) - TODO: check + NOT-FOR-US: Enhavo CMS module CVE-2024-25875 (A cross-site scripting (XSS) vulnerability in the Header module of Enh ...) - TODO: check + NOT-FOR-US: Enhavo CMS module CVE-2024-25874 (A cross-site scripting (XSS) vulnerability in the New/Edit Article mod ...) - TODO: check + NOT-FOR-US: Enhavo CMS module CVE-2024-25873 (Enhavo v0.13.1 was discovered to contain an HTML injection vulnerabili ...) - TODO: check + NOT-FOR-US: Enhavo CMS CVE-2024-25851 (Netis WF2780 v2.1.40144 was discovered to contain a command injection ...) - TODO: check + NOT-FOR-US: Netis WF2780 CVE-2024-25850 (Netis WF2780 v2.1.40144 was discovered to contain a command injection ...) - TODO: check + NOT-FOR-US: Netis WF2780 CVE-2024-25828 (cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/a ...) - TODO: check + NOT-FOR-US: cmseasy CVE-2024-25802 (SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add M ...) - TODO: check + NOT-FOR-US: SKINsoft S-Museum CVE-2024-25756 (A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with fi ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-25753 (Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firm ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-25748 (A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9 v.3.0 wit ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-25746 (Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firm ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-25385 (An issue in flvmeta v.1.2.2 allows a local attacker to cause a denial ...) TODO: check CVE-2024-25369 (A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2 ...) @@ -60,7 +60,7 @@ CVE-2024-25130 (Tuleap is an open source suite to improve management of software CVE-2024-25129 (The CodeQL CLI repo holds binaries for the CodeQL command line interfa ...) TODO: check CVE-2024-25021 (IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileg ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-24817 (Discourse Calendar adds the ability to create a dynamic calendar in th ...) TODO: check CVE-2024-23094 (Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a7387f9408b16906d3a6fe6a64bc3e15319fe08 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a7387f9408b16906d3a6fe6a64bc3e15319fe08 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 73a68a87 by Salvatore Bonaccorso at 2024-02-08T09:53:43+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10,37 +10,37 @@ CVE-2024-24806 (libuv is a multi-platform support library with a focus on asynch NOTE: https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629 (v1.48.0) NOTE: https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70 (v1.48.0) CVE-2024-24350 (File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and be ...) - TODO: check + NOT-FOR-US: Software Publico e-Sic Livre CVE-2024-24216 (Zentao v18.0 to v18.10 was discovered to contain a remote code executi ...) - TODO: check + NOT-FOR-US: Zentao CVE-2024-24202 (An arbitrary file upload vulnerability in /upgrade/control.php of ZenT ...) - TODO: check + NOT-FOR-US: Zentao CVE-2024-24091 (Yealink Meeting Server before v26.0.0.66 was discovered to contain an ...) - TODO: check + NOT-FOR-US: Yealink Meeting Server CVE-2024-24026 (An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 ...) - TODO: check + NOT-FOR-US: Novel-Plus CVE-2024-24025 (An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 ...) - TODO: check + NOT-FOR-US: Novel-Plus CVE-2024-24024 (An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-R ...) - TODO: check + NOT-FOR-US: Novel-Plus CVE-2024-24023 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) - TODO: check + NOT-FOR-US: Novel-Plus CVE-2024-24021 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) - TODO: check + NOT-FOR-US: Novel-Plus CVE-2024-24018 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) - TODO: check + NOT-FOR-US: Novel-Plus CVE-2024-24017 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) - TODO: check + NOT-FOR-US: Novel-Plus CVE-2024-24014 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) - TODO: check + NOT-FOR-US: Novel-Plus CVE-2024-24003 (jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller ...) - TODO: check + NOT-FOR-US: jshERP CVE-2024-23448 (An issue was discovered whereby APM Server could log at ERROR level, a ...) TODO: check CVE-2024-22394 (An improper authentication vulnerability has been identified in SonicW ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2024-0511 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6736 (An issue has been discovered in GitLab EE affecting all versions start ...) TODO: check CVE-2023-5665 (The Payment Forms for Paystack plugin for WordPress is vulnerable to S ...) @@ -92,7 +92,7 @@ CVE-2024-24812 (Frappe is a full-stack web application framework that uses Pytho CVE-2024-24811 (SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnera ...) TODO: check CVE-2024-24771 (Open Forms allows users create and publish smart forms. Versions prior ...) - TODO: check + NOT-FOR-US: Open Forms CVE-2024-24706 (Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp ...) NOT-FOR-US: WordPress plugin CVE-2024-24563 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73a68a8734e4ded651ece763f3cacebf53c7af0e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73a68a8734e4ded651ece763f3cacebf53c7af0e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a566d14 by Salvatore Bonaccorso at 2024-02-07T09:31:52+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,39 +1,39 @@ CVE-2024-25140 (A default installation of RustDesk 1.2.3 on Windows places a WDKTestCe ...) - TODO: check + NOT-FOR-US: RustDesk CVE-2024-24943 (In JetBrains Toolbox App before 2.2 a DoS attack was possible via a ma ...) - TODO: check + NOT-FOR-US: JetBrains Toolbox App CVE-2024-24942 (In JetBrains TeamCity before 2023.11.3 path traversal allowed reading ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-24941 (In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Spac ...) TODO: check CVE-2024-24940 (In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible ...) TODO: check CVE-2024-24939 (In JetBrains Rider before 2023.3.3 logging of environment variables co ...) - TODO: check + NOT-FOR-US: JetBrains Rider CVE-2024-24938 (In JetBrains TeamCity before 2023.11.2 limited directory traversal was ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-24937 (In JetBrains TeamCity before 2023.11.2 stored XSS via agent distributi ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-24936 (In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifa ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-24810 (WiX toolset lets developers create installers for Windows Installer, t ...) - TODO: check + NOT-FOR-US: WiX toolset CVE-2024-24594 (A cross-site scripting (XSS) vulnerability in all versions of the web ...) - TODO: check + NOT-FOR-US: Allegro AI's ClearML platform CVE-2024-24593 (A cross-site request forgery (CSRF) vulnerability in all versions of t ...) - TODO: check + NOT-FOR-US: Allegro AI's ClearML platform CVE-2024-24592 (Lack of authentication in all versions of the fileserver component of ...) - TODO: check + NOT-FOR-US: Allegro AI's ClearML platform CVE-2024-24591 (A path traversal vulnerability in version 1.4.0 or newer of Allegro AI ...) - TODO: check + NOT-FOR-US: Allegro AI's ClearML platform CVE-2024-24590 (Deserialization of untrusted data can occur in version 0.17.0 or newer ...) - TODO: check + NOT-FOR-US: Allegro AI's ClearML platform CVE-2024-24291 (An issue in the component /member/index/login of yzmcms v7.0 allows at ...) - TODO: check + NOT-FOR-US: yzmcms CVE-2024-24255 (A Race Condition discovered in geofence.cpp and mission_feasibility_ch ...) - TODO: check + NOT-FOR-US: PX4 Autopilot CVE-2024-24254 (PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mec ...) - TODO: check + NOT-FOR-US: PX4 Autopilot CVE-2024-24019 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) TODO: check CVE-2024-24015 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) @@ -229,7 +229,7 @@ CVE-2024-24808 (pyLoad is an open-source Download Manager written in pure Python CVE-2024-24807 (Sulu is a highly extensible open-source PHP content management system ...) NOT-FOR-US: Sulu CVE-2024-24595 (Allegro AI\u2019s open-source version of ClearML stores passwords in p ...) - TODO: check + NOT-FOR-US: Allegro AI open-source version of ClearML CVE-2024-24574 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ CVE-2024-24559 (Vyper is a Pythonic Smart Contract Language for the EVM. There is an e ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a566d149ae2b9dfa5c519a0fbc8c1df6a4be648 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a566d149ae2b9dfa5c519a0fbc8c1df6a4be648 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d87eb327 by Salvatore Bonaccorso at 2024-02-04T09:22:35+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2023-50947 (IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnera ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-33851 (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-25159 (A vulnerability was found in mpedraza2020 Intranet del Monterroso up t ...) - TODO: check + NOT-FOR-US: mpedraza2020 Intranet del Monterroso CVE-2015-10129 (A vulnerability was found in planet-freo up to 20150116 and classified ...) - TODO: check + NOT-FOR-US: planet-freo CVE-2024-1215 (A vulnerability was found in SourceCodester CRUD without Page Reload 1 ...) NOT-FOR-US: SourceCodester CRUD without Page Reload CVE-2024-1064 (A host header injection vulnerability in the HTTP handler component of ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d87eb32752363351437439f78efbe0106c2fe46a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d87eb32752363351437439f78efbe0106c2fe46a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 30e7764d by Salvatore Bonaccorso at 2024-02-02T21:44:42+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,101 +1,101 @@ CVE-2024-25006 (XenForo before 2.2.14 allows Directory Traversal (with write access) b ...) - TODO: check + NOT-FOR-US: XenForo CVE-2024-25001 REJECTED CVE-2024-24760 (mailcow is a dockerized email package, with multiple containers linked ...) - TODO: check + NOT-FOR-US: mailcow CVE-2024-24757 (open-irs is an issue response robot that reponds to issues in the inst ...) TODO: check CVE-2024-24560 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) - TODO: check + NOT-FOR-US: Vyper CVE-2024-24470 (Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows ...) - TODO: check + NOT-FOR-US: flusity-CMS CVE-2024-24388 (Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 ...) - TODO: check + NOT-FOR-US: XunRuiCMS CVE-2024-24161 (MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file ...) - TODO: check + NOT-FOR-US: MRCMS CVE-2024-24160 (MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /adm ...) - TODO: check + NOT-FOR-US: MRCMS CVE-2024-24029 (JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data ...) - TODO: check + NOT-FOR-US: JFinalCMS CVE-2024-23895 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) - TODO: check + NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23831 (LedgerSMB is a free web-based double-entry accounting system. When a L ...) TODO: check CVE-2024-23824 (mailcow is a dockerized email package, with multiple containers linked ...) - TODO: check + NOT-FOR-US: mailcow CVE-2024-23635 (AntiSamy is a library for performing fast, configurable cleansing of H ...) TODO: check CVE-2024-22851 (Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows ...) - TODO: check + NOT-FOR-US: LiveConfig CVE-2024-22108 (An issue was discovered in GTB Central Console 15.17.1-30814.NG. The m ...) - TODO: check + NOT-FOR-US: GTB Central Console CVE-2024-22107 (An issue was discovered in GTB Central Console 15.17.1-30814.NG. The m ...) - TODO: check + NOT-FOR-US: GTB Central Console CVE-2024-1201 (Search path or unquoted item vulnerability in HDD Health affecting ver ...) - TODO: check + NOT-FOR-US: HDD Health CVE-2024-1192 (A vulnerability was found in South River WebDrive 18.00.5057. It has b ...) - TODO: check + NOT-FOR-US: South River WebDrive CVE-2024-1191 (A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classi ...) - TODO: check + NOT-FOR-US: Hyper CdCatalog CVE-2024-1190 (A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classifi ...) - TODO: check + NOT-FOR-US: Global Scape CuteFTP CVE-2024-1189 (A vulnerability has been found in AMPPS 2.7 and classified as problema ...) - TODO: check + NOT-FOR-US: AMPPS CVE-2024-1188 (A vulnerability, which was classified as problematic, was found in Riz ...) - TODO: check + NOT-FOR-US: Rizone Soft Notepad3 CVE-2024-1187 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Munsoft Easy Outlook Express Recovery CVE-2024-1186 (A vulnerability classified as problematic was found in Munsoft Easy Ar ...) - TODO: check + NOT-FOR-US: Munsoft Easy Archive Recovery CVE-2024-1185 (A vulnerability classified as problematic has been found in Nsasoft NB ...) - TODO: check + NOT-FOR-US: Nsasoft NBMonitor Network Bandwidth Monitor CVE-2024-1184 (A vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It has be ...) - TODO: check + NOT-FOR-US: Nsasoft Network Sleuth CVE-2024-0963 (The Calculated Fields Form plugin for WordPress is vulnerable to Store ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0844 (The Popup More Popups, Lightboxes, and more popup modules plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0338 (A buffer overflow vulnerability has been found in XAMPP affecting vers ...) TODO: check CVE-2024-0269 (ManageEngine ADAudit Plus versions7270and below are vulnerable to the ...) - TODO: check + NOT-FOR-US: ManageEngine CVE-2024-0253 (ManageEngine ADAudit Plus versions7270and below are vulnerable to the ...) - TODO: check + NOT-FOR-US: ManageEngine CVE-2023-6676 (Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber ...) - TODO:
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f9a95c6d by Salvatore Bonaccorso at 2024-01-29T09:48:16+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,29 +1,29 @@ CVE-2024-24736 (The POP3 service in YahooPOPs (aka YPOPs!) 1.6 allows a remote denial ...) - TODO: check + NOT-FOR-US: POP3 service in YahooPOPs CVE-2024-23782 (Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x seri ...) - TODO: check + NOT-FOR-US: a-blog cms CVE-2024-0996 (A vulnerability classified as critical has been found in Tenda i9 1.0. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0995 (A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0994 (A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been decla ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0993 (A vulnerability was found in Tenda i6 1.0.0.9(3857). It has been class ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0992 (A vulnerability was found in Tenda i6 1.0.0.9(3857) and classified as ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0991 (A vulnerability has been found in Tenda i6 1.0.0.9(3857) and classifie ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0990 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0989 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Sichuan Yougou Technology KuERP CVE-2024-0988 (A vulnerability classified as critical was found in Sichuan Yougou Tec ...) - TODO: check + NOT-FOR-US: Sichuan Yougou Technology KuERP CVE-2024-0987 (A vulnerability classified as critical has been found in Sichuan Yougo ...) - TODO: check + NOT-FOR-US: Sichuan Yougou Technology KuERP CVE-2024-0986 (A vulnerability was found in Issabel PBX 4.0.0. It has been rated as c ...) - TODO: check + NOT-FOR-US: Issabel PBX CVE-2023-52340 [ipv6: remove max_size check inline with ipv4] - linux 6.3.7-1 NOTE: https://git.kernel.org/linus/af6d10345ca76670c1b7c37799f0d5576ccef277 (6.3-rc1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9a95c6dc20e4572ad09103629030c23cc517dd1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9a95c6dc20e4572ad09103629030c23cc517dd1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 753e8c37 by Salvatore Bonaccorso at 2024-01-27T09:38:25+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-23506 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-22862 (Integer overflow vulnerability in FFmpeg before n6.1, allows remote at ...) TODO: check CVE-2024-22861 (Integer overflow vulnerability in FFmpeg before n6.1, allows attackers ...) @@ -7,29 +7,29 @@ CVE-2024-22861 (Integer overflow vulnerability in FFmpeg before n6.1, allows att CVE-2024-22860 (Integer overflow vulnerability in FFmpeg before n6.1, allows remote at ...) TODO: check CVE-2024-22283 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-22147 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0958 (A vulnerability was found in CodeAstro Stock Management System 1.0 and ...) - TODO: check + NOT-FOR-US: CodeAstro Stock Management System CVE-2024-0948 (A vulnerability, which was classified as problematic, has been found i ...) TODO: check CVE-2024-0946 (A vulnerability classified as critical was found in 60IndexPage up to ...) - TODO: check + NOT-FOR-US: 60IndexPage CVE-2024-0945 (A vulnerability classified as critical has been found in 60IndexPage u ...) - TODO: check + NOT-FOR-US: 60IndexPage CVE-2024-0824 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0697 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0667 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact For ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0664 (The Meks Smart Social Widget plugin for WordPress is vulnerable to Sto ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0618 (The Contact Form Plugin \u2013 Fastest Contact Form Builder Plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6497 (The WordPress Simple Shopping Cart plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6482 (Use of encryption key derived from static information in Synaptics Fin ...) TODO: check CVE-2023-6470 @@ -37,11 +37,11 @@ CVE-2023-6470 CVE-2023-52389 (UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow a ...) TODO: check CVE-2023-52187 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-48202 (Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows ...) - TODO: check + NOT-FOR-US: Sunlight CMS CVE-2023-48201 (Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allo ...) - TODO: check + NOT-FOR-US: Sunlight CMS CVE-2024-0444 [GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflow during tile list parsing] - gst-plugins-bad1.0 1.22.9-1 - gst-plugins-bad0.10 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/753e8c37d80f60eb1324426231092ee4f957c559 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/753e8c37d80f60eb1324426231092ee4f957c559 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 36e919e8 by Salvatore Bonaccorso at 2024-01-22T22:44:52+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,65 +1,65 @@ CVE-2024-22895 (DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/modul ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-22233 (In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a us ...) TODO: check CVE-2024-0784 (A vulnerability was found in biantaibao octopus 1.0. It has been class ...) - TODO: check + NOT-FOR-US: biantaibao octopus CVE-2024-0783 (A vulnerability was found in Project Worlds Online Admission System 1. ...) - TODO: check + NOT-FOR-US: Project Worlds Online Admission System CVE-2024-0782 (A vulnerability has been found in CodeAstro Online Railway Reservation ...) - TODO: check + NOT-FOR-US: CodeAstro Online Railway Reservation System CVE-2024-0781 (A vulnerability, which was classified as problematic, was found in Cod ...) - TODO: check + NOT-FOR-US: CodeAstro Internet Banking System CVE-2024-0778 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) - TODO: check + NOT-FOR-US: Uniview CVE-2024-0706 REJECTED CVE-2024-0606 (An attacker could execute unauthorized script on a legitimate site thr ...) - TODO: check + NOT-FOR-US: Focus for iOS CVE-2024-0605 (Using a javascript: URI with a setTimeout race condition, an attacker ...) - TODO: check + NOT-FOR-US: Focus for iOS CVE-2024-0430 (IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Servic ...) - TODO: check + NOT-FOR-US: IObit Malware Fighter CVE-2024-0204 (Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows ...) - TODO: check + NOT-FOR-US: Fortra's GoAnywhere MFT CVE-2023-7194 (The Meris WordPress theme through 1.1.2 does not sanitise and escape s ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2023-7170 (The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7082 (The Import any XML or CSV File to WordPress plugin before 3.7.3 accept ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6626 (The Product Enquiry for WooCommerce WordPress plugin before 3.1 does n ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6625 (The Product Enquiry for WooCommerce WordPress plugin before 3.1 does n ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6456 (The WP Review Slider WordPress plugin before 13.0 does not sanitise an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6447 (The EventPrime WordPress plugin before 3.3.6 lacks authentication and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6384 (The WP User Profile Avatar WordPress plugin before 1.0.1 does not prop ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6290 (The SEOPress WordPress plugin before 7.3 does not sanitise and escape ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-50308 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-48118 (SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 al ...) - TODO: check + NOT-FOR-US: Quest Analytics LLC IQCRM CVE-2023-47747 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1 ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-47746 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-47158 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1 ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-47152 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-45193 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-44395 (Autolab is a course management service that enables instructors to off ...) - TODO: check + NOT-FOR-US: Autolab CVE-2020-36772 (CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file path ...) - TODO: check + NOT-FOR-US: CloudLinux CageFS CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below passes the authentication token as ...) - TODO: check + NOT-FOR-US: CloudLinux CageFS CVE-2023-46838 [xen-netback: don't produce zero-size SKB frags] - linux NOTE: https://xenbits.xen.org/xsa/advisory-448.html @@ -50129,7 +50129,7 @@
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8c7a34ef by Salvatore Bonaccorso at 2024-01-19T22:19:41+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49,101 +49,101 @@ CVE-2024-22211 (FreeRDP is a set of free and open source remote desktop protocol NOTE: https://github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff (3.2.0) NOTE: https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9 (2.11.5) CVE-2024-0732 (A vulnerability was found in PCMan FTP Server 2.0.7 and classified as ...) - TODO: check + NOT-FOR-US: PCMan FTP Server CVE-2024-0731 (A vulnerability has been found in PCMan FTP Server 2.0.7 and classifie ...) - TODO: check + NOT-FOR-US: PCMan FTP Server CVE-2024-0730 (A vulnerability, which was classified as critical, was found in Projec ...) - TODO: check + NOT-FOR-US: Project Worlds Online Time Table Generator CVE-2024-0729 (A vulnerability, which was classified as critical, has been found in F ...) - TODO: check + NOT-FOR-US: ForU CMS CVE-2024-0728 (A vulnerability classified as problematic was found in ForU CMS up to ...) - TODO: check + NOT-FOR-US: ForU CMS CVE-2024-0726 (A vulnerability was found in Project Worlds Student Project Allocation ...) - TODO: check + NOT-FOR-US: Project Worlds Student Project Allocation System CVE-2024-0725 (A vulnerability was found in ProSSHD 1.2 on Windows. It has been decla ...) - TODO: check + NOT-FOR-US: ProSSHD CVE-2024-0723 (A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been cl ...) - TODO: check + NOT-FOR-US: freeSSHd CVE-2024-0722 (A vulnerability was found in code-projects Social Networking Site 1.0 ...) - TODO: check + NOT-FOR-US: code-projects Social Networking Site CVE-2024-0721 (A vulnerability has been found in Jspxcms 10.2.0 and classified as pro ...) - TODO: check + NOT-FOR-US: Jspxcms CVE-2024-0720 (A vulnerability, which was classified as problematic, was found in Fac ...) - TODO: check + NOT-FOR-US: FactoMineR FactoInvestigate CVE-2024-0718 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: liuwy-dlsdys zhglxt CVE-2024-0717 (A vulnerability classified as critical was found in D-Link DAP-1360, D ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-0716 (A vulnerability classified as problematic has been found in Beijing Ba ...) - TODO: check + NOT-FOR-US: Beijing Baichuo Smart S150 Management Platform CVE-2024-0714 (A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It ...) - TODO: check + NOT-FOR-US: MiczFlor RPi-Jukebox-RFID CVE-2024-0713 (A vulnerability was found in Monitorr 1.7.6m. It has been declared as ...) - TODO: check + NOT-FOR-US: Monitorr CVE-2024-0712 (A vulnerability was found in Beijing Baichuo Smart S150 Management Pla ...) - TODO: check + NOT-FOR-US: Beijing Baichuo Smart S150 Management Platform CVE-2024-0705 (The Stripe Payment Plugin for WooCommerce plugin for WordPress is vuln ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0663 REJECTED CVE-2023-6450 (An incorrect permissions vulnerability was reported in the Lenovo App ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2023-6044 (A privilege escalation vulnerability was reported in Lenovo Vantage th ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2023-6043 (A privilege escalation vulnerability was reported in Lenovo Vantage th ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2023-5081 (An information disclosure vulnerability was reported in the Lenovo Tab ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2023-5080 (A privilege escalation vulnerability was reported in some Lenovo table ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2023-51948 (A Site-wide directory listing vulnerability in /fm in actidata actiNAS ...) - TODO: check + NOT-FOR-US: actidata actiNAS SL 2U-8 RDX CVE-2023-51947 (Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX ...) - TODO: check + NOT-FOR-US: actidata actiNAS SL 2U-8 RDX CVE-2023-51946 (Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSv ...) - TODO: check + NOT-FOR-US: actidata actiNAS-SL-2U-8 CVE-2023-50694 (An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacke ...) - TODO: check + NOT-FOR-US: dom96 HTTPbeast CVE-2023-50693 (An issue in dom96 Jester v.0.6.0 and before allows a remote attacker t ...) - TODO: check + NOT-FOR-US: dom96 Jester CVE-2023-50447 (Pillow through
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e69dfef1 by Salvatore Bonaccorso at 2024-01-18T09:36:41+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6,83 +6,83 @@ CVE-2024-23525 (The Spreadsheet::ParseXLSX package before 0.30 for Perl allows X CVE-2024-22416 (pyLoad is a free and open-source Download Manager written in pure Pyth ...) - pyload (bug #1001980) CVE-2024-22414 (flaskBlog is a simple blog app built with Flask. Improper storage and ...) - TODO: check + NOT-FOR-US: flaskBlog CVE-2024-22410 (Creditcoin is a network that enables cross-blockchain credit transacti ...) TODO: check CVE-2024-0655 (A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified ...) - TODO: check + NOT-FOR-US: Novel-Plus CVE-2024-0654 (A vulnerability, which was classified as problematic, was found in Dee ...) - TODO: check + NOT-FOR-US: DeepFaceLab CVE-2024-0652 (A vulnerability was found in PHPGurukul Company Visitor Management Sys ...) - TODO: check + NOT-FOR-US: PHPGurukul Company Visitor Management System CVE-2024-0651 (A vulnerability was found in PHPGurukul Company Visitor Management Sys ...) - TODO: check + NOT-FOR-US: PHPGurukul Company Visitor Management System CVE-2024-0650 (A vulnerability was found in Project Worlds Visitor Management System ...) - TODO: check + NOT-FOR-US: Project Worlds Visitor Management System CVE-2024-0649 (A vulnerability was found in ZhiHuiYun up to 4.4.13 and classified as ...) - TODO: check + NOT-FOR-US: ZhiHuiYun CVE-2024-0648 (A vulnerability has been found in Yunyou CMS up to 2.2.6 and classifie ...) - TODO: check + NOT-FOR-US: Yunyou CMS CVE-2024-0381 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6970 (The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6958 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6549 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...) - TODO: check + NOT-FOR-US: Citrix CVE-2023-6548 (Improper Control of Generation of Code ('Code Injection') in NetScaler ...) - TODO: check + NOT-FOR-US: Citrix CVE-2023-6340 (SonicWall Capture Client version 3.7.10,NetExtender client version 10. ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2023-6184 (Cross SiteScripting vulnerability in Citrix Session Recording allows a ...) - TODO: check + NOT-FOR-US: Citrix CVE-2023-5914 (Cross-site scripting (XSS)) - TODO: check + NOT-FOR-US: Citrix CVE-2023-48858 (A Cross-site scripting (XSS) vulnerability in login page php code in A ...) - TODO: check + NOT-FOR-US: Armex ABO.CMS CVE-2023-48359 (In autotest driver, there is a possible out of bounds write due to imp ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-48358 (In drm driver, there is a possible out of bounds write due to a missin ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-48357 (In vsp driver, there is a possible out of bounds write due to a missin ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-48356 (In jpg driver, there is a possible out of bounds write due to a missin ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-48355 (In jpg driver, there is a possible out of bounds write due to a missin ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-48354 (In telephone service, there is a possible improper input validation. T ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-48353 (In vsp driver, there is a possible use after free due to a logic error ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-48352 (In phasecheckserver, there is a possible out of bounds write due to a ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-48351 (In video decoder, there is a possible out of bounds write due to a mis ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-48350 (In video decoder, there is a possible out of bounds write due to a mis ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-48349 (In video decoder, there is a possible out of bounds write due to a mis ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-48348 (In video decoder, there is a possible out of bounds write due to impro ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-48347 (In video decoder, there is a possible out of bounds read due to improp ...) - TODO: check + NOT-FOR-US:
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 06d573c7 by Salvatore Bonaccorso at 2024-01-15T10:19:57+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,61 +1,61 @@ CVE-2024-22028 (Insufficient technical documentation issue exists in thermal camera TM ...) - TODO: check + NOT-FOR-US: thermal camera TMC series firmware CVE-2024-0552 (Intumit inc. SmartRobot's web framwork has a remote code execution vul ...) - TODO: check + NOT-FOR-US: SmartRobot's web framwork CVE-2024-0548 (A vulnerability was found in FreeFloat FTP Server 1.0 and classified a ...) - TODO: check + NOT-FOR-US: FreeFloat FTP Server CVE-2024-0547 (A vulnerability has been found in Ability FTP Server 2.34 and classifi ...) - TODO: check + NOT-FOR-US: Ability FTP Server CVE-2024-0546 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: EasyFTP CVE-2024-0545 (A vulnerability classified as problematic was found in CodeCanyon RISE ...) - TODO: check + NOT-FOR-US: CodeCanyon RISE Rise Ultimate Project Manager CVE-2024-0543 (A vulnerability classified as critical has been found in CodeAstro Rea ...) - TODO: check + NOT-FOR-US: CodeAstro Real Estate Management System CVE-2024-0542 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0541 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been decla ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0540 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been class ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0539 (A vulnerability was found in Tenda W9 1.0.0.7(4456) and classified as ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0538 (A vulnerability has been found in Tenda W9 1.0.0.7(4456) and classifie ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0537 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0536 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0535 (A vulnerability classified as critical was found in Tenda PA6 1.0.1.21 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0534 (A vulnerability classified as critical has been found in Tenda A15 15. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0533 (A vulnerability was found in Tenda A15 15.13.07.13. It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0532 (A vulnerability was found in Tenda A15 15.13.07.13. It has been declar ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0531 (A vulnerability was found in Tenda A15 15.13.07.13. It has been classi ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-0530 (A vulnerability was found in CXBSoft Post-Office up to 1.0 and classif ...) - TODO: check + NOT-FOR-US: CXBSoft Post-Office CVE-2024-0529 (A vulnerability has been found in CXBSoft Post-Office up to 1.0 and cl ...) - TODO: check + NOT-FOR-US: CXBSoft Post-Office CVE-2024-0528 (A vulnerability, which was classified as critical, was found in CXBSof ...) - TODO: check + NOT-FOR-US: CXBSoft Post-Office CVE-2024-0527 (A vulnerability, which was classified as critical, has been found in C ...) - TODO: check + NOT-FOR-US: CXBSoft CVE-2024-0526 (A vulnerability classified as critical was found in CXBSoft Url-shorti ...) - TODO: check + NOT-FOR-US: CXBSoft CVE-2024-0525 (A vulnerability classified as critical has been found in CXBSoft Url-s ...) - TODO: check + NOT-FOR-US: CXBSoft CVE-2024-0524 (A vulnerability was found in CXBSoft Url-shorting up to 1.3.1. It has ...) - TODO: check + NOT-FOR-US: CXBSoft CVE-2024-0523 (A vulnerability was found in CmsEasy up to 7.7.7. It has been declared ...) - TODO: check + NOT-FOR-US: CmsEasy CVE-2024-0522 (A vulnerability was found in Allegro RomPager 4.01. It has been classi ...) - TODO: check + NOT-FOR-US: Allegro RomPager CVE-2023-48383 (NetVision InformationairPASS has a path traversal vulnerability w ...) - TODO: check + NOT-FOR-US: NetVision CVE-2020-36770 (pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessar ...) TODO: check CVE-2024-0510 (A vulnerability, which was classified as critical, has been found in H ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06d573c7c607db7c8bb1fbed97e2fd2ca336dcc9 -- View it on GitLab:
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b239a420 by Salvatore Bonaccorso at 2024-01-05T21:36:11+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,89 +1,89 @@ CVE-2024-0247 (A vulnerability classified as critical was found in CodeAstro Online F ...) - TODO: check + NOT-FOR-US: CodeAstro Online Food Ordering System CVE-2024-0246 (A vulnerability classified as problematic has been found in IceWarp 12 ...) - TODO: check + NOT-FOR-US: IceWarp CVE-2023-52151 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52149 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floatin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52148 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52146 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52145 (Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou R ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52143 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52136 (Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52130 (Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffil ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52129 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler tea ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52128 (Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52127 (Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Produc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52126 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52125 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52124 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52123 (Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Test ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52122 (Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52121 (Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. Nitr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52120 (Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms \u2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52119 (Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Eng ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51678 (Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51673 (Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish P ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51668 (Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Imag ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51539 (Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apol ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51538 (Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Tea ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51535 (Cross-Site Request Forgery (CSRF) vulnerability in \u0421leanTalk - An ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-50991 (Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-50027 (SQL Injection vulnerability in Buy Addons baproductzoommagnifier modul ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-47560 (An OS command injection vulnerability has been reported to affect QuMa ...) - TODO: check + NOT-FOR-US: QNAP CVE-2023-47559 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) - TODO: check + NOT-FOR-US:
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: afeaedda by Salvatore Bonaccorso at 2024-01-01T21:18:21+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,25 +1,25 @@ CVE-2024-0181 (A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1. ...) - TODO: check + NOT-FOR-US: RRJ Nueva Ecija Engineer Online Portal CVE-2023-6485 (The Html5 Video Player WordPress plugin before 2.5.19 does not sanitis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6421 (The Download Manager WordPress plugin before 3.2.83 does not protect f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6271 (The Backup Migration WordPress plugin before 1.3.6 stores in-progress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6113 (The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6064 (The PayHere Payment Gateway WordPress plugin before 2.2.12 automatical ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6037 (The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6000 (The Popup Builder WordPress plugin before 4.2.3 does not prevent simpl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5877 (The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorizatio ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-50096 (STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code ...) - TODO: check + NOT-FOR-US: STMicroelectronics STSAFE-A1xx middleware CVE-2023-50094 (reNgine through 2.0.2 allows OS Command Injection if an adversary has ...) - TODO: check + NOT-FOR-US: reNgine CVE-2024-21732 (FlyCms through abbaa5a allows XSS via the permission management featur ...) NOT-FOR-US: FlyCms CVE-2023-7193 (A vulnerability was found in MTab Bookmark up to 1.2.6 and classified ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afeaedda6a4a4d7afceacc3124970f27edc4046e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afeaedda6a4a4d7afceacc3124970f27edc4046e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ba8dc616 by Salvatore Bonaccorso at 2023-12-16T21:22:35+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,17 +1,17 @@ CVE-2023-6890 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-6889 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-6853 (A vulnerability classified as critical was found in kalcaddle KodExplo ...) - TODO: check + NOT-FOR-US: kalcaddle KodExplorer CVE-2023-6852 (A vulnerability classified as critical has been found in kalcaddle Kod ...) - TODO: check + NOT-FOR-US: kalcaddle KodExplorer CVE-2023-6851 (A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It h ...) - TODO: check + NOT-FOR-US: kalcaddle KodExplorer CVE-2023-6850 (A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It h ...) - TODO: check + NOT-FOR-US: kalcaddle KodExplorer CVE-2023-6559 (The MW WP Form plugin for WordPress is vulnerable to arbitrary file de ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6849 (A vulnerability was found in kalcaddle kodbox up to 1.48. It has been ...) NOT-FOR-US: kalcaddle kodbox CVE-2023-6848 (A vulnerability was found in kalcaddle kodbox up to 1.48. It has been ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba8dc6165518c84001f92820071ac1f038d90d2e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba8dc6165518c84001f92820071ac1f038d90d2e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 795e6c1a by Salvatore Bonaccorso at 2023-12-13T09:18:45+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,43 +1,43 @@ CVE-2023-6753 (Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.) - TODO: check + NOT-FOR-US: mlflow CVE-2023-50263 (Nautobot is a Network Source of Truth and Network Automation Platform ...) - TODO: check + NOT-FOR-US: Nautobot CVE-2023-50252 (php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...) TODO: check CVE-2023-50251 (php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...) TODO: check CVE-2023-48791 (An improper neutralization of special elements used in a command ('Com ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2023-48782 (A improper neutralization of special elements used in an os command (' ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2023-48225 (Laf is a cloud development platform. Prior to version 1.0.0-beta.13, t ...) TODO: check CVE-2023-47579 (Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfigur ...) - TODO: check + NOT-FOR-US: Relyum RELY-PCIe CVE-2023-47578 (Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to ...) - TODO: check + NOT-FOR-US: Relyum RELY-PCIe and RELY-REC CVE-2023-47577 (An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 all ...) - TODO: check + NOT-FOR-US: Relyum CVE-2023-47576 (An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 ...) - TODO: check + NOT-FOR-US: Relyum CVE-2023-47575 (An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 ...) - TODO: check + NOT-FOR-US: Relyum CVE-2023-47574 (An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 ...) - TODO: check + NOT-FOR-US: Relyum CVE-2023-47573 (An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorizat ...) - TODO: check + NOT-FOR-US: Relyum CVE-2023-47536 (An improper access control vulnerability [CWE-284] in FortiOS version ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2023-46713 (An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2023-46675 (An issue was discovered by Elastic whereby sensitive information may b ...) TODO: check CVE-2023-45864 (A race condition issue discovered in Samsung Mobile Processor Exynos 9 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-45801 (Improper Authentication vulnerability in Nadatel DVR allows Informatio ...) - TODO: check + NOT-FOR-US: Nadatel CVE-2023-45800 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Hanbiro CVE-2023-45725 (Design document functions which receive a user http request object may ...) TODO: check CVE-2023-45587 (An improper neutralization of input during web page generation ('cross ...) @@ -67,13 +67,13 @@ CVE-2023-5379 (A flaw was found in Undertow. When an AJP request is sent that ex CVE-2023-49921 - elasticsearch CVE-2023-6687 (An issue was discovered by Elastic whereby Elastic Agent would log a r ...) - TODO: check + NOT-FOR-US: Elastic whereby Elastic Agent CVE-2023-50247 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Th ...) TODO: check CVE-2023-49923 (An issue was discovered by Elastic whereby the Documents API of App Se ...) - TODO: check + NOT-FOR-US: Elastic whereby the Documents API of App Search CVE-2023-49922 (An issue was discovered by Elastic whereby Beats and Elastic Agent wou ...) - TODO: check + NOT-FOR-US: Elastic whereby Beats and Elastic Agent CVE-2023-49279 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...) NOT-FOR-US: Umbraco CVE-2023-49278 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/795e6c1a27365042688bed8648b010df94608ac5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/795e6c1a27365042688bed8648b010df94608ac5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c5a966ea by Salvatore Bonaccorso at 2023-12-07T22:27:21+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -127,7 +127,7 @@ CVE-2023-46871 (GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains CVE-2023-46641 (Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery ...) NOT-FOR-US: WordPress plugin CVE-2023-45762 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in M ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-41905 (NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scr ...) NOT-FOR-US: NETSCOUT nGeniusONE CVE-2023-41804 (Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force S ...) @@ -151,13 +151,13 @@ CVE-2023-40300 (NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key.) CVE-2023-39909 (Ericsson Network Manager before 23.2 mishandles Access Control and thu ...) NOT-FOR-US: Ericsson Network Manager CVE-2023-39172 (The affected devices transmit sensitive information unencrypted allowi ...) - TODO: check + NOT-FOR-US: SENEC Home CVE-2023-39171 (SENEC Storage Box V1,V2 and V3 accidentially expose a management UI ac ...) NOT-FOR-US: SENEC Storage Box CVE-2023-39170 REJECTED CVE-2023-39169 (The affected devices use publicly available default credentials with a ...) - TODO: check + NOT-FOR-US: SENEC Home CVE-2023-39168 REJECTED CVE-2023-39167 (InSENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker ca ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5a966ea22899a8f784e22938bf60f3c652fd753 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5a966ea22899a8f784e22938bf60f3c652fd753 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 02479081 by Salvatore Bonaccorso at 2023-12-07T09:57:02+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15,7 +15,7 @@ CVE-2023-5711 (The System Dashboard plugin for WordPress is vulnerable to unauth CVE-2023-5710 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-49225 (A cross-site-scripting vulnerability exists in Ruckus Access Point pro ...) - TODO: check + NOT-FOR-US: Ruckus CVE-2023-48861 (DLL hijacking vulnerability in TTplayer version 7.0.2, allows local at ...) TODO: check CVE-2023-48860 (TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication ...) @@ -55,45 +55,45 @@ CVE-2023-48824 (BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Script CVE-2023-48823 (A Blind SQL injection issue in ajax.php in GaatiTrack Courier Manageme ...) TODO: check CVE-2023-48208 (A Cross Site Scripting vulnerability in Availability Booking Calendar ...) - TODO: check + NOT-FOR-US: Availability Booking Calendar CVE-2023-48207 (Availability Booking Calendar 5.0 allows CSV injection via the unique ...) - TODO: check + NOT-FOR-US: Availability Booking Calendar CVE-2023-48206 (A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Manag ...) - TODO: check + NOT-FOR-US: GaatiTrack CourierManagement System CVE-2023-48205 (Jorani Leave Management System 1.0.2 allows a remote attacker to spoof ...) - TODO: check + NOT-FOR-US: Jorani Leave Management System CVE-2023-48172 (A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software ...) - TODO: check + NOT-FOR-US: Shuttle Booking Software CVE-2023-46916 (Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An att ...) - TODO: check + NOT-FOR-US: Maxima Max Pro Power CVE-2023-46354 (In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-46353 (In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPre ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-46307 (An issue was discovered in server.js in etcd-browser 87ae63d75260. By ...) TODO: check CVE-2023-43304 (An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to s ...) - TODO: check + NOT-FOR-US: PARK DANDAN mini-app on Line CVE-2023-43303 (An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attac ...) - TODO: check + NOT-FOR-US: craftbeer bar canvas mini-app on Line CVE-2023-43302 (An issue in sanTas mini-app on Line v13.6.1 allows attackers to send c ...) - TODO: check + NOT-FOR-US: sanTas mini-app on Line CVE-2023-43301 (An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers ...) - TODO: check + NOT-FOR-US: DARTS SHOP MAXIM mini-app on Line CVE-2023-43300 (An issue in urban_project mini-app on Line v13.6.1 allows attackers to ...) - TODO: check + NOT-FOR-US: urban_project mini-app on Line CVE-2023-43299 (An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to s ...) - TODO: check + NOT-FOR-US: DA BUTCHERS mini-app on Line CVE-2023-43298 (An issue in SCOL Members Card mini-app on Line v13.6.1 allows attacker ...) - TODO: check + NOT-FOR-US: SCOL Members Card mini-app on Line CVE-2023-43103 (An XSS issue was discovered in a web endpoint in Zimbra Collaboration ...) - TODO: check + NOT-FOR-US: Zimbra CVE-2023-43102 (An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. A ...) - TODO: check + NOT-FOR-US: Zimbra CVE-2023-41106 (An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. A ...) - TODO: check + NOT-FOR-US: Zimbra CVE-2023-40238 (A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O w ...) - TODO: check + NOT-FOR-US: Insyde CVE-2023-6560 [io_uring out of boundary memory access in __io_uaddr_map()] - linux [bookworm] - linux (Vulnerable code not present) @@ -40626,7 +40626,7 @@ CVE-2023-28019 (Insufficient validation in Bigfix WebUI API App site version < 1 CVE-2023-28018 RESERVED CVE-2023-28017 (HCL Connections is vulnerable to a cross-site scripting attack where a ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-28016 (Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal S ...) NOT-FOR-US: HCL CVE-2023-28015 (The HCL Domino AppDev Pack IAM service is susceptible to a User Accoun ...) View it on GitLab:
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c5d384a4 by Salvatore Bonaccorso at 2023-12-05T21:37:11+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -45,31 +45,31 @@ CVE-2023-49372 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request CVE-2023-46674 (An issue was identified that allowed the unsafe deserialization of jav ...) TODO: check CVE-2023-45842 (Multiple data integrity vulnerabilities exist in the package hash chec ...) - TODO: check + NOT-FOR-US: Buildroot CVE-2023-45841 (Multiple data integrity vulnerabilities exist in the package hash chec ...) - TODO: check + NOT-FOR-US: Buildroot CVE-2023-45840 (Multiple data integrity vulnerabilities exist in the package hash chec ...) - TODO: check + NOT-FOR-US: Buildroot CVE-2023-45839 (Multiple data integrity vulnerabilities exist in the package hash chec ...) - TODO: check + NOT-FOR-US: Buildroot CVE-2023-45838 (Multiple data integrity vulnerabilities exist in the package hash chec ...) - TODO: check + NOT-FOR-US: Buildroot CVE-2023-45287 (Before Go 1.20, the RSA based TLS key exchanges used the math/big libr ...) TODO: check CVE-2023-45085 (An issue exists in SoftIron HyperCloud where compute nodes may come on ...) - TODO: check + NOT-FOR-US: SoftIron HyperCloud CVE-2023-45084 (An issue exists in SoftIron HyperCloud where drive caddy removal and r ...) - TODO: check + NOT-FOR-US: SoftIron HyperCloud CVE-2023-45083 (An Improper Privilege Management vulnerability exists in HyperCloud th ...) - TODO: check + NOT-FOR-US: SoftIron HyperCloud CVE-2023-44298 (Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, ve ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-44297 (Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, ve ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-43628 (An integer overflow vulnerability exists in the NTRIP Stream Parsing f ...) TODO: check CVE-2023-43608 (A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR func ...) - TODO: check + NOT-FOR-US: Buildroot CVE-2023-41835 (When a Multipart request is performed but some of the fields exceed th ...) TODO: check CVE-2023-49070 (Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPCno longer m ...) @@ -43459,11 +43459,11 @@ CVE-2023-26945 CVE-2023-26944 RESERVED CVE-2023-26943 (Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allo ...) - TODO: check + NOT-FOR-US: Yale Keyless Lock CVE-2023-26942 (Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allo ...) - TODO: check + NOT-FOR-US: Yale IA-210 Alarm CVE-2023-26941 (Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allo ...) - TODO: check + NOT-FOR-US: Yale Conexis L1 CVE-2023-26940 RESERVED CVE-2023-26939 @@ -52070,19 +52070,19 @@ CVE-2023-0433 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to CVE-2023-24053 RESERVED CVE-2023-24052 (An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows att ...) - TODO: check + NOT-FOR-US: Connectize AC21000 G6 CVE-2023-24051 (A client side rate limit issue discovered in Connectize AC21000 G6 641 ...) - TODO: check + NOT-FOR-US: Connectize AC21000 G6 CVE-2023-24050 (Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641. ...) - TODO: check + NOT-FOR-US: Connectize AC21000 G6 CVE-2023-24049 (An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows ...) - TODO: check + NOT-FOR-US: Connectize AC21000 G6 CVE-2023-24048 (Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 ...) - TODO: check + NOT-FOR-US: Connectize AC21000 G6 CVE-2023-24047 (An Insecure Credential Management issue discovered in Connectize AC210 ...) - TODO: check + NOT-FOR-US: Connectize AC21000 G6 CVE-2023-24046 (An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows ...) - TODO: check + NOT-FOR-US: Connectize AC21000 G6 CVE-2023-24045 (In Dataiku DSS 11.2.1, an attacker can download other Dataiku files th ...) NOT-FOR-US: Dataiku CVE-2023-24044 (A Host Header Injection issue on the Login page of Plesk Obsidian thro ...) @@ -56634,7 +56634,7 @@ CVE-2023-22670 (A heap-based buffer overflow exists in the DXF file reading proc CVE-2023-22669 (Parsing of DWG files in Open Design Alliance Drawings SDK before 2023. ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2023-22668 (Memory Corruption in Audio while invoking IOCTLs calls from the user-s ...) - TODO: check + NOT-FOR-US:
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 415c2fba by Salvatore Bonaccorso at 2023-12-05T09:21:51+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,41 +1,41 @@ CVE-2023-6269 (An argument injection vulnerability has been identified in the admini ...) - TODO: check + NOT-FOR-US: Atos CVE-2023-6063 (The WP Fastest Cache WordPress plugin before 1.2.2 does not properly s ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5990 (The Interactive Contact Form and Multi Step Form Builder with Drag & D ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5979 (The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5953 (The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5952 (The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5951 (The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5944 (Delta ElectronicsDOPSoft is vulnerable to a stack-based buffer overflo ...) - TODO: check + NOT-FOR-US: Delta Electronics CVE-2023-5884 (The Word Balloon WordPress plugin before 4.20.3 does not protect some ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5874 (The Popup box WordPress plugin before 3.8.6 does not sanitise and esca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5809 (The Popup box WordPress plugin before 3.8.6 does not sanitise and esca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5808 (Information disclosure in SMU in Hitachi Vantara HNAS 14.8.7825.01 on ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2023-5762 (The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Re ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5210 (The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escap ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5188 (The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is u ...) - TODO: check + NOT-FOR-US: WagoAppRTU CVE-2023-5141 (The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does n ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5137 (The Simply Excerpts WordPress plugin through 1.4 does not sanitize and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5108 (The Easy Newsletter Signups WordPress plugin through 1.0.4 does not pr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5105 (The Frontend File Manager Plugin WordPress plugin before 22.6 has a vu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4460 (The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 d ...) TODO: check CVE-2023-49293 (Vite is a website frontend framework. When Vite's HTML transformation ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/415c2fba2fbf5b7a0bcb54c031e8c80c7806eae8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/415c2fba2fbf5b7a0bcb54c031e8c80c7806eae8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f5b81d59 by Salvatore Bonaccorso at 2023-12-02T09:53:09+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,47 +1,47 @@ CVE-2023-6463 (A vulnerability has been found in SourceCodester User Registration and ...) - TODO: check + NOT-FOR-US: SourceCodester User Registration and Login System CVE-2023-6462 (A vulnerability, which was classified as problematic, was found in Sou ...) - TODO: check + NOT-FOR-US: SourceCodester User Registration and Login System CVE-2023-49914 (InteraXon Muse 2 devices allow remote attackers to cause a denial of s ...) - TODO: check + NOT-FOR-US: InteraXon Muse 2 devices CVE-2023-49281 (Calendarinho is an open source calendaring application to manage large ...) - TODO: check + NOT-FOR-US: Calendarinho CVE-2023-49277 (dpaste is an open source pastebin application written in Python using ...) TODO: check, different from src:dpaste CVE-2023-49276 (Uptime Kuma is an open source self-hosted monitoring tool. In affected ...) - TODO: check + NOT-FOR-US: Uptime Kuma CVE-2023-48887 (A deserialization vulnerability in Jupiter v1.3.1 allows attackers to ...) TODO: check CVE-2023-48886 (A deserialization vulnerability in NettyRpc v1.2 allows attackers to e ...) TODO: check CVE-2023-48801 (In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file su ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2023-48314 (Collabora Online is a collaborative online office suite based on Libre ...) - TODO: check + NOT-FOR-US: Collabora Online CVE-2023-46746 (PostHog provides open-source product analytics, session recording, fea ...) - TODO: check + NOT-FOR-US: PostHog CVE-2023-46174 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-44402 (Electron is an open source framework for writing cross-platform deskto ...) - electron (bug #842420) CVE-2023-44382 (October is a Content Management System (CMS) and web platform to assis ...) - TODO: check + NOT-FOR-US: October CMS CVE-2023-44381 (October is a Content Management System (CMS) and web platform to assis ...) - TODO: check + NOT-FOR-US: October CMS CVE-2023-43021 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-42022 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-42019 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-42009 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-40699 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-39257 (Dell Rugged Control Center, version prior to 4.7, contains an Improper ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-39256 (Dell Rugged Control Center, version prior to 4.7, contains an improper ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-6461 (Cross-site Scripting (XSS) - Reflected in GitHub repository viliusle/m ...) NOT-FOR-US: minipaint CVE-2023-6449 (The Contact Form 7 plugin for WordPress is vulnerable to arbitrary fil ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5b81d5908475880c7597062e346ddf202168338 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5b81d5908475880c7597062e346ddf202168338 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8f904599 by Salvatore Bonaccorso at 2023-11-29T09:21:25+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,27 +1,27 @@ CVE-2023-49092 (RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a ...) TODO: check CVE-2023-48193 (Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows ...) - TODO: check + NOT-FOR-US: JumpServer CVE-2023-47462 (Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and befor ...) - TODO: check + NOT-FOR-US: GL.iNet AX1800 CVE-2023-46944 (An issue in GitKraken GitLens before v.14.0.0 allows an attacker to ex ...) TODO: check CVE-2023-46887 (In Dreamer CMS before 4.0.1, the backend attachment management office ...) - TODO: check + NOT-FOR-US: Dreamer CMS CVE-2023-46886 (Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. ...) - TODO: check + NOT-FOR-US: Dreamer CMS CVE-2023-45484 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-45483 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-45482 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-45481 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-45480 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-45479 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-6351 - chromium [buster] - chromium (see DSA 5046) @@ -59,7 +59,7 @@ CVE-2023-49078 (raptor-web is a CMS for game server communities that can be used CVE-2023-49062 (Katran could disclose non-initialized kernel memory as part of an IP h ...) TODO: check CVE-2023-48848 (An arbitrary file read vulnerability in ureport v2.2.9 allows a remote ...) - TODO: check + NOT-FOR-US: ureport CVE-2023-48121 (An authentication bypass vulnerability in the Direct Connection Module ...) NOT-FOR-US: Direct Connection Module in Ezviz CVE-2023-48042 (Amazzing Filter for Prestashop through 3.2.2 is vulnerable to Cross-Si ...) @@ -277,9 +277,9 @@ CVE-2023-49042 (Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a r CVE-2023-49040 (An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute ...) NOT-FOR-US: Tenda CVE-2023-49029 (Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and ...) - TODO: check + NOT-FOR-US: smpn1smg absis CVE-2023-49028 (Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and ...) - TODO: check + NOT-FOR-US: smpn1smg absis CVE-2023-48369 (Mattermost fails to limit the log size of server logs allowing an atta ...) - mattermost-server (bug #823556) CVE-2023-48268 (Mattermost fails tolimit the amount of data extracted from compressed ...) @@ -35077,17 +35077,17 @@ CVE-2023-29068 (A maliciously crafted file consumed through pskernel.dll file co CVE-2023-29067 (A maliciously crafted X_B file when parsed through Autodesk\xae AutoCA ...) NOT-FOR-US: Autodesk CVE-2023-29066 (The FACSChorus software does not properly assign data access privilege ...) - TODO: check + NOT-FOR-US: FACSChorus CVE-2023-29065 (The FACSChorus software database can be accessed directly with the pri ...) - TODO: check + NOT-FOR-US: FACSChorus CVE-2023-29064 (The FACSChorus software contains sensitive information stored in plain ...) - TODO: check + NOT-FOR-US: FACSChorus CVE-2023-29063 (The FACSChorus workstation does not prevent physical access to its PCI ...) - TODO: check + NOT-FOR-US: FACSChorus CVE-2023-29062 (The Operating System hosting the FACSChorus application is configured ...) - TODO: check + NOT-FOR-US: FACSChorus CVE-2023-29061 (There is no BIOS password on the FACSChorus workstation. A threat acto ...) - TODO: check + NOT-FOR-US: FACSChorus CVE-2023-29060 (The FACSChorus workstation operating system does not restrict what dev ...) NOT-FOR-US: facschorus CVE-2023-1764 (Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5 ...) @@ -50095,7 +50095,7 @@ CVE-2023-24296 CVE-2023-24295 (A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows at ...) NOT-FOR-US: SoftMaker Software GmbH FlexiPDF CVE-2023-24294 (Zumtobel Netlink CCD Onboard v3.74 - Firmware
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 036fa37f by Salvatore Bonaccorso at 2023-11-21T21:40:42+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2023-6235 (An uncontrolled search path element vulnerability has been found in th ...) - TODO: check + NOT-FOR-US: Duet Display for Windows CVE-2023-6213 (Memory safety bugs present in Firefox 119. Some of these bugs showed e ...) - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6213 @@ -59,13 +59,13 @@ CVE-2023-6204 (On some systems\u2014depending on the graphics settings and drive NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6204 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6204 CVE-2023-5776 (The Post Meta Data Manager plugin for WordPress is vulnerable to Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5599 (A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboar ...) - TODO: check + NOT-FOR-US: 3DDashboard in 3DSwymer from Release 3DEXPERIENCE CVE-2023-5598 (Stored Cross-site Scripting (XSS) vulnerabilities\xc2affecting 3DSwym ...) - TODO: check + NOT-FOR-US: 3DSwym in 3DSwymer from Release 3DEXPERIENCE CVE-2023-5055 (Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.) - TODO: check + NOT-FOR-US: zephyr-rtos CVE-2023-49061 (An attacker could have performed HTML template injection via Reader Mo ...) TODO: check CVE-2023-49060 (An attacker could have accessed internal pages or data by ex-filtratin ...) @@ -73,9 +73,9 @@ CVE-2023-49060 (An attacker could have accessed internal pages or data by ex-fil CVE-2023-48226 (OpenReplay is a self-hosted session replay suite. In version 1.14.0, d ...) TODO: check CVE-2023-48124 (Cross Site Scripting in SUP Online Shopping v.1.0 allows a remote atta ...) - TODO: check + NOT-FOR-US: SUP Online Shopping CVE-2023-47643 (SuiteCRM is a Customer Relationship Management (CRM) software applicat ...) - TODO: check + NOT-FOR-US: SuiteCRM CVE-2023-46377 REJECTED CVE-2023-6199 (Book Stack version 23.10.2 allows filtering local files on the server. ...) @@ -35198,7 +35198,7 @@ CVE-2023-28804 (An Improper Verification of Cryptographic Signature vulnerabilit CVE-2023-28803 (An authentication bypass by spoofing of a device with a synthetic IP a ...) NOT-FOR-US: Zscaler Client Connector CVE-2023-28802 (An Improper Validation of Integrity Check Value in Zscaler Client Conn ...) - TODO: check + NOT-FOR-US: Zscaler Client Connector on Windows CVE-2023-28801 (An Improper Verification of Cryptographic Signature in the SAML authen ...) NOT-FOR-US: Zscaler CVE-2023-28800 (When using local accounts for administration, the redirect url paramet ...) @@ -54982,7 +54982,7 @@ CVE-2023-22523 CVE-2023-22522 RESERVED CVE-2023-22521 (This High severity RCE (Remote Code Execution) vulnerability was intro ...) - TODO: check + NOT-FOR-US: Crowd Data Center and Server CVE-2023-22520 RESERVED CVE-2023-22519 @@ -54992,7 +54992,7 @@ CVE-2023-22518 (All versions of Confluence Data Center and Server are affected b CVE-2023-22517 RESERVED CVE-2023-22516 (This High severity RCE (Remote Code Execution) vulnerability was intro ...) - TODO: check + NOT-FOR-US: Bamboo Data Center and Server CVE-2023-22515 (Atlassian has been made aware of an issue reported by a handful of cus ...) NOT-FOR-US: Atlassian CVE-2023-22514 @@ -71901,11 +71901,11 @@ CVE-2023-20276 CVE-2023-20275 RESERVED CVE-2023-20274 (A vulnerability in the installer script of Cisco AppDynamics PHP Agent ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20273 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...) NOT-FOR-US: Cisco CVE-2023-20272 (A vulnerability in the web-based management interface of Cisco Identit ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20271 RESERVED CVE-2023-20270 (A vulnerability in the interaction between the Server Message Block (S ...) @@ -71919,7 +71919,7 @@ CVE-2023-20267 (A vulnerability in the IP geolocation rules of Snort 3 could all CVE-2023-20266 (A vulnerability in Cisco Emergency Responder, Cisco Unified Communicat ...) NOT-FOR-US: Cisco CVE-2023-20265 (A vulnerability in the web-based management interface of a small subse ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20264 (A vulnerability in the implementation of Security Assertion Markup Lan ...) NOT-FOR-US: Cisco CVE-2023-20263 (A vulnerability in the web-based management
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 308392ee by Salvatore Bonaccorso at 2023-11-20T09:19:56+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2023-47175 (Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2 ...) - TODO: check + NOT-FOR-US: LuxCal Web Calendar CVE-2023-46700 (SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (My ...) - TODO: check + NOT-FOR-US: LuxCal Web Calendar CVE-2023-3379 (Wago web-based management of multiple products has a vulnerability whi ...) - TODO: check + NOT-FOR-US: Wago CVE-2023-46302 NOT-FOR-US: Apache Submarine CVE-2023-47685 (Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/308392ee0c3126f7c35dbe3268c6fa5ccae8ac14 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/308392ee0c3126f7c35dbe3268c6fa5ccae8ac14 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dad96aef by Salvatore Bonaccorso at 2023-11-18T21:34:17+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2023-48736 (In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp ...) - TODO: check + NOT-FOR-US: International Color Consortium DemoIccMAX CVE-2023-40363 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-38361 (IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algo ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-6187 (The Paid Memberships Pro plugin for WordPress is vulnerable to arbitra ...) NOT-FOR-US: WordPress plugin CVE-2023-4214 (The AppPresser plugin for WordPress is vulnerable to unauthorized pass ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dad96aef9ae318fd248832ed53f1a71842db5c9f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dad96aef9ae318fd248832ed53f1a71842db5c9f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 485b3a90 by Salvatore Bonaccorso at 2023-11-13T09:29:41+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,65 +1,65 @@ CVE-2023-5747 (Bashis, a Security Researcher at IPVM has found a flaw that allows for ...) TODO: check CVE-2023-5741 (The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scrip ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5037 REJECTED CVE-2023-4775 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47669 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Pro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47652 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47516 (Cross-Site Request Forgery (CSRF) vulnerability in Stark Digital Categ ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47230 (Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47163 (Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence ...) - TODO: check + NOT-FOR-US: Remarshal CVE-2023-46638 (Cross-Site Request Forgery (CSRF) vulnerability in Webcodin WCP OpenWe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46636 (Cross-Site Request Forgery (CSRF) vulnerability in David St\xf6ckl Cus ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46634 (Cross-Site Request Forgery (CSRF) vulnerability in phoeniixx Custom My ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46629 (Cross-Site Request Forgery (CSRF) vulnerability in themelocation Remov ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46625 (Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Autolinks Man ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46620 (Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API tr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46619 (Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialW ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46618 (Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Serge ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46207 (Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Mot ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46201 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Log ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-41239 (Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-38515 (Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-38364 (IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-38363 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-37978 (Server-Side Request Forgery (SSRF) vulnerability in Dimitar Ivanov HTT ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-35041 (Cross-Site Request Forgery (CSRF) vulnerability leading to Local File ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-34384 (Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter F ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-34378 (Cross-Site Request Forgery (CSRF) vulnerability in scriptburn.Com WP H ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-34013 (Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Po ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-33207 (Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Wielog\xf ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32588 (Cross-Site Request Forgery (CSRF) vulnerability in BRANDbrilliance Pos ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32583 (Cross-Site Request Forgery (CSRF) vulnerability in Prashant Walke WP A ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6084 (A vulnerability was found in Tongda OA 2017 up to 11.9 and classified ...) NOT-FOR-US: Tongda OA CVE-2023-47037 (We failed to
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e8b895c by Salvatore Bonaccorso at 2023-11-10T22:42:04+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -43,17 +43,17 @@ CVE-2023-46733 (Symfony is a PHP framework for web and console applications and CVE-2023-46130 (Discourse is an open source platform for community discussion. Prior t ...) NOT-FOR-US: Discourse CVE-2023-45816 (Discourse is an open source platform for community discussion. Prior t ...) - TODO: check + NOT-FOR-US: Discourse CVE-2023-45806 (Discourse is an open source platform for community discussion. Prior t ...) - TODO: check + NOT-FOR-US: Discourse CVE-2023-41285 (A SQL injection vulnerability has been reported to affect QuMagie. If ...) - TODO: check + NOT-FOR-US: QNAP CVE-2023-41284 (A SQL injection vulnerability has been reported to affect QuMagie. If ...) - TODO: check + NOT-FOR-US: QNAP CVE-2023-39295 (An OS command injection vulnerability has been reported to affect QuMa ...) - TODO: check + NOT-FOR-US: QNAP CVE-2023-36027 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-5870 - postgresql-16 16.1-1 - postgresql-15 @@ -333,7 +333,7 @@ CVE-2023-3959 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB CVE-2023-39435 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, ...) NOT-FOR-US: Zavio CVE-2023-37790 (Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an ...) - TODO: check + NOT-FOR-US: Jaspersoft Clarity PPM CVE-2023-37533 (HCL Connections is vulnerable to reflected cross-site scripting (XSS) ...) NOT-FOR-US: HCL CVE-2023-36667 (Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Dire ...) @@ -26418,9 +26418,9 @@ CVE-2023-31080 CVE-2023-31079 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-31078 (Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-31077 (Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Pa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-31076 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Really S ...) NOT-FOR-US: WordPress plugin CVE-2023-31075 @@ -28513,7 +28513,7 @@ CVE-2023-30480 CVE-2023-30479 RESERVED CVE-2023-30478 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newslette ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-30477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essi ...) NOT-FOR-US: WordPress plugin CVE-2023-30476 @@ -31066,7 +31066,7 @@ CVE-2023-29442 (Zoho ManageEngine Applications Manager before 16400 allows proxy CVE-2023-29441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robert H ...) NOT-FOR-US: WordPress plugin CVE-2023-29440 (Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-29439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugi ...) NOT-FOR-US: FooGallery CVE-2023-29438 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric ...) @@ -31090,11 +31090,11 @@ CVE-2023-29430 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CT CVE-2023-29429 RESERVED CVE-2023-29428 (Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb So ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-29427 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Book ...) NOT-FOR-US: WordPress plugin CVE-2023-29426 (Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-29425 RESERVED CVE-2023-29424 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plai ...) @@ -50159,7 +50159,7 @@ CVE-2023-23369 (An OS command injection vulnerability has been reported to affec CVE-2023-23368 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2023-23367 (An OS command injection vulnerability has been reported to affect seve ...) - TODO: check + NOT-FOR-US: QNAP CVE-2023-23366 (A path traversal vulnerability has been reported to affect Music Stati ...) NOT-FOR-US: QNAP CVE-2023-23365 (A path traversal vulnerability has been reported to affect Music Stati ...) View it on GitLab:
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 36343d90 by Salvatore Bonaccorso at 2023-11-10T22:08:42+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,15 +1,15 @@ CVE-2023-6076 (A vulnerability classified as problematic was found in PHPGurukul Rest ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2023-6075 (A vulnerability classified as problematic has been found in PHPGurukul ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2023-6074 (A vulnerability was found in PHPGurukul Restaurant Table Booking Syste ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2023-4949 (An attacker with local access to a system (either through a disk or ex ...) TODO: check CVE-2023-47614 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) - TODO: check + NOT-FOR-US: Telit Cinterion CVE-2023-47611 (A CWE-269: Improper Privilege Management vulnerability exists in Telit ...) - TODO: check + NOT-FOR-US: Telit Cinterion CVE-2023-47164 (Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier all ...) TODO: check CVE-2023-47129 (Statmic is a core Laravel content management system Composer package. ...) @@ -17,11 +17,11 @@ CVE-2023-47129 (Statmic is a core Laravel content management system Composer pac CVE-2023-47128 (Piccolo is an object-relational mapping and query builder which suppor ...) TODO: check CVE-2023-47121 (Discourse is an open source platform for community discussion. Prior t ...) - TODO: check + NOT-FOR-US: Discourse CVE-2023-47120 (Discourse is an open source platform for community discussion. In vers ...) - TODO: check + NOT-FOR-US: Discourse CVE-2023-47119 (Discourse is an open source platform for community discussion. Prior t ...) - TODO: check + NOT-FOR-US: Discourse CVE-2023-47108 (OpenTelemetry-Go Contrib is a collection of third-party packages for O ...) TODO: check CVE-2023-46735 (Symfony is a PHP framework for web and console applications and a set ...) @@ -31,7 +31,7 @@ CVE-2023-46734 (Symfony is a PHP framework for web and console applications and CVE-2023-46733 (Symfony is a PHP framework for web and console applications and a set ...) TODO: check CVE-2023-46130 (Discourse is an open source platform for community discussion. Prior t ...) - TODO: check + NOT-FOR-US: Discourse CVE-2023-45816 (Discourse is an open source platform for community discussion. Prior t ...) TODO: check CVE-2023-45806 (Discourse is an open source platform for community discussion. Prior t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36343d90797aad0fe94cd184ed922577dded36cb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36343d90797aad0fe94cd184ed922577dded36cb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 592d92ef by Salvatore Bonaccorso at 2023-11-10T09:19:17+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,63 +1,63 @@ CVE-2023-6073 (Attacker can perform a Denial of Service attack to crash the ICAS 3 IV ...) - TODO: check + NOT-FOR-US: Volkswagen CVE-2023-6069 (Improper Input Validation in GitHub repository froxlor/froxlor prior t ...) - froxlor (bug #581792) CVE-2023-5954 (HashiCorp Vault and Vault Enterprise inbound client requests triggerin ...) - TODO: check + NOT-FOR-US: HashiCorp Vault CVE-2023-4379 (An issue has been discovered in GitLab EE affecting all versions start ...) TODO: check CVE-2023-47800 (Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default pass ...) - TODO: check + NOT-FOR-US: Natus NeuroWorks and SleepWorks CVE-2023-47246 (In SysAid On-Premise before 23.3.36, a path traversal vulnerability le ...) - TODO: check + NOT-FOR-US: SysAid CVE-2023-46729 (sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized ...) TODO: check CVE-2023-45167 (IBM AIX's 7.3 Python implementation could allow a non-privileged local ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-39796 (SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 ...) - TODO: check + NOT-FOR-US: WBCE CMS CVE-2023-36024 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36014 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-34031 (Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-34025 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Hide Login ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-34024 (Cross-Site Request Forgery (CSRF) vulnerability in Guillemant David WP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32794 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32745 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Automat ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32744 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32739 (Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32602 (Cross-Site Request Forgery (CSRF) vulnerability in LOKALYZE CALL ME NO ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32594 (Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32592 (Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel by Edwa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32587 (Cross-Site Request Forgery (CSRF) vulnerability in WP Reactions, LLC W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32579 (Cross-Site Request Forgery (CSRF) vulnerability in Designs & Code Forg ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32512 (Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPix ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32502 (Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro M ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32501 (Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooki ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32500 (Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - M ...) - TODO: check + NOT-FOR-US: WordPress Theme CVE-2023-32125 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32093 (Cross-Site Request Forgery (CSRF) vulnerability in Criss Swaim TPG Red ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32092 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6054 (A vulnerability, which was classified as critical, was found in Tongda ...) NOT-FOR-US: Tongda OA CVE-2023-6053 (A vulnerability, which was classified as critical, has been found in T ...) @@ -25796,7 +25796,7 @@ CVE-2023-31237 CVE-2023-31236
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7cec16be by Salvatore Bonaccorso at 2023-10-31T09:33:33+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,43 +1,43 @@ CVE-2023-5867 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-5866 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-5865 (Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-5864 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-5863 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-5862 (Missing Authorization in GitHub repository hamza417/inure prior to Bui ...) TODO: check CVE-2023-5861 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) - TODO: check + NOT-FOR-US: microweber CVE-2023-47174 (Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework fo ...) - TODO: check + NOT-FOR-US: Thorn SFTP gateway CVE-2023-46502 (An issue in OpenCRX v.5.2.2 allows a remote attacker to execute arbitr ...) - TODO: check + NOT-FOR-US: OpenCRX CVE-2023-46478 (An issue in minCal v.1.0.0 allows a remote attacker to execute arbitra ...) - TODO: check + NOT-FOR-US: minCal CVE-2023-46451 (Best Courier Management System v1.0 is vulnerable to Cross Site Script ...) - TODO: check + NOT-FOR-US: Best Courier Management System CVE-2023-46361 (Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulne ...) TODO: check CVE-2023-46356 (In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-46210 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebC ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46139 (KernelSU is a Kernel based root solution for Android. Starting in vers ...) - TODO: check + NOT-FOR-US: KernelSU (Kernel based root solution for Android) CVE-2023-46138 (JumpServer is an open source bastion host and maintenance security aud ...) - TODO: check + NOT-FOR-US: JumpServer CVE-2023-46040 (Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a r ...) - TODO: check + NOT-FOR-US: GetSimpleCMS CVE-2023-45996 (SQL injection vulnerability in Senayan Library Management Systems Slim ...) - TODO: check + NOT-FOR-US: Senayan Library Management Systems CVE-2023-45956 (An issue discovered in Govee LED Strip v3.00.42 allows attackers to ca ...) - TODO: check + NOT-FOR-US: Govee LED Strip CVE-2023-45899 (An issue in the component SuperUserSetuserModuleFrontController:init() ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-45804 REJECTED CVE-2023-45672 (Frigate is an open source network video recorder. Prior to version 0.1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cec16be763815b169ec985c7c7f3c324d89b8fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cec16be763815b169ec985c7c7f3c324d89b8fc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0a04fe5c by Salvatore Bonaccorso at 2023-10-29T09:35:22+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,13 @@ CVE-2023-5840 (Weak Password Recovery Mechanism for Forgotten Password in GitHub repo ...) TODO: check CVE-2023-5839 (Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8 ...) - TODO: check + NOT-FOR-US: Hestia Control Panel CVE-2023-5838 (Insufficient Session Expiration in GitHub repository linkstackorg/link ...) TODO: check CVE-2023-5837 (A vulnerability classified as problematic was found in AlexanderLivano ...) - TODO: check + NOT-FOR-US: AlexanderLivanov FotosCMS2 CVE-2023-5836 (A vulnerability was found in SourceCodester Task Reminder System 1.0. ...) - TODO: check + NOT-FOR-US: SourceCodester Task Reminder System CVE-2023-46862 (An issue was discovered in the Linux kernel through 6.5.9. During a ra ...) - linux [buster] - linux (Vulnerable code not present) @@ -16,7 +16,7 @@ CVE-2023-46862 (An issue was discovered in the Linux kernel through 6.5.9. Durin CVE-2023-46858 (Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflecte ...) TODO: check CVE-2023-46854 (Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxm ...) - TODO: check + NOT-FOR-US: Proxmox proxmox-widget-toolkit CVE-2023-45897 (exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in ...) TODO: check CVE-2023-43041 (IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a d ...) @@ -26,11 +26,11 @@ CVE-2023-40686 (Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navig CVE-2023-40685 (Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator c ...) NOT-FOR-US: IBM CVE-2023-5835 (A vulnerability classified as problematic was found in hu60t hu60wap6. ...) - TODO: check + NOT-FOR-US: hu60t hu60wap6 CVE-2023-5426 (The Post Meta Data Manager plugin for WordPress is vulnerable to unaut ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5425 (The Post Meta Data Manager plugin for WordPress is vulnerable to unaut ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46129 [nkeys: xkeys Seal encryption used fixed key for all encryption] - golang-github-nats-io-nkeys [bookworm] - golang-github-nats-io-nkeys (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a04fe5c9f7ff3607a6e4e96ce2c05382982b96b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a04fe5c9f7ff3607a6e4e96ce2c05382982b96b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d1e6f86 by Salvatore Bonaccorso at 2023-10-28T10:30:56+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,33 +1,33 @@ CVE-2023-5834 (HashiCorp Vagrant's Windows installer targeted a custom location with ...) - TODO: check + NOT-FOR-US: HashiCorp Vagrant's Windows installer CVE-2023-5830 (A vulnerability classified as critical has been found in ColumbiaSoft ...) - TODO: check + NOT-FOR-US: ColumbiaSoft Document Locator CVE-2023-46587 (Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a loca ...) - TODO: check + NOT-FOR-US: XnView CVE-2023-46570 (An out-of-bounds read in radare2 v.5.8.9 and before exists in the prin ...) TODO: check CVE-2023-46569 (An out-of-bounds read in radare2 v.5.8.9 and before exists in the prin ...) TODO: check CVE-2023-46510 (An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 ...) - TODO: check + NOT-FOR-US: ZIONCOM (Hong Kong) Technology Limited A7000R CVE-2023-46509 (An issue in Contec SolarView Compact v.6.0 and before allows an attack ...) - TODO: check + NOT-FOR-US: Contec SolarView Compact CVE-2023-46490 (SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker ...) TODO: check CVE-2023-46468 (An issue in juzawebCMS v.3.4 and before allows a remote attacker to ex ...) - TODO: check + NOT-FOR-US: juzawebCMS CVE-2023-46467 (Cross Site Scripting vulnerability in juzawebCMS v.3.4 and before allo ...) - TODO: check + NOT-FOR-US: juzawebCMS CVE-2023-46215 (Insertion of Sensitive Information into Log File vulnerability in Apac ...) - TODO: check + NOT-FOR-US: Apache Airflow Celery provider CVE-2023-46211 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46209 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46208 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Stylemix ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46200 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Step ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44480 (Leave Management System Project v1.0 is vulnerable to multiple Authent ...) TODO: check CVE-2023-43322 (ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d1e6f864b1f7f4b282cd0ff73c42a57a284bca1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d1e6f864b1f7f4b282cd0ff73c42a57a284bca1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e637a7d by Salvatore Bonaccorso at 2023-10-23T10:20:57+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,41 +1,41 @@ CVE-2023-5702 (A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and ...) - TODO: check + NOT-FOR-US: Viessmann Vitogate 300 CVE-2023-5701 (A vulnerability has been found in vnotex vnote up to 3.17.0 and classi ...) - TODO: check + NOT-FOR-US: vnotex vnote CVE-2023-5700 (A vulnerability, which was classified as critical, was found in Netent ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2023-5699 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: CodeAstro Internet Banking System CVE-2023-5698 (A vulnerability classified as problematic was found in CodeAstro Inter ...) - TODO: check + NOT-FOR-US: CodeAstro Internet Banking System CVE-2023-5697 (A vulnerability classified as problematic has been found in CodeAstro ...) - TODO: check + NOT-FOR-US: CodeAstro Internet Banking System CVE-2023-5696 (A vulnerability was found in CodeAstro Internet Banking System 1.0. It ...) - TODO: check + NOT-FOR-US: CodeAstro Internet Banking System CVE-2023-5695 (A vulnerability was found in CodeAstro Internet Banking System 1.0. It ...) - TODO: check + NOT-FOR-US: CodeAstro Internet Banking System CVE-2023-5694 (A vulnerability was found in CodeAstro Internet Banking System 1.0. It ...) - TODO: check + NOT-FOR-US: CodeAstro Internet Banking System CVE-2023-5693 (A vulnerability was found in CodeAstro Internet Banking System 1.0 and ...) - TODO: check + NOT-FOR-US: CodeAstro Internet Banking System CVE-2023-46324 (pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is u ...) TODO: check CVE-2023-46322 (iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ...) - TODO: check + NOT-FOR-US: iTerm2 CVE-2023-46321 (iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ...) - TODO: check + NOT-FOR-US: iTerm2 CVE-2023-46319 (WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthen ...) - TODO: check + NOT-FOR-US: WALLIX Bastion CVE-2023-46317 (Knot Resolver before 5.7.0 performs many TCP reconnections upon receiv ...) TODO: check CVE-2023-46315 (The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsi ...) TODO: check CVE-2023-46095 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46089 (Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback U ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46085 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate R ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-43624 (CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4 ...) TODO: check CVE-2023-46306 (The web administration interface in NetModule Router Software (NRSW) 4 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e637a7df07ed8390dc3b80d7076e45f8782c55c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e637a7df07ed8390dc3b80d7076e45f8782c55c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 15711ec6 by Salvatore Bonaccorso at 2023-10-04T09:50:14+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20,13 +20,13 @@ CVE-2023-4929 (All firmware versions of the NPort 5000 Series are affected by an CVE-2023-4886 (A sensitive information exposure vulnerability was found in foreman. C ...) - foreman (bug #663101) CVE-2023-4885 (Man in the Middle vulnerability, which could allow an attacker to inte ...) - TODO: check + NOT-FOR-US: Open5GS CVE-2023-4884 (An attacker could send an HTTP request to an Open5GS endpoint and retr ...) - TODO: check + NOT-FOR-US: Open5GS CVE-2023-4883 (Invalid pointer release vulnerability. Exploitation of this vulnerabil ...) - TODO: check + NOT-FOR-US: Open5GS CVE-2023-4882 (DOS vulnerability that could allow an attacker to register a new VNF ( ...) - TODO: check + NOT-FOR-US: Open5GS CVE-2023-4817 (This vulnerability allows an authenticated attacker to upload maliciou ...) TODO: check CVE-2023-4732 (A flaw was found in the Linux Kernel's memory management subsytem. A t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15711ec69ff723f9527bffc4790310a0c58513ce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15711ec69ff723f9527bffc4790310a0c58513ce You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e4d62489 by Salvatore Bonaccorso at 2023-10-03T10:31:18+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,7 @@ CVE-2023-5345 (A use-after-free vulnerability in the Linux kernel's fs/smb/clien CVE-2023-5344 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) TODO: check CVE-2023-5334 (The WP Responsive header image slider plugin for WordPress is vulnerab ...) - TODO: check + NOT-FOR-US: WP Responsive header image slider plugin for WordPress CVE-2023-5290 REJECTED CVE-2023-5160 (Mattermost fails to check the Show Full Name option at the /api/v4/tea ...) @@ -13,53 +13,53 @@ CVE-2023-5106 (An issue has been discovered in Ultimate-licensed GitLab EE affec CVE-2023-4659 (Cross-Site Request Forgery vulnerability, whose exploitation could all ...) TODO: check CVE-2023-44479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jim ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44477 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44474 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MD Jakir ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44463 (An issue was discovered in pretix before 2023.7.1. Incorrect parsing o ...) TODO: check CVE-2023-44266 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44265 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44264 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44263 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Riya ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44262 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Renz ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44245 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Leap Con ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44244 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44242 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44239 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jobi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44230 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44218 (A flaw within the SonicWall NetExtender Pre-Logon feature enables an u ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2023-44217 (A local privilege escalation vulnerability in SonicWall Net Extender M ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2023-44145 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jesw ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44144 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44012 (Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a re ...) - TODO: check + NOT-FOR-US: mojoPortal CVE-2023-44011 (An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute a ...) - TODO: check + NOT-FOR-US: mojoPortal CVE-2023-44009 (File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote atta ...) - TODO: check + NOT-FOR-US: mojoPortal CVE-2023-44008 (File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote atta ...) - TODO: check + NOT-FOR-US: mojoPortal CVE-2023-43980 (Presto Changeo testsitecreator up to v1.1.1 was discovered to contain ...) - TODO: check + NOT-FOR-US: Presto Changeo testsitecreator CVE-2023-43893 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) TODO: check CVE-2023-43892 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) @@ -69,9 +69,9 @@ CVE-2023-43891 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injec CVE-2023-43890 (Netis N3Mv2-V1.0.1.865 was discovered to
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 86feeac3 by Salvatore Bonaccorso at 2023-09-30T10:42:35+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,51 +1,51 @@ CVE-2023-5320 (Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfa ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-5319 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-5318 (Use of Hard-coded Credentials in GitHub repository microweber/microweb ...) - TODO: check + NOT-FOR-US: microweber CVE-2023-5317 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-5316 (Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfa ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-5298 (A vulnerability was found in Tongda OA 2017. It has been rated as crit ...) - TODO: check + NOT-FOR-US: Tongda OA CVE-2023-5297 (A vulnerability was found in Xinhu RockOA 2.3.2. It has been classifie ...) - TODO: check + NOT-FOR-US: Xinhu RockOA CVE-2023-5296 (A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and clas ...) - TODO: check + NOT-FOR-US: Xinhu RockOA CVE-2023-5295 (The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Sit ...) - TODO: check + NOT-FOR-US: Blog Filter plugin for WordPress CVE-2023-5294 (A vulnerability has been found in ECshop 4.1.1 and classified as criti ...) - TODO: check + NOT-FOR-US: ECshop CVE-2023-5293 (A vulnerability, which was classified as critical, was found in ECshop ...) - TODO: check + NOT-FOR-US: ECshop CVE-2023-5227 (Unrestricted Upload of File with Dangerous Type in GitHub repository t ...) - TODO: check + NOT-FOR-US: phpmyfaq CVE-2023-5201 (The OpenHook plugin for WordPress is vulnerable to Remote Code Executi ...) - TODO: check + NOT-FOR-US: OpenHook plugin for WordPress CVE-2023-44270 (An issue was discovered in PostCSS before 8.4.31. It affects linters u ...) TODO: check CVE-2023-43711 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) - TODO: check + NOT-FOR-US: Os Commerce CVE-2023-43710 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) - TODO: check + NOT-FOR-US: Os Commerce CVE-2023-43709 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) - TODO: check + NOT-FOR-US: Os Commerce CVE-2023-43708 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) - TODO: check + NOT-FOR-US: Os Commerce CVE-2023-43707 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) - TODO: check + NOT-FOR-US: Os Commerce CVE-2023-43706 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) - TODO: check + NOT-FOR-US: Os Commerce CVE-2023-43705 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) - TODO: check + NOT-FOR-US: Os Commerce CVE-2023-43704 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) - TODO: check + NOT-FOR-US: Os Commerce CVE-2023-43703 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) - TODO: check + NOT-FOR-US: Os Commerce CVE-2023-43702 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) - TODO: check + NOT-FOR-US: Os Commerce CVE-2023-5289 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) - rdiffweb (bug #969974) CVE-2023-5288 (A remote unauthorized attacker may connect to the SIM1012, interact wi ...) @@ -107,7 +107,7 @@ CVE-2023-5259 (A vulnerability classified as problematic was found in ForU CMS. CVE-2023-5258 (A vulnerability classified as critical has been found in OpenRapid Rap ...) NOT-FOR-US: OpenRapid RapidCMS CVE-2023-5257 (A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It ...) - TODO: check + NOT-FOR-US: WhiteHSBG JNDIExploit CVE-2023-5196 (Mattermost fails to enforce character limits in all possible notificat ...) TODO: check CVE-2023-5195 (Mattermost fails to properly validate the permissions when soft deleti ...) @@ -119,29 +119,29 @@ CVE-2023-5193 (Mattermost fails to properly check permissions when retrieving a CVE-2023-5159 (Mattermost fails to properly verify the permissions when managing/upda ...) TODO: check CVE-2023-43944 (A Stored Cross Site Scripting (XSS) vulnerability was found in SourceC ...) - TODO: check + NOT-FOR-US: SourceCodester
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d6fca962 by Salvatore Bonaccorso at 2023-09-18T11:41:21+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,15 +1,15 @@ CVE-2023-5036 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos ...) TODO: check CVE-2023-5034 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester My Food Recipe CVE-2023-5033 (A vulnerability classified as critical has been found in OpenRapid Rap ...) - TODO: check + NOT-FOR-US: OpenRapid RapidCMS CVE-2023-5032 (A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been rat ...) - TODO: check + NOT-FOR-US: OpenRapid RapidCMS CVE-2023-5031 (A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been dec ...) - TODO: check + NOT-FOR-US: OpenRapid RapidCMS CVE-2023-5030 (A vulnerability has been found in Tongda OA up to 11.10 and classified ...) - TODO: check + NOT-FOR-US: Tongda OA CVE-2023-5029 (A vulnerability, which was classified as critical, was found in mccms ...) TODO: check CVE-2023-43115 (In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead ...) @@ -17,25 +17,25 @@ CVE-2023-43115 (In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL ca CVE-2023-43114 (An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6 ...) TODO: check CVE-2023-42526 (Certain WithSecure products allow a remote crash of a scanning engine ...) - TODO: check + NOT-FOR-US: WithSecure CVE-2023-42525 (Certain WithSecure products allow an infinite loop in a scanning engin ...) - TODO: check + NOT-FOR-US: WithSecure CVE-2023-42524 (Certain WithSecure products allow an infinite loop in a scanning engin ...) - TODO: check + NOT-FOR-US: WithSecure CVE-2023-42523 (Certain WithSecure products allow a remote crash of a scanning engine ...) - TODO: check + NOT-FOR-US: WithSecure CVE-2023-42522 (Certain WithSecure products allow a remote crash of a scanning engine ...) - TODO: check + NOT-FOR-US: WithSecure CVE-2023-42521 (Certain WithSecure products allow a remote crash of a scanning engine ...) - TODO: check + NOT-FOR-US: WithSecure CVE-2023-42520 (Certain WithSecure products allow a remote crash of a scanning engine ...) - TODO: check + NOT-FOR-US: WithSecure CVE-2023-41349 (ASUS router RT-AX88U has a vulnerability of using externally controlla ...) - TODO: check + NOT-FOR-US: ASUS CVE-2023-35851 (SUNNET WMPro portal's FAQ function has insufficient validation for use ...) - TODO: check + NOT-FOR-US: SUNNET WMPro CVE-2023-35850 (SUNNET WMPro portal's file management function has a vulnerability of ...) - TODO: check + NOT-FOR-US: SUNNET WMPro CVE-2023-5028 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: China Unicom TEWA-800G CVE-2023-5027 (A vulnerability classified as critical was found in SourceCodester Sim ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6fca962a913ac11269cfe6275650d4829d140fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6fca962a913ac11269cfe6275650d4829d140fc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3c15654d by Salvatore Bonaccorso at 2023-09-16T10:22:39+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,33 +3,33 @@ CVE-2023-5001 (The Horizontal scrolling announcement for WordPress plugin for Wo CVE-2023-4994 (The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to ...) NOT-FOR-US: Allow PHP in Posts and Pages plugin for WordPress CVE-2023-42442 (JumpServer is an open source bastion host and a professional operation ...) - TODO: check + NOT-FOR-US: JumpServer CVE-2023-42439 (GeoNode is an open source platform that facilitates the creation, shar ...) - TODO: check + NOT-FOR-US: GeoNode CVE-2023-42336 (An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attack ...) - TODO: check + NOT-FOR-US: NETIS SYSTEMS WF2409Ev4 CVE-2023-41901 REJECTED CVE-2023-41900 (Jetty is a Java based web server and servlet engine. Versions 9.4.21 t ...) TODO: check CVE-2023-41626 (Gradio v3.27.0 was discovered to contain an arbitrary file upload vuln ...) - TODO: check + NOT-FOR-US: Gradio CVE-2023-41436 (Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local at ...) - TODO: check + NOT-FOR-US: CSZCMS CVE-2023-41157 (Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin ...) - TODO: check + NOT-FOR-US: Usermin CVE-2023-39777 (A cross-site scripting (XSS) vulnerability in the Admin Control Panel ...) - TODO: check + NOT-FOR-US: vBulletin CVE-2023-39612 (A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23 ...) TODO: check CVE-2023-36735 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36727 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36562 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36160 (An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_S ...) - TODO: check + NOT-FOR-US: Qubo CVE-2023-4991 (A vulnerability was found in NextBX QWAlerter 4.50. It has been rated ...) NOT-FOR-US: NextBX QWAlerter CVE-2023-4988 (A vulnerability, which was classified as problematic, was found in Bet ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c15654d842bab75e869cfe2f86f655e00d21677 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c15654d842bab75e869cfe2f86f655e00d21677 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3037478b by Salvatore Bonaccorso at 2023-09-15T22:24:27+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,69 +1,69 @@ CVE-2023-4991 (A vulnerability was found in NextBX QWAlerter 4.50. It has been rated ...) - TODO: check + NOT-FOR-US: NextBX QWAlerter CVE-2023-4988 (A vulnerability, which was classified as problematic, was found in Bet ...) - TODO: check + NOT-FOR-US: Bettershop LaikeTui CVE-2023-4987 (A vulnerability, which was classified as critical, has been found in i ...) - TODO: check + NOT-FOR-US: infinitietech taskhub CVE-2023-4986 (A vulnerability classified as problematic was found in Supcon InPlant ...) - TODO: check + NOT-FOR-US: Supcon InPlant SCADA CVE-2023-4985 (A vulnerability classified as critical has been found in Supcon InPlan ...) - TODO: check + NOT-FOR-US: Supcon InPlant SCADA CVE-2023-4984 (A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has bee ...) - TODO: check + NOT-FOR-US: didi KnowSearch CVE-2023-4983 (A vulnerability was found in app1pro Shopicial up to 20230830. It has ...) - TODO: check + NOT-FOR-US: app1pro Shopicial CVE-2023-4982 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) - TODO: check + NOT-FOR-US: LibreNMS CVE-2023-4981 (Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenm ...) - TODO: check + NOT-FOR-US: LibreNMS CVE-2023-4980 (Cross-site Scripting (XSS) - Generic in GitHub repository librenms/lib ...) - TODO: check + NOT-FOR-US: LibreNMS CVE-2023-4979 (Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/l ...) - TODO: check + NOT-FOR-US: LibreNMS CVE-2023-4978 (Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenm ...) - TODO: check + NOT-FOR-US: LibreNMS CVE-2023-4977 (Code Injection in GitHub repository librenms/librenms prior to 23.9.0.) - TODO: check + NOT-FOR-US: LibreNMS CVE-2023-4974 (A vulnerability was found in Academy LMS 6.2. It has been rated as cri ...) - TODO: check + NOT-FOR-US: Academy LMS CVE-2023-4973 (A vulnerability was found in Academy LMS 6.2 on Windows. It has been d ...) - TODO: check + NOT-FOR-US: Academy LMS CVE-2023-4963 (The WS Facebook Like Box Widget for WordPress plugin for WordPress is ...) NOT-FOR-US: WS Facebook Like Box Widget for WordPress plugin for WordPress CVE-2023-4959 (A flaw was found in Quay. Cross-site request forgery (CSRF) attacks fo ...) - TODO: check + NOT-FOR-US: Quay CVE-2023-4835 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: CF Software Oil Management Software CVE-2023-4833 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Besttem Network Marketing Software CVE-2023-4831 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Ncode Ncep CVE-2023-4830 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Tura Signalix CVE-2023-4680 (HashiCorp Vault and Vault Enterprise transit secrets engine allowed au ...) - TODO: check + NOT-FOR-US: HashiCorp Vault CVE-2023-4673 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Sanalogy Turasistan CVE-2023-4670 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Innosa Probbys CVE-2023-4665 (Incorrect Execution-Assigned Permissions vulnerability in Saphira Saph ...) - TODO: check + NOT-FOR-US: Saphira Saphira Connect CVE-2023-4664 (Incorrect Default Permissions vulnerability in Saphira Saphira Connect ...) - TODO: check + NOT-FOR-US: Saphira Saphira Connect CVE-2023-4663 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) - TODO: check + NOT-FOR-US: Saphira Saphira Connect CVE-2023-4662 (Execution with Unnecessary Privileges vulnerability in Saphira Saphira ...) - TODO: check + NOT-FOR-US: Saphira Saphira Connect CVE-2023-4661 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Saphira Saphira Connect CVE-2023-4231 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Cevik Informatics Online Payment System CVE-2023-42405 (SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attac ...) -
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ba225a24 by Salvatore Bonaccorso at 2023-09-09T22:20:20+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,15 +11,15 @@ CVE-2023-4874 (Null pointer dereference when viewing a specially crafted email i NOTE: http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20230904/56.html NOTE: https://www.openwall.com/lists/oss-security/2023/09/09/1 CVE-2023-4852 (A vulnerability was found in IBOS OA 4.5.5 and classified as critical. ...) - TODO: check + NOT-FOR-US: IBOS OA CVE-2023-4851 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...) - TODO: check + NOT-FOR-US: IBOS OA CVE-2023-4850 (A vulnerability, which was classified as critical, was found in IBOS O ...) - TODO: check + NOT-FOR-US: IBOS OA CVE-2023-4849 (A vulnerability, which was classified as critical, has been found in I ...) - TODO: check + NOT-FOR-US: IBOS OA CVE-2023-4848 (A vulnerability classified as critical was found in SourceCodester Sim ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Book Catalog App CVE-2023-4847 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Simple Book Catalog App CVE-2023-4846 (A vulnerability was found in SourceCodester Simple Membership System 1 ...) @@ -65,7 +65,7 @@ CVE-2023-39712 (Multiple cross-site scripting (XSS) vulnerabilities in Free and CVE-2023-39676 (SimpleImportProduct Prestashop Module v1.0.0 was discovered to contain ...) NOT-FOR-US: SimpleImportProduct Prestashop Module CVE-2023-39584 (Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file re ...) - TODO: check + NOT-FOR-US: Hexo CVE-2023-39076 (Injecting random data into the USB memory area on a General Motors (GM ...) NOT-FOR-US: General Motors (GM) Chevrolet Equinox CVE-2023-38736 (IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba225a2410e73f0749e5ac9aebcb404b57fa536c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba225a2410e73f0749e5ac9aebcb404b57fa536c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0803eb26 by Salvatore Bonaccorso at 2023-09-04T09:24:13+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,43 +3,43 @@ CVE-2023-4751 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to NOTE: https://github.com/vim/vim/commit/e1121b139480f53d1b06f84f3e4574048108fa0b (v9.0.1331) NOTE: https://huntr.dev/bounties/db7be8d6-6cb7-4ae5-9c4e-805423afa378 CVE-2023-4740 (A vulnerability, which was classified as critical, was found in IBOS O ...) - TODO: check + NOT-FOR-US: IBOS OA CVE-2023-4739 (A vulnerability, which was classified as critical, has been found in B ...) - TODO: check + NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform CVE-2023-3703 (Proscend Advice ICR Series routers FW version 1.76- CWE-1392: Use of D ...) - TODO: check + NOT-FOR-US: Proscend Advice ICR Series routers FW CVE-2023-39374 (ForeScout NAC SecureConnector version 11.2 -CWE-427: Uncontrolled Sear ...) - TODO: check + NOT-FOR-US: ForeScout NAC SecureConnector CVE-2023-39373 (A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-rep ...) - TODO: check + NOT-FOR-US: Hyundai CVE-2023-39372 (StarTrinity Softswitch version 2023-02-16 -Multiple CSRF (CWE-352)) - TODO: check + NOT-FOR-US: StarTrinity Softswitch CVE-2023-39371 (StarTrinity Softswitch version 2023-02-16 -Open Redirect (CWE-601)) - TODO: check + NOT-FOR-US: StarTrinity Softswitch CVE-2023-39370 (StarTrinity Softswitch version 2023-02-16 -Persistent XSS (CWE-79)) - TODO: check + NOT-FOR-US: StarTrinity Softswitch CVE-2023-39369 (StarTrinity Softswitch version 2023-02-16- Multiple Reflected XSS (CWE ...) - TODO: check + NOT-FOR-US: StarTrinity Softswitch CVE-2023-38521 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Exif ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-38518 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Visu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-38517 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Real ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-38516 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-38482 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Qual ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-38476 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Suit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-38387 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Elas ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-37222 (Farsight Tech Nordic AB ProVide version 14.5- Multiple XSS vulnerabili ...) - TODO: check + NOT-FOR-US: Farsight Tech Nordic AB ProVide CVE-2023-37221 (7Twenty BOT - CWE-79: Improper Neutralization of Input During Web Page ...) - TODO: check + NOT-FOR-US: 7Twenty BOT CVE-2023-37220 (Synel Terminals - CWE-494: Download of Code Without Integrity Check) - TODO: check + NOT-FOR-US: Synel Terminals CVE-2023-41180 (Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C ...) NOT-FOR-US: Apache NiFi CVE-2023-4738 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0803eb26bb5accedad8ec181a8213780e1180b50 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0803eb26bb5accedad8ec181a8213780e1180b50 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 53c37299 by Salvatore Bonaccorso at 2023-08-25T22:51:42+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -64,9 +64,9 @@ CVE-2023-40022 (Rizin is a UNIX-like reverse engineering framework and command-l CVE-2023-40017 (GeoNode is an open source platform that facilitates the creation, shar ...) TODO: check CVE-2023-3425 (Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 ...) - TODO: check + NOT-FOR-US: M-Files CVE-2023-3406 (Path Traversal issue in M-Files Classic Web versions below 23.6.12695. ...) - TODO: check + NOT-FOR-US: M-Files CVE-2023-39742 (giflib v5.2.1 was discovered to contain a segmentation fault via the c ...) TODO: check CVE-2023-39707 (A stored cross-site scripting (XSS) vulnerability in Free and Open Sou ...) @@ -80,7 +80,7 @@ CVE-2023-39600 (IceWarp 11.4.6.0 was discovered to contain a cross-site scriptin CVE-2023-39521 (Tuleap is an open source suite to improve management of software devel ...) TODO: check CVE-2023-39519 (Cloud Explorer Lite is an open source cloud management platform. Prior ...) - TODO: check + NOT-FOR-US: Cloud Explorer Lite CVE-2023-38974 (A stored cross-site scripting (XSS) vulnerability in the Edit Category ...) TODO: check CVE-2023-38973 (A stored cross-site scripting (XSS) vulnerability in the Add Tag funct ...) @@ -90,7 +90,7 @@ CVE-2023-38508 (Tuleap is an open source suite to improve management of software CVE-2023-38201 (A flaw was found in the Keylime registrar that could allow a bypass of ...) TODO: check CVE-2023-37469 (CasaOS is an open-source personal cloud system. Prior to version 0.4.4 ...) - TODO: check + NOT-FOR-US: CasaOS CVE-2023-37249 (Infoblox NIOS through 8.5.1 has a faulty component that accepts malici ...) TODO: check CVE-2023-36199 (An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacke ...) @@ -98,41 +98,41 @@ CVE-2023-36199 (An issue in skalenetwork sgxwallet v.1.9.0 and below allows an a CVE-2023-36198 (Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows ...) TODO: check CVE-2023-32797 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32757 (e-Excellence U-Office Force file uploading function does not restrict ...) - TODO: check + NOT-FOR-US: e-Excellence U-Office Force file uploading function CVE-2023-32756 (e-Excellence U-Office Force has a path traversal vulnerability within ...) - TODO: check + NOT-FOR-US: e-Excellence U-Office Force CVE-2023-32755 (e-Excellence U-Office Force generates an error message in webiste serv ...) - TODO: check + NOT-FOR-US: e-Excellence U-Office Force CVE-2023-32678 (Zulip is an open-source team collaboration tool with topic-based threa ...) TODO: check CVE-2023-32603 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao D ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32598 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32596 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolf ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32595 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pala ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32591 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Clou ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32584 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32577 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32576 (Auth. (subscriber+) Stored Cross-Site Scripting') vulnerability in Pla ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32575 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32518 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Ooga ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32079 (Netmaker makes networks with WireGuard. A Mass assignment vulnerabilit ...) - TODO: check + NOT-FOR-US: Netmaker CVE-2023-32078 (Netmaker makes networks with WireGuard. An Insecure Direct Object Refe ...) - TODO: check + NOT-FOR-US: Netmaker CVE-2023-32077 (Netmaker makes networks
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e1ee2248 by Salvatore Bonaccorso at 2023-08-23T10:31:09+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2023-4404 (The Donation Forms by Charitable plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: Donation Forms by Charitable plugin for WordPress CVE-2023-4041 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) TODO: check CVE-2023-41105 (An issue was discovered in Python 3.11 through 3.11.4. If a path conta ...) @@ -11,7 +11,7 @@ CVE-2023-41100 (An issue was discovered in the hcaptcha (aka hCaptcha for EXT:fo CVE-2023-41098 (An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsC ...) TODO: check CVE-2023-40370 (IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vuln ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-40282 (Improper authentication vulnerability in Rakuten WiFi Pocket all versi ...) TODO: check CVE-2023-40158 (Hidden functionality vulnerability in the CBC products allows a remote ...) @@ -29,13 +29,13 @@ CVE-2023-39984 (** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of Operatio CVE-2023-39026 (Directory Traversal vulnerability in FileMage Gateway Windows Deployme ...) TODO: check CVE-2023-38734 (IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 thro ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-38733 (IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 thro ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-38585 (Improper authentication vulnerability in the CBC products allows a rem ...) TODO: check CVE-2023-33850 (IBM GSKit-Crypto could allow a remote attacker to obtain sensitive inf ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-4475 (An Arbitrary File Movement vulnerability was found in ASUSTOR Data Mas ...) NOT-FOR-US: ASUSTOR CVE-2023-4303 (Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error m ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1ee2248f6bf97319ee022ae8ec90a726398206f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1ee2248f6bf97319ee022ae8ec90a726398206f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cb39edc4 by Salvatore Bonaccorso at 2023-08-23T08:06:21+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -55105,7 +55105,7 @@ CVE-2022-44217 CVE-2022-44216 (Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An att ...) NOT-FOR-US: Gnuboard CVE-2022-44215 (There is an open redirect vulnerability in Titan FTP server 19.0 and b ...) - TODO: check + NOT-FOR-US: Titan FTP server CVE-2022-44214 RESERVED CVE-2022-44213 (ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulne ...) @@ -154409,7 +154409,7 @@ CVE-2021-35311 CVE-2021-35310 RESERVED CVE-2021-35309 (An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-201 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2021-35308 RESERVED CVE-2021-35307 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...) @@ -168174,7 +168174,7 @@ CVE-2021-30049 (SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via CVE-2021-30048 (Directory Traversal in the fileDownload function in com/java2nb/common ...) NOT-FOR-US: Novel-plus CVE-2021-30047 (VSFTPD 3.0.3 allows attackers to cause a denial of service due to limi ...) - TODO: check + NOT-FOR-US: VSFTPD CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a segmentation f ...) NOT-FOR-US: VIGRA Computer Vision Library CVE-2021-30045 (SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the ...) @@ -215127,7 +215127,7 @@ CVE-2020-23994 CVE-2020-23993 RESERVED CVE-2020-23992 (Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers ...) - TODO: check + NOT-FOR-US: Nagios XI CVE-2020-23991 RESERVED CVE-2020-23990 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb39edc48cce95cba90876d7c8454a1b2f9bc520 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb39edc48cce95cba90876d7c8454a1b2f9bc520 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fd630e22 by Salvatore Bonaccorso at 2023-08-22T22:49:04+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -69,7 +69,7 @@ CVE-2023-37422 (Vulnerabilities in the web-based management interface of EdgeCon CVE-2023-37421 (Vulnerabilities in the web-based management interface of EdgeConnect S ...) NOT-FOR-US: Aruba CVE-2023-36281 (An issue in langchain v.0.0.171 allows a remote attacker to execute ar ...) - TODO: check + NOT-FOR-US: langchain CVE-2023-34853 (Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b ...) NOT-FOR-US: Supermicro motherboard X12DPG-QR CVE-2022-48571 (memcached 1.6.7 allows a Denial of Service via multi-packet uploads in ...) @@ -29074,11 +29074,11 @@ CVE-2023-25917 CVE-2023-25916 RESERVED CVE-2023-25915 (Due to improper input validation, a remote attacker could execute arbi ...) - TODO: check + NOT-FOR-US: Danfoss AK-SM80A CVE-2023-25914 (Due to improper restriction, attackers could retrieve and read system ...) - TODO: check + NOT-FOR-US: Danfoss AK-SM80A CVE-2023-25913 (Because of an authentication flaw an attacker would be capable of gene ...) - TODO: check + NOT-FOR-US: Danfoss AK-SM80A CVE-2023-25912 (The webreport generation feature in the Danfoss AK-EM100 allows an una ...) NOT-FOR-US: Danfoss AK-EM100 CVE-2023-25911 (The Danfoss AK-EM100 web applications allow for OS command injection t ...) @@ -33593,13 +33593,13 @@ CVE-2023-24519 (Two OS command injection vulnerability exist in the vtysh_ubus t CVE-2023-24518 RESERVED CVE-2023-24517 (Unrestricted Upload of File with Dangerous Type vulnerability in the P ...) - TODO: check + NOT-FOR-US: Pandora FMS File Manager component CVE-2023-24516 (Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Da ...) - TODO: check + NOT-FOR-US: Pandora FMS CVE-2023-24515 (Server-Side Request Forgery (SSRF) vulnerability in API checker of Pan ...) - TODO: check + NOT-FOR-US: Pandora FMS CVE-2023-24514 (Cross-site Scripting (XSS) vulnerability in Visual Console Module of P ...) - TODO: check + NOT-FOR-US: Pandora FMS CVE-2023-23546 (A misconfiguration vulnerability exists in the urvpn_client functional ...) NOT-FOR-US: Milesight UR32L CVE-2023-0507 (Grafana is an open-source platform for monitoring and observability. ...) @@ -36490,11 +36490,11 @@ CVE-2023-23589 (The SafeSocks option in Tor before 0.4.7.13 has a logic error in CVE-2023-23566 (A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker t ...) NOT-FOR-US: Axigen CVE-2023-23565 (An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote ...) - TODO: check + NOT-FOR-US: Geomatika IsiGeo Web CVE-2023-23564 (An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote ...) - TODO: check + NOT-FOR-US: Geomatika IsiGeo Web CVE-2023-23563 (An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote ...) - TODO: check + NOT-FOR-US: Geomatika IsiGeo Web CVE-2023-23562 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access ...) NOT-FOR-US: Stormshield Endpoint Security CVE-2023-23561 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access ...) @@ -49857,7 +49857,7 @@ CVE-2022-45613 (Book Store Management System v1.0 was discovered to contain a cr CVE-2022-45612 RESERVED CVE-2022-45611 (An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows ...) - TODO: check + NOT-FOR-US: Fresenius Kabi PharmaHelp CVE-2022-45610 RESERVED CVE-2022-45609 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd630e22416af4f1fcfbcfa96c61deddfbea688b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd630e22416af4f1fcfbcfa96c61deddfbea688b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 037d0310 by Salvatore Bonaccorso at 2023-08-07T08:38:28+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,17 +3,17 @@ CVE-2023-4196 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit- CVE-2023-4195 (PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prio ...) TODO: check CVE-2023-4186 (A vulnerability was found in SourceCodester Pharmacy Management System ...) - TODO: check + NOT-FOR-US: SourceCodester Pharmacy Management System CVE-2023-4185 (A vulnerability was found in SourceCodester Online Hospital Management ...) - TODO: check + NOT-FOR-US: SourceCodester Online Hospital Management System CVE-2023-4184 (A vulnerability was found in SourceCodester Inventory Management Syste ...) - TODO: check + NOT-FOR-US: SourceCodester Inventory Management System CVE-2023-4183 (A vulnerability has been found in SourceCodester Inventory Management ...) - TODO: check + NOT-FOR-US: SourceCodester Inventory Management System CVE-2023-4182 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Inventory Management System CVE-2023-4181 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Free Hospital Management System for Small Practices CVE-2023-4190 (Insufficient Session Expiration in GitHub repository admidio/admidio p ...) NOT-FOR-US: admidio CVE-2023-4180 (A vulnerability classified as critical was found in SourceCodester Fre ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/037d0310647fbca5544a3875703b855fd96065d6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/037d0310647fbca5544a3875703b855fd96065d6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 92153217 by Salvatore Bonaccorso at 2023-07-26T15:07:13+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7,13 +7,13 @@ CVE-2023-3945 (A vulnerability was found in phpscriptpoint Lawyer 1.6. It has be CVE-2023-3944 (A vulnerability was found in phpscriptpoint Lawyer 1.6 and classified ...) NOT-FOR-US: phpscriptpoint CVE-2023-3897 (Username enumeration is possible through Bypassing CAPTCHA in On-premi ...) - TODO: check + NOT-FOR-US: On-premise SureMDM Solution CVE-2023-3890 (A vulnerability classified as problematic has been found in Campcodes ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3548 (An unauthorized user could gain account access to IQ Wifi 6 versions p ...) TODO: check CVE-2023-3486 (An authentication bypass exists in PaperCut NG versions 22.0.12 and pr ...) - TODO: check + NOT-FOR-US: PaperCut NG CVE-2023-39175 (In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integr ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-39174 (In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via ...) @@ -33,9 +33,9 @@ CVE-2023-39128 (GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a s NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30639 TODO: check details CVE-2023-38555 (Authentication bypass vulnerability in Fujitsu network devices Si-R se ...) - TODO: check + NOT-FOR-US: Fujitsu network devices CVE-2023-38503 (Directus is a real-time API and App dashboard for managing SQL databas ...) - TODO: check + NOT-FOR-US: Directus CVE-2023-38502 (TDengine is an open source, time-series database optimized for Interne ...) TODO: check CVE-2023-38501 (copyparty is file server software. Prior to version 1.8.7, the applica ...) @@ -49,9 +49,9 @@ CVE-2023-38496 (Apptainer is an open source container platform. Version 1.2.0-rc CVE-2023-38493 (Armeria is a microservice framework Spring supports Matrix variables. ...) TODO: check CVE-2023-38435 (An improper neutralization of input during web page generation ('Cross ...) - TODO: check + NOT-FOR-US: Apache Felix Healthcheck Webconsole Plugin CVE-2023-38433 (Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded c ...) - TODO: check + NOT-FOR-US: Fujitsu CVE-2023-37920 (Certifi is a curated collection of Root Certificates for validating th ...) TODO: check CVE-2023-37919 (Cal.com is open-source scheduling software. A vulnerability allows act ...) @@ -59,9 +59,9 @@ CVE-2023-37919 (Cal.com is open-source scheduling software. A vulnerability allo CVE-2023-37907 (Cryptomator is data encryption software for users who store their file ...) TODO: check CVE-2023-37902 (Vyper is a Pythonic programming language that targets the Ethereum Vir ...) - TODO: check + NOT-FOR-US: Vyper CVE-2023-37677 (Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a re ...) - TODO: check + NOT-FOR-US: Pligg CMS CVE-2023-37460 (Plexis Archiver is a collection of Plexus components to create archive ...) TODO: check CVE-2023-37258 (DataEase is an open source data visualization analysis tool. Prior to ...) @@ -73,19 +73,19 @@ CVE-2023-36826 (Sentry is an error tracking and performance monitoring platform. CVE-2023-36806 (Contao is an open source content management system. Starting in versio ...) TODO: check CVE-2023-36503 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max F ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-36502 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-36501 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-36385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo Po ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-35982 (There are buffer overflow vulnerabilities in multiple underlying servi ...) - TODO: check + NOT-FOR-US: Aruba CVE-2023-35981 (There are buffer overflow vulnerabilities in multiple underlying servi ...) - TODO: check + NOT-FOR-US: Aruba CVE-2023-35980 (There are buffer overflow vulnerabilities in multiple underlying servi ...) - TODO: check + NOT-FOR-US: Aruba CVE-2023-35944 (Envoy is an open source edge and service proxy designed for cloud-nati ...) TODO: check CVE-2023-35943 (Envoy is an open source edge and service proxy designed for cloud-nati ...) View it on GitLab:
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e7dafb2a by Salvatore Bonaccorso at 2023-07-21T21:47:44+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37,7 +37,7 @@ CVE-2023-3796 (A vulnerability, which was classified as problematic, has been fo CVE-2023-3795 (A vulnerability classified as critical was found in Bug Finder ChainCi ...) NOT-FOR-US: Bug Finder ChainCity Real Estate Investment Platform CVE-2023-38632 (async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in t ...) - TODO: check + NOT-FOR-US: async-sockets-cpp CVE-2023-37645 (eyoucms v1.6.3 was discovered to contain an information disclosure vul ...) NOT-FOR-US: eyoucms CVE-2023-37292 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) @@ -250,7 +250,7 @@ CVE-2023-33832 (IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a loca CVE-2023-32664 (A type confusion vulnerability exists in the Javascript checkThisBox m ...) NOT-FOR-US: Foxit Reader CVE-2023-32635 (XBRL data create application version 7.0 and earlier improperly restri ...) - TODO: check + NOT-FOR-US: XBRL data create application CVE-2023-32263 (A potential vulnerability has been identified in the Micro Focus Dimen ...) NOT-FOR-US: Micro Focus Dimensions CM Plugin for Jenkins CVE-2023-27379 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) @@ -12074,7 +12074,7 @@ CVE-2023-30202 CVE-2023-30201 RESERVED CVE-2023-30200 (In the module \u201cImage: WebP, Compress, Zoom, Lazy load, Alt & More ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-30199 (Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access ...) NOT-FOR-US: Prestashop CVE-2023-30198 (Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Co ...) @@ -16372,7 +16372,7 @@ CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0 NOTE: Fixed by: https://github.com/ruby/uri/commit/eaf89cc31619d49e67c64d0b58ea9dc38892d175 (v0.12.1) NOTE: https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/ CVE-2023-28754 (Deserialization of Untrusted Data vulnerability in Apache ShardingSphe ...) - TODO: check + NOT-FOR-US: Apache ShardingSphere-Agent CVE-2023-28753 (netconsd prior to v0.2 was vulnerable to an integer overflow in its pa ...) NOT-FOR-US: netconsd CVE-2023-28752 @@ -16479,11 +16479,11 @@ CVE-2023-1555 CVE-2013-10022 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: WordPress plugin CVE-2023-28730 (A memory corruption vulnerability Panasonic Control FPWIN Pro versions ...) - TODO: check + NOT-FOR-US: Panasonic CVE-2023-28729 (A type confusion vulnerability in Panasonic Control FPWIN Pro versions ...) - TODO: check + NOT-FOR-US: Panasonic CVE-2023-28728 (A stack-based buffer overflow in Panasonic Control FPWIN Pro versions ...) - TODO: check + NOT-FOR-US: Panasonic CVE-2023-28727 (Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attacker ...) NOT-FOR-US: Panasonic AiSEG2 CVE-2023-28726 (Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers ...) @@ -23986,7 +23986,7 @@ CVE-2023-26219 CVE-2023-26218 RESERVED CVE-2023-26217 (The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX ...) - TODO: check + NOT-FOR-US: TIBICO Software CVE-2023-26216 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...) NOT-FOR-US: TIBCO CVE-2023-26215 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...) @@ -25115,15 +25115,15 @@ CVE-2023-25841 CVE-2023-25840 RESERVED CVE-2023-25839 (There is SQL injection vulnerability in Esri ArcGIS Insights Desktop f ...) - TODO: check + NOT-FOR-US: Esri ArcGIS CVE-2023-25838 (There is SQL injection vulnerabilityin Esri ArcGIS Insights 2022.1 for ...) - TODO: check + NOT-FOR-US: Esri ArcGIS CVE-2023-25837 (There is a Cross-site Scripting vulnerabilityin Esri Portal Sites in v ...) - TODO: check + NOT-FOR-US: Esri CVE-2023-25836 (There is a Cross-site Scripting vulnerabilityin Esri Portal Sites in v ...) - TODO: check + NOT-FOR-US: Esri CVE-2023-25835 (There is a Cross-site Scripting vulnerabilityin Esri Portal Sites in v ...) - TODO: check + NOT-FOR-US: Esri CVE-2023-25834 (Changes to user permissions in Portal for ArcGIS 10.9.1 and below are ...) NOT-FOR-US: Esri CVE-2023-25833 (There is an HTML injection vulnerability in Esri Portal for ArcGIS ver ...) @@ -35832,13 +35832,13 @@ CVE-2023-22510 CVE-2023-22509 RESERVED
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8ddb100b by Salvatore Bonaccorso at 2023-07-18T22:22:50+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,81 +1,81 @@ CVE-2023-3743 (Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote ...) - TODO: check + NOT-FOR-US: Ap Page Builder CVE-2023-38326 REJECTED CVE-2023-38257 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insec ...) - TODO: check + NOT-FOR-US: Iagona ScrutisWeb CVE-2023-37973 (Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Repla ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-37892 (Cross-Site Request Forgery (CSRF) vulnerability in Kemal YAZICI - Plug ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-37889 (Cross-Site Request Forgery (CSRF) vulnerability in WPAdmin WPAdmin AWS ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-37788 (goproxy v1.1 was discovered to contain an issue which can lead to a De ...) TODO: check CVE-2023-37758 (D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via t ...) - TODO: check + NOT-FOR-US: D-LINK CVE-2023-37481 (Fides is an open-source privacy engineering platform for managing data ...) TODO: check CVE-2023-37480 (Fides is an open-source privacy engineering platform for managing data ...) TODO: check CVE-2023-37477 (1Panel is an open source Linux server operation and maintenance manage ...) - TODO: check + NOT-FOR-US: 1Panel CVE-2023-37387 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classif ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-37386 (Cross-Site Request Forgery (CSRF) vulnerability in Media Library Helpe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-37259 (matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip ...) TODO: check CVE-2023-37143 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-37142 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-37141 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-37140 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-37139 (ChakraCore branch master cbb9b was discovered to contain a stack overf ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36670 (A remotely exploitable command injection vulnerability was found on th ...) - TODO: check + NOT-FOR-US: Kratos NGC-IDU CVE-2023-36669 (Missing Authentication for a Critical Function within the Kratos NGC I ...) - TODO: check + NOT-FOR-US: Kratos NGC-IDU CVE-2023-36384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeop ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-36383 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Mag ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-36120 REJECTED CVE-2023-35763 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a crypto ...) - TODO: check + NOT-FOR-US: Iagona ScrutisWeb CVE-2023-35189 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote ...) - TODO: check + NOT-FOR-US: Iagona ScrutisWeb CVE-2023-34330 (AMI SPx contains a vulnerability in the BMC where a User may cause a i ...) - TODO: check + NOT-FOR-US: AMI SPx CVE-2023-34329 (AMI SPx contains a vulnerability in BMC where a User may cause an auth ...) - TODO: check + NOT-FOR-US: AMI SPx CVE-2023-34035 (Spring Security versions 5.8prior to 5.8.5, 6.0prior to 6.0.5,and 6.1p ...) TODO: check CVE-2023-33871 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a direct ...) - TODO: check + NOT-FOR-US: Iagona ScrutisWeb CVE-2023-33329 (Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in H ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-33312 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wppal Ea ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-33265 (In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, ...) TODO: check CVE-2023-33231 (XSS attack was possible in DPA 2023.2 due to insufficient input valida ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2023-32965 (Unauth. Reflected Cross-Site Scripting
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a5e83c32 by Salvatore Bonaccorso at 2023-07-16T22:16:23+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,23 +1,23 @@ CVE-2023-3691 (A vulnerability, which was classified as problematic, was found in lay ...) TODO: check CVE-2023-3690 (A vulnerability, which was classified as critical, has been found in B ...) - TODO: check + NOT-FOR-US: Bylancer QuickOrder CVE-2023-3689 (A vulnerability classified as critical was found in Bylancer QuickQR 6 ...) - TODO: check + NOT-FOR-US: Bylancer QuickQR CVE-2023-3688 (A vulnerability classified as critical has been found in Bylancer Quic ...) - TODO: check + NOT-FOR-US: Bylancer QuickJob CVE-2023-3687 (A vulnerability was found in Bylancer QuickVCard 2.1. It has been rate ...) - TODO: check + NOT-FOR-US: Bylancer QuickVCard CVE-2023-3686 (A vulnerability was found in Bylancer QuickAI OpenAI 3.8.1. It has bee ...) - TODO: check + NOT-FOR-US: Bylancer QuickAI CVE-2023-3685 (A vulnerability was found in Nesote Inout Search Engine AI Edition 1.1 ...) TODO: check CVE-2023-3684 (A vulnerability was found in LivelyWorks Articart 2.0.1 and classified ...) - TODO: check + NOT-FOR-US: LivelyWorks Articart CVE-2023-38379 (The web interface on the RIGOL MSO5000 digital oscilloscope with firmw ...) - TODO: check + NOT-FOR-US: RIGOL CVE-2023-38378 (The web interface on the RIGOL MSO5000 digital oscilloscope with firmw ...) - TODO: check + NOT-FOR-US: RIGOL CVE-2023-3692 (Unrestricted Upload of File with Dangerous Type in GitHub repository a ...) NOT-FOR-US: admidio CVE-2023-3683 (A vulnerability has been found in LivelyWorks Articart 2.0.1 and class ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5e83c32dbe534dae206b05d011b76073ff98dec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5e83c32dbe534dae206b05d011b76073ff98dec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 47d87ec6 by Salvatore Bonaccorso at 2023-07-02T09:20:52+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -109,11 +109,11 @@ CVE-2020-36736 (The WooCommerce Checkout & Funnel Builder by CartFlows plugin fo CVE-2020-36735 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...) NOT-FOR-US: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress CVE-2023-3485 (Insecure defaults in open-source Temporal Server before version 1.20 o ...) - TODO: check + NOT-FOR-US: Temporal Server CVE-2023-3479 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...) - TODO: check + NOT-FOR-US: Hestia Control Panel CVE-2023-3478 (A vulnerability classified as critical was found in IBOS OA 4.5.5. Aff ...) - TODO: check + NOT-FOR-US: IBOS OA CVE-2023-37365 (Hnswlib 0.7.0 has a double free in init_index when the M argument is a ...) TODO: check CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injec ...) @@ -121,7 +121,7 @@ CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript CVE-2023-37307 (In MISP before 2.4.172, title_for_layout is not properly sanitized in ...) NOT-FOR-US: MISP CVE-2023-37306 (MISP 2.4.172 mishandles different certificate file extensions in serve ...) - TODO: check + NOT-FOR-US: MISP CVE-2023-37305 (An issue was discovered in the ProofreadPage (aka Proofread Page) exte ...) NOT-FOR-US: MediaWiki extension ProofreadPage CVE-2023-37304 (An issue was discovered in the DoubleWiki extension for MediaWiki thro ...) @@ -153,9 +153,9 @@ CVE-2023-35176 (Certain HP LaserJet Pro print products are potentially vulnerabl CVE-2023-35175 (Certain HP LaserJet Pro print products are potentially vulnerable to P ...) NOT-FOR-US: HP CVE-2023-34840 (angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to c ...) - TODO: check + NOT-FOR-US: angular-ui-notification CVE-2023-33276 (The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and ...) - TODO: check + NOT-FOR-US: Gira Giersiepen Gira KNX/IP-Router CVE-2023-31543 (A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers t ...) TODO: check CVE-2023-3477 (A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been de ...) @@ -265,7 +265,7 @@ CVE-2023-33466 (Orthanc before 1.12.0 allows authenticated users with access to CVE-2023-33277 (The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and ...) NOT-FOR-US: Gira Giersiepen Gira KNX/IP-Router CVE-2023-33190 (Sealos is an open source cloud operating system distribution based on ...) - TODO: check + NOT-FOR-US: Sealos CVE-2023- [Heap overwrite in PGS subtitle overlay decoder] - gst-plugins-bad1.0 1.22.4-1 [bookworm] - gst-plugins-bad1.0 1.22.0-4+deb12u1 @@ -293,17 +293,17 @@ CVE-2023- [Heap overwrite in subtitle parsing] CVE-2023-3447 (The Active Directory Integration / LDAP Integration plugin for WordPre ...) NOT-FOR-US: Active Directory Integration / LDAP Integration plugin for WordPress CVE-2023-3243 (** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authentica ...) - TODO: check + NOT-FOR-US: Honeywell CVE-2023-37237 (In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permission ...) NOT-FOR-US: Veritas NetBackup Appliance CVE-2023-36476 (calamares-nixos-extensions provides Calamares branding and modules for ...) TODO: check CVE-2023-36475 (Parse Server is an open source backend that can be deployed to any inf ...) - TODO: check + NOT-FOR-US: Node parse-server CVE-2023-36474 (Interactsh is an open-source tool for detecting out-of-band interactio ...) TODO: check CVE-2023-34843 (Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted ...) - TODO: check + NOT-FOR-US: Traggo Server CVE-2023-34834 (A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webse ...) NOT-FOR-US: MCL-Net CVE-2023-34831 (The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is a ...) @@ -390,7 +390,7 @@ CVE-2023-33592 (Lost and Found Information System v1.0 was discovered to contain CVE-2023-33570 (Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).) NOT-FOR-US: Bagisto CVE-2023-2625 (A vulnerability exists that can be exploited by an authenticated clien ...) - TODO: check + NOT-FOR-US: ABB CoreTec CVE-2023-3436 (Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is ...) TODO: check CVE-2023-3428
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 264f1f90 by Salvatore Bonaccorso at 2023-06-30T22:41:59+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,7 +9,7 @@ CVE-2023-37365 (Hnswlib 0.7.0 has a double free in init_index when the M argumen CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injec ...) TODO: check CVE-2023-37307 (In MISP before 2.4.172, title_for_layout is not properly sanitized in ...) - TODO: check + NOT-FOR-US: MISP CVE-2023-37306 (MISP 2.4.172 mishandles different certificate file extensions in serve ...) TODO: check CVE-2023-37305 (An issue was discovered in the ProofreadPage (aka Proofread Page) exte ...) @@ -25,23 +25,23 @@ CVE-2023-37301 (An issue was discovered in SubmitEntityAction in Wikibase in Med CVE-2023-37300 (An issue was discovered in the CheckUserLog API in the CheckUser exten ...) TODO: check CVE-2023-37299 (Joplin before 2.11.5 allows XSS via an AREA element of an image map.) - TODO: check + NOT-FOR-US: Joplin CVE-2023-37298 (Joplin before 2.11.5 allows XSS via a USE element in an SVG document.) - TODO: check + NOT-FOR-US: Joplin CVE-2023-36810 (pypdf is a pure-python PDF library capable of splitting, merging, crop ...) TODO: check CVE-2023-36807 (pypdf is a pure-python PDF library capable of splitting, merging, crop ...) TODO: check CVE-2023-36477 (XWiki Platform is a generic wiki platform offering runtime services fo ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-35178 (Certain HP LaserJet Pro print products are potentially vulnerable to B ...) - TODO: check + NOT-FOR-US: HP CVE-2023-35177 (Certain HP LaserJet Pro print products are potentially vulnerable to a ...) - TODO: check + NOT-FOR-US: HP CVE-2023-35176 (Certain HP LaserJet Pro print products are potentially vulnerable to B ...) - TODO: check + NOT-FOR-US: HP CVE-2023-35175 (Certain HP LaserJet Pro print products are potentially vulnerable to P ...) - TODO: check + NOT-FOR-US: HP CVE-2023-34840 (angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to c ...) TODO: check CVE-2023-33276 (The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/264f1f904d4f265fe98d4a2912e195b0b1205a85 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/264f1f904d4f265fe98d4a2912e195b0b1205a85 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 374116f8 by Salvatore Bonaccorso at 2023-06-27T22:31:05+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39,43 +39,43 @@ CVE-2023-33567 (An unauthorized access vulnerability has been discovered in ROS2 CVE-2023-33566 (An unauthorized node injection vulnerability has been identified in RO ...) TODO: check CVE-2023-32339 (IBM Business Automation Workflow is vulnerable to cross-site scripting ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-2996 (The Jetpack WordPress plugin before 12.1.1 does not validate uploaded ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2877 (The Formidable Forms WordPress plugin before 6.3.1 does not adequately ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2842 (The WP Inventory Manager WordPress plugin before 2.1.0.14 does not hav ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2818 (An insecure filesystem permission in the Insider Threat Management Age ...) TODO: check CVE-2023-2795 (The CodeColorer WordPress plugin before 0.10.1 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2744 (The ERP WordPress plugin before 1.12.4 does not properly sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2743 (The ERP WordPress plugin before 1.12.4 does not sanitise and escape th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2711 (The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2628 (The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks ( ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2627 (The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2624 (The KiviCare WordPress plugin before 3.2.1 does not sanitise and escap ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2623 (The KiviCare WordPress plugin before 3.2.1 does not restrict the infor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2605 (The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2601 (The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2592 (The FormCraft WordPress plugin before 3.9.7 does not properly sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2580 (The AI Engine WordPress plugin before 1.6.83 does not sanitize and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2482 (The Responsive CSS EDITOR WordPress plugin through 1.0 does not proper ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2326 (The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-35798 (Input Validation vulnerability in Apache Software Foundation Apache Ai ...) NOT-FOR-US: Apache Airflow ODBC/MSSQL Provider CVE-2023-34395 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...) @@ -6618,7 +6618,7 @@ CVE-2023-2180 (The KIWIZ Invoices Certification & PDF System WordPress plugin th CVE-2023-2179 (The WooCommerce Order Status Change Notifier WordPress plugin through ...) NOT-FOR-US: WordPress plugin CVE-2023-2178 (The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2177 (A null pointer dereference issue was found in the sctp network protoco ...) - linux 5.18.16-1 [bullseye] - linux 5.10.136-1 @@ -7581,7 +7581,7 @@ CVE-2023-2070 CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2023-2068 (The File Manager Advanced Shortcode WordPress plugin through 2.3.2 doe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2067 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...) NOT-FOR-US: WordPress plugin CVE-2023-2066 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...) @@ -7655,7 +7655,7 @@ CVE-2023-2033 (Type confusion in V8 in Google Chrome prior to 112.0.5615.121 all - chromium 112.0.5615.121-1 [buster] - chromium (see DSA 5046) CVE-2023-2032 (The Custom 404 Pro WordPress plugin before 3.8.1 does not properly san ...) - TODO: check + NOT-FOR-US: WordPress plugin
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d78417b3 by Salvatore Bonaccorso at 2023-06-24T10:28:30+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2023-3388 (The Beautiful Cookie Consent Banner for WordPress is vulnerable to Sto ...) TODO: check CVE-2023-3387 (The Lana Text to Image plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: Lana Text to Image plugin for WordPress CVE-2023-3197 (The MStore API plugin for WordPress is vulnerable to Unauthenticated B ...) - TODO: check + NOT-FOR-US: MStore API plugin for WordPress CVE-2023-35932 (jcvi is a Python library to facilitate genome assembly, annotation, an ...) TODO: check CVE-2023-35928 (Nextcloud Server is a space for data storage on Nextcloud, a self-host ...) @@ -11,7 +11,7 @@ CVE-2023-35928 (Nextcloud Server is a space for data storage on Nextcloud, a sel CVE-2023-35927 (NextCloud Server and NextCloud Enterprise Server provide file storage ...) TODO: check CVE-2023-35173 (Nextcloud End-to-end encryption app provides all the necessary APIs to ...) - TODO: check + NOT-FOR-US: Nextcloud End-to-end encryption app CVE-2023-35172 (NextCloud Server and NextCloud Enterprise Server provide file storage ...) TODO: check CVE-2023-35171 (NextCloud Server and NextCloud Enterprise Server provide file storage ...) @@ -55,13 +55,13 @@ CVE-2023-36346 (POS Codekop v2.0 was discovered to contain a reflected cross-sit CVE-2023-36345 (A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attacke ...) NOT-FOR-US: POS Codekop CVE-2023-36289 (An unauthenticated Cross-Site Scripting (XSS) vulnerability found in W ...) - TODO: check + NOT-FOR-US: Webkul QloApps CVE-2023-36288 (An unauthenticated Cross-Site Scripting (XSS) vulnerability found in W ...) - TODO: check + NOT-FOR-US: Webkul QloApps CVE-2023-36287 (An unauthenticated Cross-Site Scripting (XSS) vulnerability found in W ...) - TODO: check + NOT-FOR-US: Webkul QloApps CVE-2023-36284 (An unauthenticated Time-Based SQL injection found in Webkul QloApps 1. ...) - TODO: check + NOT-FOR-US: Webkul QloApps CVE-2023-36274 (LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via ...) - libredwg (bug #595191) CVE-2023-36273 (LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d78417b392b523c1a5be4193c0342e017b91904b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d78417b392b523c1a5be4193c0342e017b91904b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 06149314 by Salvatore Bonaccorso at 2023-06-15T11:22:09+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23,11 +23,11 @@ CVE-2023-33515 (SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Sc CVE-2023-31746 (There is a command injection vulnerability in the adslr VW2100 router ...) NOT-FOR-US: adslr VW2100 router CVE-2023-2847 (During internal security analysis, a local privilege escalation vulner ...) - TODO: check + NOT-FOR-US: ESET CVE-2023-2820 (An information disclosure vulnerability in thefaye endpoint in Proofpo ...) - TODO: check + NOT-FOR-US: Proofpoint CVE-2023-2819 (A stored cross-site scripting vulnerability in the Sources UI in Proof ...) - TODO: check + NOT-FOR-US: Proofpoint CVE-2023-3241 (A vulnerability was found in OTCMS up to 6.62 and classified as proble ...) NOT-FOR-US: OTCMS CVE-2023-3240 (A vulnerability has been found in OTCMS up to 6.62 and classified as p ...) @@ -4219,7 +4219,7 @@ CVE-2023-31250 (The file download facility doesn't sufficiently sanitize file pa - drupal7 NOTE: https://www.drupal.org/sa-core-2023-005 CVE-2023-31238 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-31237 RESERVED CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in unFo ...) @@ -4509,7 +4509,7 @@ CVE-2023-31144 (Craft CMS is a content management system. Starting in version 3. CVE-2023-31143 (mage-ai is an open-source data pipeline tool for transforming and inte ...) NOT-FOR-US: mage-ai CVE-2023-31142 (Discourse is an open source discussion platform. Prior to version 3.0. ...) - TODO: check + NOT-FOR-US: Discourse CVE-2023-31141 (OpenSearch is open-source software suite for search, analytics, and ob ...) NOT-FOR-US: OpenSearch CVE-2023-31140 (OpenProject is open source project management software. Starting with ...) @@ -4585,7 +4585,7 @@ CVE-2023-27881 (A user could use the \u201cUpload Resource\u201d functionality t CVE-2023-24476 (An attacker with local access to the machine could record the traffic, ...) NOT-FOR-US: Vuforia CVE-2023-2270 (The Netskope client service running with NT\SYSTEM privileges accepts ...) - TODO: check + NOT-FOR-US: Netskope CVE-2023-2269 (A denial of service problem was found, due to a possible recursive loc ...) - linux 6.3.7-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388 @@ -5221,7 +5221,7 @@ CVE-2023-30903 CVE-2023-30902 RESERVED CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-30900 RESERVED CVE-2023-30899 (A vulnerability has been identified in Siveillance Video 2020 R2 (All ...) @@ -5242,7 +5242,7 @@ CVE-2023-2194 (An out-of-bounds write vulnerability was found in the Linux kerne CVE-2023-2193 (Mattermost fails to invalidate existing authorization codes when deaut ...) - mattermost-server (bug #823556) CVE-2023-30897 (A vulnerability has been identified in SIMATIC WinCC (All versions < V ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-2192 RESERVED CVE-2023-2191 (Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azu ...) @@ -5847,7 +5847,7 @@ CVE-2023-30769 (Vulnerability discovered is related to the peer-to-peer (p2p) co - dogecoin (bug #1034806) NOTE: https://www.halborn.com/blog/post/halborn-discovers-zero-day-impacting-dogecoin-and-280-networks CVE-2023-30757 (A vulnerability has been identified in Totally Integrated Automation P ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-30756 RESERVED CVE-2023-30755 @@ -7464,7 +7464,7 @@ CVE-2023-30181 CVE-2023-30180 RESERVED CVE-2023-30179 (CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injectio ...) - TODO: check + NOT-FOR-US: Craft CMS CVE-2023-30178 RESERVED CVE-2023-30177 (CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker ...) @@ -7522,7 +7522,7 @@ CVE-2023-30152 CVE-2023-30151 RESERVED CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection ...) - TODO: check + NOT-FOR-US: PrestaShop leocustomajax CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete (cityautocomplete ...) NOT-FOR-US: PrestaShop module CVE-2023-30148 @@ -8764,7 +8764,7 @@ CVE-2023-29564 CVE-2023-29563 RESERVED CVE-2023-29562 (TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack ov ...) - TODO: check + NOT-FOR-US:
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e5409a29 by Salvatore Bonaccorso at 2023-06-13T22:18:27+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,35 +1,35 @@ CVE-2023-3224 (Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.) - TODO: check + NOT-FOR-US: Nuxt CVE-2023-3218 (Race Condition within a Thread in GitHub repository it-novum/openitcoc ...) TODO: check CVE-2023-3050 (Reliance on Cookies without Validation and Integrity Checking in a Sec ...) - TODO: check + NOT-FOR-US: TMT Lockcell CVE-2023-3049 (Unrestricted Upload of File with Dangerous Type vulnerability in TMT L ...) - TODO: check + NOT-FOR-US: TMT Lockcell CVE-2023-3048 (Authorization Bypass Through User-Controlled Key vulnerability in TMT ...) - TODO: check + NOT-FOR-US: TMT Lockcell CVE-2023-3047 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: TMT Lockcell CVE-2023-35064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Satos Satos Mobile CVE-2023-34965 (SSPanel-Uim 2023.3 does not restrict access to the /link/ interface wh ...) TODO: check CVE-2023-34249 (benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd ...) - TODO: check + NOT-FOR-US: benjjvi/PyBB CVE-2023-34247 (Keystone is a content management system for Node.JS. There is an open ...) - TODO: check + NOT-FOR-US: Keystone CMS CVE-2023-34122 (Improper input validation in the installer for Zoom for Windows clien ...) - TODO: check + NOT-FOR-US: Zoom CVE-2023-34121 (Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom V ...) - TODO: check + NOT-FOR-US: Zoom CVE-2023-34120 (Improper privilege management in Zoom for Windows, Zoom Rooms for Wind ...) - TODO: check + NOT-FOR-US: Zoom CVE-2023-34115 (Buffer copy without checking size of input in Zoom Meeting SDK befor ...) - TODO: check + NOT-FOR-US: Zoom CVE-2023-34114 (Exposure of resource to wrong sphere in Zoom for Windows and Zoom for ...) - TODO: check + NOT-FOR-US: Zoom CVE-2023-34113 (Insufficient verification of data authenticity in Zoom for Windows cl ...) - TODO: check + NOT-FOR-US: Zoom CVE-2023-33921 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) TODO: check CVE-2023-33920 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) @@ -37,27 +37,27 @@ CVE-2023-33920 (A vulnerability has been identified in CP-8031 MASTER MODULE (Al CVE-2023-33919 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) TODO: check CVE-2023-33695 (Hutool v5.8.17 and below was discovered to contain an information disc ...) - TODO: check + NOT-FOR-US: Hutool CVE-2023-33621 (GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication ...) - TODO: check + NOT-FOR-US: GL.iNET GL-AR750S-Ext firmware CVE-2023-33620 (GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its ...) - TODO: check + NOT-FOR-US: GL.iNET GL-AR750S-Ext firmware CVE-2023-33568 (An issue in Dolibarr v16.0.0 to v16.0.5 allows unauthenticated attacke ...) TODO: check CVE-2023-33305 (A loop with unreachable exit condition ('infinite loop') in Fortinet F ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2023-33124 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-33123 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-33122 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-33121 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-32548 (OS command injection vulnerability exists in WPS Office version 10.8.0 ...) TODO: check CVE-2023-32546 (Code injection vulnerability exists in Chatwork Desktop Application (M ...) - TODO: check + NOT-FOR-US: Chatwork Desktop Application CVE-2023-31541 (A unrestricted file upload vulnerability was discovered in the \u2018B ...) TODO: check CVE-2023-31439 (An issue was discovered in systemd 253. An attacker can modify the con ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5409a29378f21c1ce55f0e9fc64afc4df2ab6d8 -- View it on GitLab:
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c8fd7863 by Salvatore Bonaccorso at 2023-06-12T10:15:51+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,15 +1,15 @@ CVE-2023-35036 (In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5 ...) - TODO: check + NOT-FOR-US: Progress MOVEit Transfer CVE-2023-35035 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) - TODO: check + NOT-FOR-US: Unify CVE-2023-35034 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) - TODO: check + NOT-FOR-US: Unify CVE-2023-35033 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) - TODO: check + NOT-FOR-US: Unify CVE-2023-35032 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) - TODO: check + NOT-FOR-US: Unify CVE-2023-35031 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) - TODO: check + NOT-FOR-US: Unify CVE-2020-36732 (The crypto-js package before 3.2.1 for Node.js generates random number ...) TODO: check CVE-2015-10118 (A vulnerability classified as problematic was found in cchetanonline W ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8fd7863ff489502937af67d89b89ed3c5af0ccb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8fd7863ff489502937af67d89b89ed3c5af0ccb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 794a40e8 by Salvatore Bonaccorso at 2023-06-10T17:56:06+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17952,7 +17952,7 @@ CVE-2023-26467 (A man in the middle can redirect traffic to a malicious server i CVE-2023-26466 (A user with non-Admin access can change a configuration file on the cl ...) NOT-FOR-US: RPA: Synchronization Engine CVE-2023-26465 (Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.) - TODO: check + NOT-FOR-US: Pega Platform CVE-2023-25944 RESERVED CVE-2023-25779 @@ -18383,7 +18383,7 @@ CVE-2023-0956 CVE-2023-0955 (The WP Statistics WordPress plugin before 14.0 does not escape a param ...) NOT-FOR-US: WordPress plugin CVE-2023-0954 (A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and ...) - TODO: check + NOT-FOR-US: Sensormatic Electronics Illustra Pro CVE-2023-0953 (Insufficient input sanitization in the documentation feature of Devolu ...) NOT-FOR-US: Devolutions Server CVE-2023-0952 (Improper access controls on entries in Devolutions Server 2022.3.12 a ...) @@ -20679,9 +20679,9 @@ CVE-2015-10077 (A vulnerability was found in webbuilders-group silverstripe-kapo CVE-2023-25612 RESERVED CVE-2023-25177 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are v ...) - TODO: check + NOT-FOR-US: Delta Electronics CVE-2023-24014 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are v ...) - TODO: check + NOT-FOR-US: Delta Electronics CVE-2023-0756 (An issue has been discovered in GitLab affecting all versions before 1 ...) - gitlab CVE-2023-0755 (The affected products are vulnerable to an improper validation of arra ...) @@ -20962,11 +20962,11 @@ CVE-2023-0712 (The Wicked Folders plugin for WordPress is vulnerable to authoriz CVE-2023-0711 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0710 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2023-0709 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2023-0708 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2023-0707 (A vulnerability was found in SourceCodester Medical Certificate Genera ...) NOT-FOR-US: SourceCodester CVE-2023-0706 (A vulnerability, which was classified as critical, has been found in S ...) @@ -21106,21 +21106,21 @@ CVE-2023-0696 (Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allo - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0695 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2023-0694 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2023-0693 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2023-0692 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2023-0691 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where w ...) NOT-FOR-US: HashiCorp Boundary CVE-2023-0689 RESERVED CVE-2023-0688 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2011-10003 (A vulnerability was found in XpressEngine up to 1.4.4. It has been rat ...) NOT-FOR-US: XpressEngine CVE-2023-25498 @@ -23919,7 +23919,7 @@ CVE-2023-24512 (On affected platforms running Arista EOS, an authorized attacker CVE-2023-24511 (On affected platforms running Arista EOS with SNMP configured, a speci ...) NOT-FOR-US: Arista CVE-2023-24510 (On the affected platforms running EOS, a malformed DHCP packet might c ...) - TODO: check + NOT-FOR-US: Arista
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d4c2ea1 by Salvatore Bonaccorso at 2023-06-10T10:34:44+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2023-3188 (Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncas ...) - TODO: check + NOT-FOR-US: Owncast CVE-2023-3187 (A vulnerability, which was classified as critical, has been found in P ...) - TODO: check + NOT-FOR-US: PHPGurukul Teachers Record Management System CVE-2023-3184 (A vulnerability was found in SourceCodester Sales Tracker Management S ...) NOT-FOR-US: SourceCodester Sales Tracker Management System CVE-2023-3183 (A vulnerability was found in SourceCodester Performance Indicator Syst ...) @@ -3752,7 +3752,7 @@ CVE-2023-2288 (The Otter WordPress plugin before 2.2.6 does not sanitize some us CVE-2023-2287 (The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not li ...) NOT-FOR-US: WordPress plugin CVE-2023-2286 (The WP Activity Log for WordPress is vulnerable to Cross-Site Request ...) - TODO: check + NOT-FOR-US: WP Activity Log for WordPress CVE-2023-2285 (The WP Activity Log Premium plugin for WordPress is vulnerable to Cros ...) NOT-FOR-US: WP Activity Log Premium plugin for WordPress CVE-2023-2284 (The WP Activity Log Premium plugin for WordPress is vulnerable to unau ...) @@ -5117,7 +5117,7 @@ CVE-2023-2123 CVE-2023-2122 RESERVED CVE-2023-2121 (Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer ...) - TODO: check + NOT-FOR-US: HashiCorp Vault CVE-2023-2120 (The Thumbnail carousel slider plugin for WordPress is vulnerable to Re ...) NOT-FOR-US: Thumbnail carousel slider plugin for WordPress CVE-2023-2119 (The Responsive Filterable Portfolio plugin for WordPress is vulnerable ...) @@ -6710,7 +6710,7 @@ CVE-2023-30264 (CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with D CVE-2023-30263 RESERVED CVE-2023-30262 (An issue found in MIM software Inc MIM License Server and MIMpacs serv ...) - TODO: check + NOT-FOR-US: MIM software Inc MIM License Server and MIMpacs services CVE-2023-30261 RESERVED CVE-2023-30260 @@ -7749,9 +7749,9 @@ CVE-2023-29769 CVE-2023-29768 RESERVED CVE-2023-29767 (An issue found in CrossX v.1.15.3 for Android allows a local attacker ...) - TODO: check + NOT-FOR-US: CrossX CVE-2023-29766 (An issue found in CrossX v.1.15.3 for Android allows a local attacker ...) - TODO: check + NOT-FOR-US: CrossX CVE-2023-29765 RESERVED CVE-2023-29764 @@ -7761,31 +7761,31 @@ CVE-2023-29763 CVE-2023-29762 RESERVED CVE-2023-29761 (An issue found in Sleep v.20230303 for Android allows unauthorized app ...) - TODO: check + NOT-FOR-US: Sleep CVE-2023-29760 RESERVED CVE-2023-29759 (An issue found in FlightAware v.5.8.0 for Android allows unauthorized ...) - TODO: check + NOT-FOR-US: FlightAware CVE-2023-29758 (An issue found in Blue Light Filter v.1.5.5 for Android allows unautho ...) - TODO: check + NOT-FOR-US: Blue Light Filter CVE-2023-29757 (An issue found in Blue Light Filter v.1.5.5 for Android allows unautho ...) - TODO: check + NOT-FOR-US: Blue Light Filter CVE-2023-29756 (An issue found in Twilight v.13.3 for Android allows unauthorized apps ...) - TODO: check + NOT-FOR-US: Twilight CVE-2023-29755 (An issue found in Twilight v.13.3 for Android allows unauthorized apps ...) - TODO: check + NOT-FOR-US: Twilight CVE-2023-29754 RESERVED CVE-2023-29753 (An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows ...) - TODO: check + NOT-FOR-US: Facemoji Emoji Keyboard CVE-2023-29752 (An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows ...) - TODO: check + NOT-FOR-US: Facemoji Emoji Keyboard CVE-2023-29751 (An issue found in Yandex Navigator v.6.60 for Android allows unauthori ...) - TODO: check + NOT-FOR-US: Yandex Navigator CVE-2023-29750 RESERVED CVE-2023-29749 (An issue found in Yandex Navigator v.6.60 for Android allows unauthori ...) - TODO: check + NOT-FOR-US: Yandex Navigator CVE-2023-29748 (Story Saver for Instragram - Video Downloader 1.0.6 for Android has an ...) NOT-FOR-US: Story Saver for Instragram CVE-2023-29747 (Story Saver for Instragram - Video Downloader 1.0.6 for Android exists ...) @@ -7855,11 +7855,11 @@ CVE-2023-29716 CVE-2023-29715 RESERVED CVE-2023-29714 (Cross Site Scripting vulnerability found in Vade Secure Gateway allows ...) - TODO: check + NOT-FOR-US: Vade Secure Gateway CVE-2023-29713 (Cross Site Scripting vulnerability found in
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f57b3a75 by Salvatore Bonaccorso at 2023-06-10T07:05:00+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,17 +1,17 @@ CVE-2023-3184 (A vulnerability was found in SourceCodester Sales Tracker Management S ...) - TODO: check + NOT-FOR-US: SourceCodester Sales Tracker Management System CVE-2023-3183 (A vulnerability was found in SourceCodester Performance Indicator Syst ...) - TODO: check + NOT-FOR-US: SourceCodester Performance Indicator System CVE-2023-3141 (A use-after-free flaw was found in r592_remove in drivers/memstick/hos ...) TODO: check CVE-2023-34856 (A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05 ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-34245 (@udecode/plate-link is the link handler for the udecode/plate rich-tex ...) TODO: check CVE-2023-34100 (Contiki-NG is an open-source, cross-platform operating system for IoT ...) - TODO: check + NOT-FOR-US: Contiki-NG CVE-2023-33557 (Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: Fuel CMS CVE-2023-32732 (gRPC contains a vulnerability whereby a client can cause a termination ...) TODO: check CVE-2023-32731 (When gRPC HTTP2 stack raised a header size exceeded error, it skipped ...) @@ -3750,9 +3750,9 @@ CVE-2023-2287 (The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does n CVE-2023-2286 (The WP Activity Log for WordPress is vulnerable to Cross-Site Request ...) TODO: check CVE-2023-2285 (The WP Activity Log Premium plugin for WordPress is vulnerable to Cros ...) - TODO: check + NOT-FOR-US: WP Activity Log Premium plugin for WordPress CVE-2023-2284 (The WP Activity Log Premium plugin for WordPress is vulnerable to unau ...) - TODO: check + NOT-FOR-US: WP Activity Log Premium plugin for WordPress CVE-2023-31222 RESERVED CVE-2023-31221 @@ -4019,7 +4019,7 @@ CVE-2023-2263 CVE-2023-2262 RESERVED CVE-2023-2261 (The WP Activity Log plugin for WordPress is vulnerable to authorizatio ...) - TODO: check + NOT-FOR-US: WP Activity Log plugin for WordPress CVE-2023-2260 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: Alf.io CVE-2023-2259 (Improper Neutralization of Special Elements Used in a Template Engine ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f57b3a75bab72ac10682efbb98374c4897cd66c9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f57b3a75bab72ac10682efbb98374c4897cd66c9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2074bdfd by Salvatore Bonaccorso at 2023-06-08T22:20:04+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,15 +1,15 @@ CVE-2023-3165 (A vulnerability was found in SourceCodester Life Insurance Management ...) - TODO: check + NOT-FOR-US: SourceCodester Life Insurance Management System CVE-2023-3163 (A vulnerability was found in y_project RuoYi up to 4.7.7. It has been ...) - TODO: check + NOT-FOR-US: y_project RuoYi CVE-2023-34962 (Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a st ...) - TODO: check + NOT-FOR-US: Chamilo LMS CVE-2023-34961 (Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site ...) - TODO: check + NOT-FOR-US: Chamilo LMS CVE-2023-34959 (An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute ...) - TODO: check + NOT-FOR-US: Chamilo LMS CVE-2023-34958 (Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a stud ...) - TODO: check + NOT-FOR-US: Chamilo LMS CVE-2023-34571 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) NOT-FOR-US: Tenda CVE-2023-34570 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) @@ -25,19 +25,19 @@ CVE-2023-34566 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to co CVE-2023-34231 (gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a ...) TODO: check CVE-2023-34096 (Thruk is a multibackend monitoring webinterface which currently suppor ...) - TODO: check + NOT-FOR-US: Thruk CVE-2023-33660 (A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vuln ...) - TODO: check + NOT-FOR-US: NanoMQ CVE-2023-33658 (A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vuln ...) - TODO: check + NOT-FOR-US: NanoMQ CVE-2023-33657 (A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerabil ...) - TODO: check + NOT-FOR-US: NanoMQ CVE-2023-33443 (Incorrect access control in the administrative functionalities of BES- ...) - TODO: check + NOT-FOR-US: BES VideoPlayTool CVE-2023-32750 (Pydio Cells through 4.1.2 allows SSRF. For longer running processes, P ...) - TODO: check + NOT-FOR-US: Pydio Cells CVE-2023-32749 (Pydio Cells allows users by default to create so-called external users ...) - TODO: check + NOT-FOR-US: Pydio Cells CVE-2023-34969 (D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus- ...) [experimental] - dbus 1.15.6-1 - dbus (bug #1037151) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2074bdfd7856210ae5f826225a14fc554ce73307 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2074bdfd7856210ae5f826225a14fc554ce73307 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d58b8d75 by Salvatore Bonaccorso at 2023-06-07T22:03:33+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -288,11 +288,11 @@ CVE-2023-32682 (Synapse is a Matrix protocol homeserver written in Python with t - matrix-synapse (bug #1037207) NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p CVE-2023-32551 (Landscape allowed URLs which caused open redirection.) - TODO: check + NOT-FOR-US: Landscape CVE-2023-32550 (Landscape's server-status page exposed sensitive system information. T ...) - TODO: check + NOT-FOR-US: Landscape CVE-2023-32549 (Landscape cryptographic keys were insecurely generated with a weak pse ...) - TODO: check + NOT-FOR-US: Landscape CVE-2023-32545 (The affected application lacks proper validation of user-supplied data ...) NOT-FOR-US: Horner Automation CVE-2023-32539 (The affected application lacks proper validation of user-supplied data ...) @@ -349,11 +349,11 @@ CVE-2023-34103 (Avo is an open source ruby on rails admin panel creation framewo CVE-2023-34102 (Avo is an open source ruby on rails admin panel creation framework. Th ...) TODO: check CVE-2023-33410 (Minical 1.0.0 and earlier contains a CSV injection vulnerability which ...) - TODO: check + NOT-FOR-US: Minical CVE-2023-33409 (Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via m ...) - TODO: check + NOT-FOR-US: Minical CVE-2023-33408 (Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnera ...) - TODO: check + NOT-FOR-US: Minical CVE-2023-32628 (In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary fi ...) NOT-FOR-US: Advantech WebAccss/SCADA CVE-2023-32540 (In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary fi ...) @@ -363,7 +363,7 @@ CVE-2023-2546 (The WP User Switch plugin for WordPress is vulnerable to authenti CVE-2023-22450 (In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary fi ...) NOT-FOR-US: Advantech WebAccss/SCADA CVE-2018-25087 (A vulnerability classified as problematic was found in Arborator Serve ...) - TODO: check + NOT-FOR-US: Arborator CVE-2017-20185 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Fuzzy SWM ...) TODO: check CVE-2015-10117 (A vulnerability, which was classified as problematic, was found in Gra ...) @@ -543,7 +543,7 @@ CVE-2023-3069 (Unverified Password Change in GitHub repository tsolucio/corebos CVE-2023-3068 (A vulnerability classified as critical has been found in Campcodes Ret ...) NOT-FOR-US: Campcodes Retro Cellphone Online Store CVE-2023-3067 (Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium ...) - TODO: check + NOT-FOR-US: Trilium Notes CVE-2023-3062 (A vulnerability was found in code-projects Agro-School Management Syst ...) NOT-FOR-US: Agro-School Management System CVE-2023-3061 (A vulnerability was found in code-projects Agro-School Management Syst ...) @@ -617,7 +617,7 @@ CVE-2023-33965 (Brook is a cross-platform programmable network tool. The `tproxy CVE-2023-33963 (DataEase is an open source data visualization and analysis tool. Prior ...) TODO: check CVE-2023-33960 (OpenProject is web-based project management software. For any OpenProj ...) - TODO: check + NOT-FOR-US: OpenProject CVE-2023-33764 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...) NOT-FOR-US: eMedia Consulting simpleRedak CVE-2023-33754 (The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 do ...) @@ -640,7 +640,7 @@ CVE-2023-33546 (janino 3.1.9 and earlier are subject to denial of service (DOS) [bullseye] - janino (Minor issue) NOTE: https://github.com/janino-compiler/janino/issues/201 CVE-2023-33544 (hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input ...) - TODO: check + NOT-FOR-US: hawtio CVE-2023-32717 (On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in ...) NOT-FOR-US: Splunk Enterprise CVE-2023-32716 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Spl ...) @@ -4260,9 +4260,9 @@ CVE-2023-30917 CVE-2023-30916 RESERVED CVE-2023-30915 (In email service, there is a missing permission check. This could lead ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-30914 (In email service, there is a missing permission check. This could lead ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2023-30913 RESERVED CVE-2023-2240 (Improper Privilege Management in GitHub repository microweber/microweb ...) @@ -4478,19 +4478,19 @@
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4daee8e3 by Salvatore Bonaccorso at 2023-06-07T10:21:56+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2023-3126 (The B2BKing plugin for WordPress is vulnerable to unauthorized access ...) - TODO: check + NOT-FOR-US: B2BKing plugin for WordPress CVE-2023-3125 (The B2BKing plugin for WordPress is vulnerable to unauthorized modific ...) - TODO: check + NOT-FOR-US: B2BKing plugin for WordPress CVE-2023-3124 (The Elementor Pro plugin for WordPress is vulnerable to unauthorized d ...) - TODO: check + NOT-FOR-US: Elementor Pro plugin for WordPress CVE-2023-33782 (D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection ...) TODO: check CVE-2023-33781 (An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitr ...) @@ -23,187 +23,187 @@ CVE-2023-2541 (The Web Frontend of KNIME Business Hub before 1.4.0 allows an una CVE-2022-4950 (Several WordPress plugins developed by Cool Plugins are vulnerable to ...) TODO: check CVE-2022-4949 (The AdSanity plugin for WordPress is vulnerable to arbitrary file uplo ...) - TODO: check + NOT-FOR-US: AdSanity plugin for WordPress CVE-2022-4948 (The FlyingPress plugin for WordPress is vulnerable to authorization by ...) - TODO: check + NOT-FOR-US: FlyingPress plugin for WordPress CVE-2021-4383 (The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to pag ...) - TODO: check + NOT-FOR-US: WP Quick FrontEnd Editor plugin for WordPress CVE-2021-4382 (The Recently plugin for WordPress is vulnerable to arbitrary file uplo ...) - TODO: check + NOT-FOR-US: Recently plugin for WordPress CVE-2021-4381 (The uListing plugin for WordPress is vulnerable to authorization bypas ...) - TODO: check + NOT-FOR-US: uListing plugin for WordPress CVE-2021-4378 (The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Sto ...) - TODO: check + NOT-FOR-US: WP Quick FrontEnd Editor plugin for WordPress CVE-2021-4377 (The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive ...) - TODO: check + NOT-FOR-US: Doneren met Mollie plugin for WordPress CVE-2021-4376 (The WooCommerce Multi Currency plugin for WordPress is vulnerable to M ...) - TODO: check + NOT-FOR-US: WooCommerce Multi Currency plugin for WordPress CVE-2021-4375 (The Welcart e-Commerce plugin for WordPress is vulnerable to authoriza ...) - TODO: check + NOT-FOR-US: Welcart e-Commerce plugin for WordPress CVE-2021-4374 (The WordPress Automatic Plugin for WordPress is vulnerable to arbitrar ...) TODO: check CVE-2021-4373 (The Better Search plugin for WordPress is vulnerable to Cross-Site Req ...) - TODO: check + NOT-FOR-US: Better Search plugin for WordPress CVE-2021-4372 (The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WooCommerce Dynamic Pricing and Discounts plugin for WordPress CVE-2021-4371 (The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Set ...) - TODO: check + NOT-FOR-US: WP Quick FrontEnd Editor plugin for WordPress CVE-2021-4370 (The uListing plugin for WordPress is vulnerable to authorization bypas ...) - TODO: check + NOT-FOR-US: uListing plugin for WordPress CVE-2021-4369 (The Frontend File Manager plugin for WordPress is vulnerable to Unauth ...) - TODO: check + NOT-FOR-US: Frontend File Manager plugin for WordPress CVE-2021-4368 (The Frontend File Manager plugin for WordPress is vulnerable to Authen ...) - TODO: check + NOT-FOR-US: Frontend File Manager plugin for WordPress CVE-2021-4367 (The Flo Forms \u2013 Easy Drag & Drop Form Builder plugin for WordPres ...) - TODO: check + NOT-FOR-US: Flo Forms Easy Drag & Drop Form Builder plugin for WordPress CVE-2021-4366 (The PWA for WP & AMP plugin for WordPress is vulnerable to authorizati ...) - TODO: check + NOT-FOR-US: PWA for WP & AMP plugin for WordPress CVE-2021-4365 (The Frontend File Manager plugin for WordPress is vulnerable to Unauth ...) - TODO: check + NOT-FOR-US: Frontend File Manager plugin for WordPress CVE-2021-4364 (The JobSearch WP Job Board plugin for WordPress is vulnerable to autho ...) - TODO: check + NOT-FOR-US: JobSearch WP Job Board plugin for WordPress CVE-2021-4363 (The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Ref ...) - TODO: check + NOT-FOR-US: WP Quick FrontEnd Editor plugin for WordPress CVE-2021-4362 (The Kiwi Social Share plugin for WordPress is vulnerable to authorizat ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f73b103 by Salvatore Bonaccorso at 2023-06-06T22:31:43+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -63,33 +63,33 @@ CVE-2023-32550 (Landscape's server-status page exposed sensitive system informat CVE-2023-32549 (Landscape cryptographic keys were insecurely generated with a weak pse ...) TODO: check CVE-2023-32545 (The affected application lacks proper validation of user-supplied data ...) - TODO: check + NOT-FOR-US: Horner Automation CVE-2023-32539 (The affected application lacks proper validation of user-supplied data ...) - TODO: check + NOT-FOR-US: Horner Automation CVE-2023-32289 (The affected application lacks proper validation of user-supplied data ...) - TODO: check + NOT-FOR-US: Horner Automation CVE-2023-32281 (The affected application lacks proper validation of user-supplied data ...) - TODO: check + NOT-FOR-US: Horner Automation CVE-2023-32203 (The affected application lacks proper validation of user-supplied data ...) - TODO: check + NOT-FOR-US: Horner Automation CVE-2023-31606 (A Regular Expression Denial of Service (ReDoS) issue was discovered in ...) TODO: check CVE-2023-31569 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2023-31278 (The affected application lacks proper validation of user-supplied data ...) - TODO: check + NOT-FOR-US: Horner Automation CVE-2023-31244 (The affected product does not properly validate user-supplied data. If ...) - TODO: check + NOT-FOR-US: Horner Automation CVE-2023-2833 (The ReviewX plugin for WordPress is vulnerable to privilege escalation ...) NOT-FOR-US: ReviewX plugin for WordPress CVE-2023-2801 (Grafana is an open-source platform for monitoring and observability. ...) TODO: check CVE-2023-29503 (The affected application lacks proper validation of user-supplied data ...) - TODO: check + NOT-FOR-US: Horner Automation CVE-2023-28653 (The affected application lacks proper validation of user-supplied data ...) - TODO: check + NOT-FOR-US: Horner Automation CVE-2023-27916 (The affected application lacks proper validation of user-supplied data ...) - TODO: check + NOT-FOR-US: Horner Automation CVE-2023-34417 - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34417 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f73b103a56fdc3ae5e7af51cc46e4b26255704b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f73b103a56fdc3ae5e7af51cc46e4b26255704b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9cd4d5a7 by Salvatore Bonaccorso at 2023-06-05T22:43:51+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2023-3109 (Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admid ...) - TODO: check + NOT-FOR-US: admidio CVE-2023-3066 (Incorrect Authorization vulnerability in Mobatime mobile application A ...) - TODO: check + NOT-FOR-US: Mobatime mobile application CVE-2023-3065 (Improper Authentication vulnerability in Mobatime mobile application A ...) - TODO: check + NOT-FOR-US: Mobatime mobile application CVE-2023-3064 (Anonymous user may get the list of existing users managed by the appli ...) - TODO: check + NOT-FOR-US: Mobatime mobile application CVE-2023-34097 (hoppscotch is an open source API development ecosystem. In versions pr ...) TODO: check CVE-2023-33970 (Kanboard is open source project management software that focuses on th ...) @@ -27,19 +27,19 @@ CVE-2023-33956 (Kanboard is open source project management software that focuses CVE-2023-33733 (Reportlab up to v3.6.12 allows attackers to execute arbitrary code via ...) TODO: check CVE-2023-33693 (A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 al ...) - TODO: check + NOT-FOR-US: EasyPlayerPro-Win CVE-2023-33690 (SonicJS up to v0.7.0 allows attackers to execute an authenticated path ...) - TODO: check + NOT-FOR-US: SonicJS CVE-2023-33524 (Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal ...) - TODO: check + NOT-FOR-US: Advent/SSC Inc. Tamale RMS CVE-2023-33518 (emoncms v11 and later was discovered to contain an information disclos ...) - TODO: check + NOT-FOR-US: emoncms CVE-2023-33386 (MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interf ...) - TODO: check + NOT-FOR-US: MarsCTF CVE-2023-32766 (Gitpod before 2022.11.3 allows XSS because redirection can occur for s ...) TODO: check CVE-2023-31893 (Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vul ...) - TODO: check + NOT-FOR-US: Telefnica Brasil Vivo Play (IPTV) Firmware CVE-2023-2634 (The Get your number WordPress plugin through 1.1.3 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2023-2572 (The Survey Maker WordPress plugin before 3.4.7 does not escape some pa ...) @@ -59,11 +59,11 @@ CVE-2023-2337 (The ConvertKit WordPress plugin before 2.2.1 does not escape a pa CVE-2022-4946 (The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does ...) NOT-FOR-US: WordPress plugin CVE-2015-10115 (A vulnerability, which was classified as problematic, was found in Woo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2015-10114 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2015-10113 (A vulnerability classified as problematic was found in WooFramework Tw ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-3100 (A vulnerability, which was classified as critical, has been found in I ...) TODO: check CVE-2023-3099 (A vulnerability classified as critical was found in KylinSoft youker-a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cd4d5a73093d92221ad687a8c3ebbdd0f5e9cfc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cd4d5a73093d92221ad687a8c3ebbdd0f5e9cfc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4c5b16a6 by Salvatore Bonaccorso at 2023-06-02T22:26:42+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,69 +1,69 @@ CVE-2023-3075 (Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebo ...) - TODO: check + NOT-FOR-US: Corebos CVE-2023-3074 (Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/core ...) - TODO: check + NOT-FOR-US: Corebos CVE-2023-3073 (Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/core ...) - TODO: check + NOT-FOR-US: Corebos CVE-2023-3071 (Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/core ...) - TODO: check + NOT-FOR-US: Corebos CVE-2023-3070 (Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/core ...) - TODO: check + NOT-FOR-US: Corebos CVE-2023-3069 (Unverified Password Change in GitHub repository tsolucio/corebos prior ...) - TODO: check + NOT-FOR-US: Corebos CVE-2023-3068 (A vulnerability classified as critical has been found in Campcodes Ret ...) - TODO: check + NOT-FOR-US: Campcodes Retro Cellphone Online Store CVE-2023-3067 (Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium ...) TODO: check CVE-2023-3062 (A vulnerability was found in code-projects Agro-School Management Syst ...) - TODO: check + NOT-FOR-US: Agro-School Management System CVE-2023-3061 (A vulnerability was found in code-projects Agro-School Management Syst ...) - TODO: check + NOT-FOR-US: Agro-School Management System CVE-2023-3060 (A vulnerability has been found in code-projects Agro-School Management ...) - TODO: check + NOT-FOR-US: Agro-School Management System CVE-2023-3059 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Online Exam Form Submission CVE-2023-3058 (A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declar ...) - TODO: check + NOT-FOR-US: 07FLY CRM CVE-2023-3057 (A vulnerability was found in YFCMF up to 3.0.4. It has been rated as p ...) - TODO: check + NOT-FOR-US: YFCMF CVE-2023-3056 (A vulnerability was found in YFCMF up to 3.0.4. It has been declared a ...) - TODO: check + NOT-FOR-US: YFCMF CVE-2023-3033 (Incorrect Authorization vulnerability in Mobatime web application allo ...) - TODO: check + NOT-FOR-US: Mobatime web application CVE-2023-3032 (Unrestricted Upload of File with Dangerous Type vulnerability in Mobat ...) - TODO: check + NOT-FOR-US: Mobatime web application CVE-2023-3031 (Improper Limitation of a Pathname leads to a Path Traversal vulnerabil ...) - TODO: check + NOT-FOR-US: Prestashop CVE-2023-34362 (In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4 ...) - TODO: check + NOT-FOR-US: Progress MOVEit Transfer CVE-2023-34094 (ChuanhuChatGPT is a graphical user interface for ChatGPT and many larg ...) - TODO: check + NOT-FOR-US: ChuanhuChatGPT CVE-2023-33763 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...) - TODO: check + NOT-FOR-US: eMedia Consulting simpleRedak CVE-2023-33762 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...) - TODO: check + NOT-FOR-US: eMedia Consulting simpleRedak CVE-2023-33761 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...) - TODO: check + NOT-FOR-US: eMedia Consulting simpleRedak CVE-2023-33731 (Reflected Cross Site Scripting (XSS) in the view dashboard detail feat ...) - TODO: check + NOT-FOR-US: Microworld Technologies eScan management console CVE-2023-33717 (mp4v2 v2.1.3 was discovered to contain a memory leak when a method cal ...) TODO: check CVE-2023-33675 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-33673 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-33672 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-33671 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-33670 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-33669 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-33476 (ReadyMedia (MiniDLNA)
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e30b00b9 by Salvatore Bonaccorso at 2023-06-02T11:35:11+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2023-3000 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Erikoglu Technology ErMon CVE-2023-2835 (The WP Directory Kit plugin for WordPress is vulnerable to Reflected C ...) NOT-FOR-US: WP Directory Kit plugin for WordPress CVE-2016-15032 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) - TODO: check + NOT-FOR-US: mback2k mh_httpbl Extension on TYPO3 CVE-2015-10110 (A vulnerability classified as problematic was found in ruddernation Ti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-3035 (A vulnerability has been found in Guangdong Pythagorean OA Office Syst ...) NOT-FOR-US: Guangdong Pythagorean OA Office System CVE-2023-34339 (In JetBrains Ktor before 2.3.1 headers containing authentication data ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e30b00b919ce8077e872d72043577800de7aecf1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e30b00b919ce8077e872d72043577800de7aecf1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d8e7b40f by Salvatore Bonaccorso at 2023-05-30T22:25:24+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2023-33975 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) - TODO: check + NOT-FOR-US: RIOT-OS CVE-2023-33974 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) - TODO: check + NOT-FOR-US: RIOT-OS CVE-2023-33973 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) - TODO: check + NOT-FOR-US: RIOT-OS CVE-2023-33656 (A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability ...) TODO: check CVE-2023-33234 (Arbitrary code execution in Apache Airflow CNCF Kubernetes provider ve ...) @@ -13,9 +13,9 @@ CVE-2023-33178 (Xibo is a content management system (CMS). An SQL injection vuln CVE-2023-33177 (Xibo is a content management system (CMS). A path traversal vulnerabil ...) TODO: check CVE-2023-32699 (MeterSphere is an open source continuous testing platform. Version 2.9 ...) - TODO: check + NOT-FOR-US: MeterSphere CVE-2023-32696 (CKAN is an open-source data management system for powering data hubs a ...) - TODO: check + NOT-FOR-US: CKAN CVE-2023-32689 (Parse Server is an open source backend that can be deployed to any inf ...) TODO: check CVE-2023-32684 (Lima launches Linux virtual machines, typically on macOS, for running ...) @@ -5532,7 +5532,7 @@ CVE-2023-30198 CVE-2023-30197 RESERVED CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Co ...) - TODO: check + NOT-FOR-US: Prestashop CVE-2023-30195 RESERVED CVE-2023-30194 (Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via ...) @@ -12428,7 +12428,7 @@ CVE-2023-27990 (The XSS vulnerability in Zyxel ATP series firmware versions 4.32 CVE-2023-27989 RESERVED CVE-2023-27988 (The post-authentication command injection vulnerability in the Zyxel N ...) - TODO: check + NOT-FOR-US: Zyxel CVE-2023-27987 (In Apache Linkis <=1.3.1,due to the default token generated by Linkis ...) NOT-FOR-US: Apache Linkis CVE-2023-1297 @@ -13575,7 +13575,7 @@ CVE-2023-27615 CVE-2023-27614 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox ...) NOT-FOR-US: WordPress plugin CVE-2023-27613 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorC ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-27612 RESERVED CVE-2023-27611 @@ -21502,9 +21502,9 @@ CVE-2023-24828 (Onedev is a self-hosted Git Server with CI/CD and Kanban. In ver CVE-2023-24827 (syft is a a CLI tool and Go library for generating a Software Bill of ...) NOT-FOR-US: syft CVE-2023-24826 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) - TODO: check + NOT-FOR-US: RIOT-OS CVE-2023-24825 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) - TODO: check + NOT-FOR-US: RIOT-OS CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) - cmark-gfm (bug #1034171) [bookworm] - cmark-gfm (Minor issue) @@ -21537,7 +21537,7 @@ CVE-2023-24819 (RIOT-OS, an operating system that supports Internet of Things de CVE-2023-24818 (RIOT-OS, an operating system that supports Internet of Things devices, ...) NOT-FOR-US: RIOT-OS CVE-2023-24817 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) - TODO: check + NOT-FOR-US: RIOT-OS CVE-2023-24816 (IPython (Interactive Python) is a command shell for interactive comput ...) - ipython (Windows-specific) NOTE: https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7 @@ -22113,23 +22113,23 @@ CVE-2023-24607 (Qt before 6.4.3 allows a denial of service via a crafted string CVE-2023-24606 RESERVED CVE-2023-24605 (OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-24604 (OX App Suite before backend 7.10.6-rev37 does not check HTTP header le ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-24603 (OX App Suite before backend 7.10.6-rev37 does not check size limits wh ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-24602 (OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the T ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-24601 (OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app dee ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-24600 (OX App
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f5c7c2a by Salvatore Bonaccorso at 2023-05-30T10:52:28+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39,9 +39,9 @@ CVE-2023-2962 (A vulnerability, which was classified as critical, has been found CVE-2023-2808 (Mattermost fails to normalize UTF confusable characters when determini ...) TODO: check CVE-2023-2518 (The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not s ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2470 (The Add to Feedly WordPress plugin through 1.2.11 does not sanitize an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2014-125102 (A vulnerability classified as problematic was found in Bestwebsoft Rel ...) TODO: check CVE-2023-2953 [potential null pointer dereference flaw] @@ -2346,7 +2346,7 @@ CVE-2023-2298 CVE-2023-2297 (The Profile Builder \u2013 User Profile & User Registration Forms plug ...) NOT-FOR-US: WordPress plugin CVE-2023-2296 (The Loginizer WordPress plugin before 1.7.9 does not escape a paramete ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4945 (The Dataprobe cloud usernames and passwords are stored in plain text i ...) NOT-FOR-US: Dataprobe CVE-2022-48480 (Integer overflow vulnerability in some phones. Successful exploitation ...) @@ -2388,9 +2388,9 @@ CVE-2023-2290 CVE-2023-2289 RESERVED CVE-2023-2288 (The Otter WordPress plugin before 2.2.6 does not sanitize some user-co ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2287 (The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not li ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2286 RESERVED CVE-2023-2285 @@ -2710,7 +2710,7 @@ CVE-2023-31104 CVE-2023-2257 (Authentication Bypass in Hub Business integration in Devolutions Works ...) NOT-FOR-US: Devolutions CVE-2023-2256 (The Product Addons & Fields for WooCommerce WordPress plugin before 32 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2255 (Improper access control in editor components of The Document Foundatio ...) {DSA-5415-1} - libreoffice 4:7.4.5-3 @@ -3203,7 +3203,7 @@ CVE-2023-2225 CVE-2023-2224 RESERVED CVE-2023-2223 (The Login rebuilder WordPress plugin before 2.8.1 does not sanitise an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023- RESERVED CVE-2023-2221 @@ -3764,7 +3764,7 @@ CVE-2023-2119 (The Responsive Filterable Portfolio plugin for WordPress is vulne CVE-2023-2118 (Insufficient access controlin support ticket feature in Devolutions Se ...) NOT-FOR-US: Devolutions CVE-2023-2117 (The Image Optimizer by 10web WordPress plugin before 1.0.27 does not s ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2116 RESERVED CVE-2023-2115 @@ -3772,11 +3772,11 @@ CVE-2023-2115 CVE-2023-2114 (The NEX-Forms WordPress plugin before 8.4 does not properly escape the ...) NOT-FOR-US: WordPress plugin CVE-2023-2113 (The Autoptimize WordPress plugin before 3.1.7 does not sanitise and es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2112 (Desktop component service allows lateral movement between sessions in ...) NOT-FOR-US: M-Files CVE-2023-2111 (The Fast & Effective Popups & Lead-Generation for WordPress plugin bef ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2110 RESERVED CVE-2023-30775 (A vulnerability was found in the libtiff library. This security flaw c ...) @@ -4422,7 +4422,7 @@ CVE-2023-2025 (OpenBlue Enterprise Manager Data Collector versions prior to 3.2. CVE-2023-2024 (Improper authentication in OpenBlue Enterprise Manager Data Collector ...) NOT-FOR-US: OpenBlue Enterprise Manager Data Collector CVE-2023-2023 (The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2022 RESERVED CVE-2023-2021 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) @@ -7082,7 +7082,7 @@ CVE-2023-1940 (A vulnerability classified as critical was found in SourceCodeste CVE-2023-1939 (No access control for the OTP key on OTP entries in Devolutions Rem ...) NOT-FOR-US: Devolutions CVE-2023-1938 (The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1937 (A vulnerability, which was classified as problematic, was found in zhe ...) NOT-FOR-US: zhenfeng13 My-Blog CVE-2014-125095 (A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 and ...) @@ -10040,7 +10040,7 @@
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 95468eec by Salvatore Bonaccorso at 2023-05-27T11:28:54+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2023-33199 (Rekor's goals are to provide an immutable tamper resistant ledger of m ...) TODO: check CVE-2023-33196 (Craft is a CMS for creating custom digital experiences. Cross site scr ...) - TODO: check + NOT-FOR-US: Craft CMS CVE-2023-33195 (Craft is a CMS for creating custom digital experiences on the web. A m ...) - TODO: check + NOT-FOR-US: Craft CMS CVE-2023-33194 (Craft is a CMS for creating custom digital experiences on the web.The ...) - TODO: check + NOT-FOR-US: Craft CMS CVE-2023-33192 (ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not val ...) TODO: check CVE-2023-33188 (Omni-notes is an open source note-taking application for Android. The ...) @@ -13,11 +13,11 @@ CVE-2023-33188 (Omni-notes is an open source note-taking application for Android CVE-2023-33187 (Highlight is an open source, full-stack monitoring platform. Highlight ...) TODO: check CVE-2023-33184 (Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed ...) - TODO: check + NOT-FOR-US: Nextcloud Mail CVE-2023-32688 (parse-server-push-adapter is the official Push Notification adapter fo ...) TODO: check CVE-2023-32686 (Kiwi TCMS is an open source test management system for both manual and ...) - TODO: check + NOT-FOR-US: Kiwi TCMS CVE-2023-32676 (Autolab is a course management service that enables auto-graded progra ...) TODO: check CVE-2023-32325 (PostHog-js is a library to interface with the PostHog analytics tool. ...) @@ -31,7 +31,7 @@ CVE-2023-32317 (Autolab is a course management service that enables auto-graded CVE-2023-32316 (CloudExplorer Lite is an open source cloud management tool. In affecte ...) TODO: check CVE-2023-32315 (Openfire is an XMPP server licensed under the Open Source Apache Licen ...) - TODO: check + NOT-FOR-US: Ignite Realtime Openfire CVE-2023-32311 (CloudExplorer Lite is an open source cloud management platform. In Clo ...) TODO: check CVE-2023-32307 (Sofia-SIP is an open-source SIP User-Agent library, compliant with the ...) @@ -41,7 +41,7 @@ CVE-2023-2924 (A vulnerability, which was classified as critical, has been found CVE-2023-2923 (A vulnerability classified as critical was found in Tenda AC6 US_AC6V1 ...) NOT-FOR-US: Tenda CVE-2023-2922 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester Comment System CVE-2023-2825 (An issue has been discovered in GitLab CE/EE affecting only version 16 ...) TODO: check CVE-2023-2898 (There is a null-pointer-dereference flaw found in f2fs_write_end_io in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95468eec556540358c7eade80eb9de09f13efb5c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95468eec556540358c7eade80eb9de09f13efb5c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 73ad0793 by Salvatore Bonaccorso at 2023-05-27T11:20:41+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39,7 +39,7 @@ CVE-2023-32307 (Sofia-SIP is an open-source SIP User-Agent library, compliant wi CVE-2023-2924 (A vulnerability, which was classified as critical, has been found in S ...) TODO: check CVE-2023-2923 (A vulnerability classified as critical was found in Tenda AC6 US_AC6V1 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-2922 (A vulnerability classified as problematic has been found in SourceCode ...) TODO: check CVE-2023-2825 (An issue has been discovered in GitLab CE/EE affecting only version 16 ...) @@ -14216,7 +14216,7 @@ CVE-2023-27313 CVE-2023-27312 RESERVED CVE-2023-27311 (NetApp Blue XP Connector versions prior to 3.9.25 expose information v ...) - TODO: check + NOT-FOR-US: NetApp Blue XP Connector CVE-2023-27310 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) NOT-FOR-US: Siemens CVE-2023-27309 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73ad07936956b9b22416991bb681c6ca72a99615 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73ad07936956b9b22416991bb681c6ca72a99615 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 799a0328 by Salvatore Bonaccorso at 2023-05-25T22:43:29+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,47 +1,47 @@ CVE-2023-33751 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...) - TODO: check + NOT-FOR-US: mipjz CVE-2023-33750 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...) - TODO: check + NOT-FOR-US: mipjz CVE-2023-33356 (IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS).) - TODO: check + NOT-FOR-US: IceCMS CVE-2023-33355 (IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access t ...) - TODO: check + NOT-FOR-US: IceCMS CVE-2023-33280 (In the Store Commander scquickaccounting module for PrestaShop through ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2023-33279 (In the Store Commander scfixmyprestashop module through 2023-05-09 for ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2023-33278 (In the Store Commander scexportcustomers module for PrestaShop through ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2023-33263 (In WFTPD 3.25, usernames and password hashes are stored in an openly v ...) - TODO: check + NOT-FOR-US: WFTPD CVE-2023-33248 (Amazon Alexa software version 8960323972 on Echo Dot 2nd generation an ...) - TODO: check + NOT-FOR-US: Amazon Alexa CVE-2023-32694 (Saleor Core is a composable, headless commerce API. Saleor's `validate ...) TODO: check CVE-2023-31861 (ZLMediaKit 4.0 is vulnerable to Directory Traversal.) - TODO: check + NOT-FOR-US: ZLMediaKit CVE-2023-31594 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Contro ...) - TODO: check + NOT-FOR-US: IC Realtime ICIP-P2012T CVE-2023-31458 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...) - TODO: check + NOT-FOR-US: Mitel CVE-2023-2888 (A vulnerability, which was classified as problematic, was found in PHP ...) - TODO: check + NOT-FOR-US: PHPOK CVE-2023-2887 (Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows ...) - TODO: check + NOT-FOR-US: CBOT Chatbot CVE-2023-2886 (Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot ...) - TODO: check + NOT-FOR-US: CBOT Chatbot CVE-2023-2885 (Channel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allow ...) - TODO: check + NOT-FOR-US: CBOT Chatbot CVE-2023-2884 (Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), U ...) - TODO: check + NOT-FOR-US: CBOT Chatbot CVE-2023-2883 (Authorization Bypass Through User-Controlled Key vulnerability in CBOT ...) - TODO: check + NOT-FOR-US: CBOT Chatbot CVE-2023-2882 (Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot ...) - TODO: check + NOT-FOR-US: CBOT Chatbot CVE-2023-2881 (Storing Passwords in a Recoverable Format in GitHub repository pimcore ...) - TODO: check + NOT-FOR-US: pimcore CVE-2023-2851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: AGT Tech Ceppatron CVE-2023-2798 (Those using HtmlUnit to browse untrusted webpages may be vulnerable to ...) TODO: check CVE-2023-2734 (The MStore API plugin for WordPress is vulnerable to authentication by ...) @@ -53,11 +53,11 @@ CVE-2023-2732 (The MStore API plugin for WordPress is vulnerable to authenticati CVE-2023-2500 (The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPr ...) NOT-FOR-US: Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress CVE-2023-2480 (Missing access permissions checks in M-Files Client before 23.5.12598. ...) - TODO: check + NOT-FOR-US: M-Files CVE-2023-28370 (Open redirect vulnerability in Tornado versions 6.3.1 and earlier allo ...) TODO: check CVE-2023-27529 (Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an ...) - TODO: check + NOT-FOR-US: Wacom Tablet Driver installer CVE-2023- [Block themes parsing shortcodes in user-generated data] - wordpress 6.2.2+dfsg1-1 (bug #1036689) NOTE: https://wordpress.org/news/2023/05/wordpress-6-2-2-security-release/ @@ -140,11 +140,11 @@ CVE-2023-31748 (Insecure permissions in MobileTrans v4.0.11 allows attackers to CVE-2023-31595 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Contro ...) NOT-FOR-US: IC Realtime ICIP-P2012T CVE-2023-31460 (A vulnerability in the Connect Mobility Router component of MiVoice Co ...) - TODO: check + NOT-FOR-US: Mitel CVE-2023-31459 (A vulnerability in the