[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: def2256a by security tracker role at 2024-05-23T20:11:54+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,113 @@ +CVE-2024-5264 (Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows ...) + TODO: check +CVE-2024-5258 (An authorization vulnerability exists within GitLab from versions 16.1 ...) + TODO: check +CVE-2024-5202 (Arbitrary File Readin OpenText Dimensions RM allowsauthenticated users ...) + TODO: check +CVE-2024-5201 (Privilege Escalationin OpenText Dimensions RM allows an authenticated ...) + TODO: check +CVE-2024-5168 (Improper access control vulnerability in Prodys' Quantum Audio codec a ...) + TODO: check +CVE-2024-5165 (In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several in ...) + TODO: check +CVE-2024-5143 (A user with device administrative privileges can change existing SMTP ...) + TODO: check +CVE-2024-5085 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is ...) + TODO: check +CVE-2024-5084 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is ...) + TODO: check +CVE-2024-4779 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-4575 (The LayerSlider plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-4471 (The 140+ Widgets | Best Addons For Elementor \u2013 FREE for WordPress ...) + TODO: check +CVE-2024-4378 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4365 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-3997 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) + TODO: check +CVE-2024-35570 (An arbitrary file upload vulnerability in the component \controller\Im ...) + TODO: check +CVE-2024-35375 (There is an arbitrary file upload vulnerability on the media add .php ...) + TODO: check +CVE-2024-35224 (OpenProject is the leading open source project management software. Op ...) + TODO: check +CVE-2024-35223 (Dapr is a portable, event-driven, runtime for building distributed app ...) + TODO: check +CVE-2024-35222 (Tauri is a framework for building binaries for all major desktop platf ...) + TODO: check +CVE-2024-35197 (gitoxide is a pure Rust implementation of Git. On Windows, fetching re ...) + TODO: check +CVE-2024-35186 (gitoxide is a pure Rust implementation of Git. During checkout, `gix-w ...) + TODO: check +CVE-2024-35091 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35090 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35086 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35085 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35084 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35083 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35082 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35081 (LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file delet ...) + TODO: check +CVE-2024-35080 (An arbitrary file upload vulnerability in the gok4 method of inxedu v2 ...) + TODO: check +CVE-2024-35079 (An arbitrary file upload vulnerability in the uploadAudio method of in ...) + TODO: check +CVE-2024-34936 (A SQL injection vulnerability in /view/event1.php in Campcodes Complet ...) + TODO: check +CVE-2024-34935 (A SQL injection vulnerability in /view/conversation_history_admin.php ...) + TODO: check +CVE-2024-34934 (A SQL injection vulnerability in /view/emarks_range_grade_update_form. ...) + TODO: check +CVE-2024-34933 (A SQL injection vulnerability in /model/update_grade.php in Campcodes ...) + TODO: check +CVE-2024-34932 (A SQL injection vulnerability in /model/update_exam.php in Campcodes C ...) + TODO: check +CVE-2024-34931 (A SQL injection vulnerability in /model/update_subject.php in Campcode ...) + TODO: check +CVE-2024-34930 (A SQL injection vulnerability in /model/all_events1.php in Campcodes C ...) + TODO: check +CVE-2024-34929 (A SQL injection vulnerability in /view/find_friends.php in Campcodes C ...) + TODO: check +CVE-2024-34928 (A SQL injection vulnerability in /model/update_subject_routing.php in ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f3b5d6a by security tracker role at 2024-05-23T08:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,12 +1,106 @@ -CVE-2024-36013 [Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()] +CVE-2024-5241 (A vulnerability was found in Huashi Private Cloud CDN Live Streaming A ...) + TODO: check +CVE-2024-5240 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5239 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-5238 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-5237 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-5236 (A vulnerability classified as critical was found in Campcodes Complete ...) + TODO: check +CVE-2024-5235 (A vulnerability classified as critical has been found in Campcodes Com ...) + TODO: check +CVE-2024-5234 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5233 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5232 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5231 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5230 (A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and ...) + TODO: check +CVE-2024-5177 (The Hash Elements plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-4978 (Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious bin ...) + TODO: check +CVE-2024-4895 (The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table C ...) + TODO: check +CVE-2024-4783 (The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4706 (The WordPress + Microsoft Office 365 / Azure AD | LOGIN plugin for Wor ...) + TODO: check +CVE-2024-4662 (The Oxygen Builder plugin for WordPress is vulnerable to Remote Code E ...) + TODO: check +CVE-2024-4486 (The Awesome Contact Form7 for Elementor plugin for WordPress is vulner ...) + TODO: check +CVE-2024-4431 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) + TODO: check +CVE-2024-4399 (The does not validate a parameter before making a request to it, whic ...) + TODO: check +CVE-2024-4388 (This does not validate a path generated with user input when download ...) + TODO: check +CVE-2024-4347 (The WP Fastest Cache plugin for WordPress is vulnerable to Directory T ...) + TODO: check +CVE-2024-4043 (The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-3920 (The Flattr WordPress plugin through 1.2.2 does not sanitise and escape ...) + TODO: check +CVE-2024-3918 (The Pet Manager WordPress plugin through 1.4 does not sanitise and esc ...) + TODO: check +CVE-2024-3917 (The Pet Manager WordPress plugin through 1.4 does not sanitise and esc ...) + TODO: check +CVE-2024-3711 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to un ...) + TODO: check +CVE-2024-3708 (A condition exists in lighttpd version prior to 1.4.51 whereby a remot ...) + TODO: check +CVE-2024-3648 (The ShareThis Share Buttons plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2024-3626 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) + TODO: check +CVE-2024-3594 (The IDonate WordPress plugin through 1.9.0 does not sanitise and esca ...) + TODO: check +CVE-2024-3201 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-3065 (The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugi ...) + TODO: check +CVE-2024-2220 (The Button contact VR WordPress plugin through 4.7 does not sanitise a ...) + TODO: check +CVE-2024-2038 (The Visual Website Collaboration, Feedback & Project Management \u2013 ...) + TODO: check +CVE-2024-29853 (An authentication bypass vulnerability in Veeam Agent for Microsoft Wi ...) + TODO: check +CVE-2024-29852 (Veeam Backup Enterprise Manager allows high-privileged users to read b ...) + TODO: check +CVE-2024-29851 (Veeam Backup Enterprise Manager allows high-privileged users to steal ...) + TODO: check +CVE-2024-29850 (Veeam Backup Enterprise Manager allows account takeover via NTLM relay ...) + TODO: check +CVE-2024-29849 (Veeam Backup Enterprise
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3dd5fc42 by security tracker role at 2024-05-22T20:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,138 @@ -CVE-2024-36010 [igb: Fix string truncation warnings in igb_set_fw_version] +CVE-2024-5196 (A vulnerability classified as critical has been found in Arris VAP2500 ...) + TODO: check +CVE-2024-5195 (A vulnerability was found in Arris VAP2500 08.50. It has been rated as ...) + TODO: check +CVE-2024-5194 (A vulnerability was found in Arris VAP2500 08.50. It has been declared ...) + TODO: check +CVE-2024-5193 (A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been ...) + TODO: check +CVE-2024-5166 (An Insecure Direct Object Reference in Google Cloud's Looker allowed m ...) + TODO: check +CVE-2024-5031 (The Memberpress plugin for WordPress is vulnerable to Blind Server-Sid ...) + TODO: check +CVE-2024-5025 (The Memberpress plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-4896 (The WPB Elementor Addons plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-4563 (The Progress MOVEit Automation configuration export function prior to ...) + TODO: check +CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local Privilege ...) + TODO: check +CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution ...) + TODO: check +CVE-2024-4362 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-4267 (A remote code execution (RCE) vulnerability exists in the parisneo/lol ...) + TODO: check +CVE-2024-4262 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4261 (The Responsive Contact Form Builder & Lead Generation Plugin plugin fo ...) + TODO: check +CVE-2024-4153 (A vulnerability in lunary-ai/lunary version 1.2.2 allows attackers to ...) + TODO: check +CVE-2024-3926 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) + TODO: check +CVE-2024-3495 (The Country State City Dropdown CF7 plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-36077 (Qlik Sense Enterprise for Windows before 14.187.4 allows a remote atta ...) + TODO: check +CVE-2024-35627 (tileserver-gl up to v4.4.10 was discovered to contain a cross-site scr ...) + TODO: check +CVE-2024-35561 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35560 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35559 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35558 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35557 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35556 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-3 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35554 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35553 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35552 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35551 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35550 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35475 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Op ...) + TODO: check +CVE-2024-35409 (WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php.) + TODO: check +CVE-2024-35362 (Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/arti ...) + TODO: check +CVE-2024-34448 (Ghost before 5.82.0 allows CSV Injection during a member CSV export.) + TODO: check +CVE-2024-33228 (An issue in the component segwindrvx64.sys of Insyde Software Corp SEG ...) + TODO: check +CVE-2024-33227 (An issue in the component ddcdrv.sys of Nicomsoft WinI2C/DDC v3.7.4.0 ...) + TODO: check +CVE-2024-33226 (An issue in the component Access64.sys of Wistron Corporation TBT Forc ...) + TODO: check +CVE-2024-33225 (An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp R ...) + TODO: check +CVE-2024-33224 (An issue in the component
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1876ffd6 by security tracker role at 2024-05-22T08:12:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,192 +1,268 @@ -CVE-2021-47473 [scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()] +CVE-2024-5190 + REJECTED +CVE-2024-5147 (The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPr ...) + TODO: check +CVE-2024-5092 (The Elegant Addons for elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5040 (There are multiple ways in LCDS LAquis SCADA for an attacker to acces ...) + TODO: check +CVE-2024-4980 (The WPKoi Templates for Elementor plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-4971 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-4443 (The Business Directory Plugin \u2013 Easy Listing Directories for Word ...) + TODO: check +CVE-2024-4157 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-3927 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) + TODO: check +CVE-2024-3671 (The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-3666 (The Opal Estate Pro \u2013 Property Management and Submission plugin f ...) + TODO: check +CVE-2024-3663 (The WP Scraper plugin for WordPress is vulnerable to unauthorized acce ...) + TODO: check +CVE-2024-3611 (The Toolbar Extras for Elementor & More \u2013 WordPress Admin Bar Enh ...) + TODO: check +CVE-2024-3519 (The Media Library Assistant plugin for WordPress is vulnerable to Refl ...) + TODO: check +CVE-2024-3518 (The Media Library Assistant plugin for WordPress is vulnerable to SQL ...) + TODO: check +CVE-2024-3198 (The WP Font Awesome Share Icons plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-3066 (The Elegant Addons for elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-35220 (@fastify/session is a session plugin for fastify. Requires the @fastif ...) + TODO: check +CVE-2024-35162 (Path traversal vulnerability exists in Download Plugins and Themes fro ...) + TODO: check +CVE-2024-32988 ('OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App ...) + TODO: check +CVE-2024-31396 (Code injection vulnerability exists in a-blog cms Ver.3.1.x series ver ...) + TODO: check +CVE-2024-31395 (Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x seri ...) + TODO: check +CVE-2024-31394 (Directory traversal vulnerability exists in a-blog cms Ver.3.1.x serie ...) + TODO: check +CVE-2024-31340 (TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prio ...) + TODO: check +CVE-2024-30420 (Server-side request forgery (SSRF) vulnerability exists in a-blog cms ...) + TODO: check +CVE-2024-30419 (Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x seri ...) + TODO: check +CVE-2024-2953 (The LuckyWP Table of Contents plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-2163 (The Ninja Beaver Add-ons for Beaver Builder plugin for WordPress is vu ...) + TODO: check +CVE-2024-2119 (The LuckyWP Table of Contents plugin for WordPress is vulnerable to Re ...) + TODO: check +CVE-2024-2088 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...) + TODO: check +CVE-2024-21683 (This High severity RCE (Remote Code Execution) vulnerability was intro ...) + TODO: check +CVE-2024-1762 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...) + TODO: check +CVE-2024-1446 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...) + TODO: check +CVE-2024-0632 (The Automatic Translator with Google Translate plugin for WordPress is ...) + TODO: check +CVE-2024-0453 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized modi ...) + TODO: check +CVE-2024-0452 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized modi ...) + TODO: check +CVE-2024-0451 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized acce ...) + TODO: check +CVE-2023-6487 (The LuckyWP Table of Contents plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2021-47473 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.14.16-1 [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/linus/7fb223d0ad801f633c78cbe42b1d1b55f5d163ad (5.15-rc7) -CVE-2021-47472 [net: mdiobus: Fix memory leak in __mdiobus_register]
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7aa6eab1 by security tracker role at 2024-05-21T20:12:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,1778 +1,1898 @@ -CVE-2023-52879 [tracing: Have trace_event_file have ref counters] +CVE-2024-4988 (The mobile application (com.transsion.videocallenhancer) interface has ...) + TODO: check +CVE-2024-4876 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) + TODO: check +CVE-2024-4875 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) + TODO: check +CVE-2024-4700 (The WP Table Builder \u2013 WordPress Table Plugin plugin for WordPres ...) + TODO: check +CVE-2024-4695 (The Move Addons for Elementor plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-4619 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...) + TODO: check +CVE-2024-4566 (The ShopLentor plugin for WordPress is vulnerable to unauthorized modi ...) + TODO: check +CVE-2024-4553 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) + TODO: check +CVE-2024-4452 (The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-4435 (When storing unbounded types in a BTreeMap, a node is represented as a ...) + TODO: check +CVE-2024-4420 (There exists a Denial of service vulnerability in Tink-cc in versions ...) + TODO: check +CVE-2024-4361 (The Page Builder by SiteOrigin plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-4154 (In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulner ...) + TODO: check +CVE-2024-3345 (The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-3268 (The YouTube Video Gallery by YouTube Showcase \u2013 Video Gallery Plu ...) + TODO: check +CVE-2024-36052 (RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the s ...) + TODO: check +CVE-2024-36039 (PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON ...) + TODO: check +CVE-2024-35386 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) + TODO: check +CVE-2024-35385 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) + TODO: check +CVE-2024-35384 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) + TODO: check +CVE-2024-35361 (MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/ ...) + TODO: check +CVE-2024-35218 (Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stor ...) + TODO: check +CVE-2024-35180 (OMERO.web provides a web based client and plugin infrastructure. There ...) + TODO: check +CVE-2024-35061 (NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exc ...) + TODO: check +CVE-2024-35060 (An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows att ...) + TODO: check +CVE-2024-35059 (An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows a ...) + TODO: check +CVE-2024-35058 (An issue in the API wait function of NASA AIT-Core v2.5.2 allows attac ...) + TODO: check +CVE-2024-35057 (An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary ...) + TODO: check +CVE-2024-35056 (NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection ...) + TODO: check +CVE-2024-34274 (OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untr ...) + TODO: check +CVE-2024-34240 (QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) r ...) + TODO: check +CVE-2024-34071 (Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco ...) + TODO: check +CVE-2024-33529 (ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow ...) + TODO: check +CVE-2024-33528 (A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7. ...) + TODO: check +CVE-2024-33527 (A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Us ...) + TODO: check +CVE-2024-33526 (A Stored Cross-site Scripting (XSS) vulnerability in the "Import of us ...) + TODO: check +CVE-2024-33525 (A Stored Cross-site Scripting (XSS) vulnerability in the "Import of or ...) + TODO: check +CVE-2024-31989 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + TODO: check +CVE-2024-31847 (An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site ...) + TODO: check +CVE-2024-31845 (An issue was discovered in Italtel Embrace 1.6.4. The product does not ...) + TODO: check +CVE-2024-31844 (An issue was
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b51afb5 by security tracker role at 2024-05-21T08:12:08+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,45 @@ +CVE-2024-5145 (A vulnerability was found in SourceCodester Vehicle Management System ...) + TODO: check +CVE-2024-4985 (An authentication bypass vulnerability was present in the GitHub Enter ...) + TODO: check +CVE-2024-4943 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...) + TODO: check +CVE-2024-4710 (The UberMenu plugin for WordPress is vulnerable to Stored Cross-Site S ...) + TODO: check +CVE-2024-4470 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress ...) + TODO: check +CVE-2024-4442 (The Salon booking system plugin for WordPress is vulnerable to arbitra ...) + TODO: check +CVE-2024-4372 (The Carousel Slider WordPress plugin before 2.2.11 does not sanitise a ...) + TODO: check +CVE-2024-4290 (The Sailthru Triggermail WordPress plugin through 1.1 does not sanitis ...) + TODO: check +CVE-2024-4289 (The Sailthru Triggermail WordPress plugin through 1.1 does not sanitis ...) + TODO: check +CVE-2024-4061 (The Survey Maker WordPress plugin before 4.2.9 does not sanitise and ...) + TODO: check +CVE-2024-3155 (The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Block ...) + TODO: check +CVE-2024-35195 (Requests is a HTTP library. Prior to 2.32.0, when making requests thro ...) + TODO: check +CVE-2024-35194 (Minder is a software supply chain security platform. Prior to version ...) + TODO: check +CVE-2024-35192 (Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is ...) + TODO: check +CVE-2024-35191 (Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users ...) + TODO: check +CVE-2024-34710 (Wiki.js is al wiki app built on Node.js. Client side template injectio ...) + TODO: check +CVE-2024-33901 (Issue in KeePassXC 2.7.7 allows an attacker to recover some passwords ...) + TODO: check +CVE-2024-33900 (KeePassXC 2.7.7 allows attackers to recover cleartext credentials.) + TODO: check +CVE-2024-2189 (The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2. ...) + TODO: check +CVE-2024-0816 (The buffer overflow vulnerability in the DX3300-T1 firmware version V5 ...) + TODO: check +CVE-2023-37929 (The buffer overflow vulnerability in the CGI program of the VMG3625-T5 ...) + TODO: check CVE-2024-5137 (A vulnerability classified as problematic was found in PHPGurukul Dire ...) NOT-FOR-US: PHPGurukul Directory Management System CVE-2024-5136 (A vulnerability classified as problematic has been found in PHPGurukul ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b51afb5e3375537b45c7f545d0f172320c343c8 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b51afb5e3375537b45c7f545d0f172320c343c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e91dea23 by security tracker role at 2024-05-20T20:11:56+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,330 +1,398 @@ -CVE-2024-36009 [ax25: Fix netdev refcount issue] +CVE-2024-5137 (A vulnerability classified as problematic was found in PHPGurukul Dire ...) + TODO: check +CVE-2024-5136 (A vulnerability classified as problematic has been found in PHPGurukul ...) + TODO: check +CVE-2024-5135 (A vulnerability was found in PHPGurukul Directory Management System 1. ...) + TODO: check +CVE-2024-4323 (A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3. ...) + TODO: check +CVE-2024-4287 (In mintplex-labs/anything-llm, a vulnerability exists due to improper ...) + TODO: check +CVE-2024-4151 (An Improper Access Control vulnerability exists in lunary-ai/lunary ve ...) + TODO: check +CVE-2024-3761 (In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at `pac ...) + TODO: check +CVE-2024-3482 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified ...) + TODO: check +CVE-2024-35580 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpv ...) + TODO: check +CVE-2024-35579 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan ...) + TODO: check +CVE-2024-35578 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbal ...) + TODO: check +CVE-2024-35576 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port ...) + TODO: check +CVE-2024-35571 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode ...) + TODO: check +CVE-2024-34953 (An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denia ...) + TODO: check +CVE-2024-34952 (taurusxin ncmdump v1.3.2 was discovered to contain a segmentation viol ...) + TODO: check +CVE-2024-34949 (likeshop 2.5.7 is vulnerable to SQL Injection via the getOrderList fun ...) + TODO: check +CVE-2024-34948 (An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 ...) + TODO: check +CVE-2024-34947 (Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 ...) + TODO: check +CVE-2024-34193 (smanga 3.2.7 does not filter the file parameter at the PHP/get file fl ...) + TODO: check +CVE-2024-31714 (Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows ...) + TODO: check +CVE-2024-2835 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified ...) + TODO: check +CVE-2024-29651 (A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v. ...) + TODO: check +CVE-2024-29000 (The SolarWinds Platform was determined to be affected by a reflected c ...) + TODO: check +CVE-2024-27312 (Zoho ManageEngine PAM360 version 6601 is vulnerable to authorization v ...) + TODO: check +CVE-2024-24294 (A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 a ...) + TODO: check +CVE-2024-24293 (A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 all ...) + TODO: check +CVE-2024-1968 (In scrapy/scrapy, an issue was identified where the Authorization head ...) + TODO: check +CVE-2024-0401 (ASUS routers supporting custom OpenVPN profiles are vulnerable to a co ...) + TODO: check +CVE-2023-49335 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...) + TODO: check +CVE-2023-49334 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injectio ...) + TODO: check +CVE-2023-49333 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...) + TODO: check +CVE-2023-49332 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...) + TODO: check +CVE-2023-49331 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...) + TODO: check +CVE-2023-49330 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injectio ...) + TODO: check +CVE-2024-36009 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 NOTE: https://git.kernel.org/linus/467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b (6.9-rc6) -CVE-2024-36008 [ipv4: check for NULL idev in ip_route_use_hint()] +CVE-2024-36008 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 [bullseye] - linux 5.10.216-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1 (6.9-rc6) -CVE-2024-36007 [mlxsw: spectrum_acl_tcam: Fix warning during rehash]
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 215575a7 by security tracker role at 2024-05-20T08:11:59+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2024-5134 (A vulnerability was found in SourceCodester Electricity Consumption Mo ...) + TODO: check +CVE-2024-5123 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2024-5122 (A vulnerability was found in SourceCodester Event Registration System ...) + TODO: check +CVE-2024-5121 (A vulnerability was found in SourceCodester Event Registration System ...) + TODO: check +CVE-2024-5120 (A vulnerability was found in SourceCodester Event Registration System ...) + TODO: check +CVE-2024-5119 (A vulnerability was found in SourceCodester Event Registration System ...) + TODO: check +CVE-2024-5118 (A vulnerability has been found in SourceCodester Event Registration Sy ...) + TODO: check +CVE-2024-5117 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-5116 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-5115 (A vulnerability classified as critical was found in Campcodes Complete ...) + TODO: check +CVE-2024-5114 (A vulnerability classified as critical has been found in Campcodes Com ...) + TODO: check +CVE-2024-5113 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5112 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5111 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5110 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5109 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-5108 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-5107 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-5106 (A vulnerability classified as critical was found in Campcodes Complete ...) + TODO: check +CVE-2024-5105 (A vulnerability classified as critical has been found in Campcodes Com ...) + TODO: check +CVE-2024-5104 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5103 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4284 (A vulnerability in mintplex-labs/anything-llm allows for a denial of s ...) + TODO: check +CVE-2024-3368 (The All in One SEO WordPress plugin before 4.6.1.1 does not validate ...) + TODO: check +CVE-2024-36081 (Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated u ...) + TODO: check +CVE-2024-36080 (Westermo EDW-100 devices through 2024-05-03 have a hidden root user ac ...) + TODO: check CVE-2024-5101 (A vulnerability was found in SourceCodester Simple Inventory System 1. ...) NOT-FOR-US: SourceCodester Simple Inventory System CVE-2024-5100 (A vulnerability was found in SourceCodester Simple Inventory System 1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/215575a7652e56bf5f1690983f1e1e205304cf96 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/215575a7652e56bf5f1690983f1e1e205304cf96 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d2a837ad by security tracker role at 2024-05-19T20:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,426 +1,438 @@ -CVE-2024-35947 [dyndbg: fix old BUG_ON in >control parser] +CVE-2024-5101 (A vulnerability was found in SourceCodester Simple Inventory System 1. ...) + TODO: check +CVE-2024-5100 (A vulnerability was found in SourceCodester Simple Inventory System 1. ...) + TODO: check +CVE-2024-36078 (In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with ...) + TODO: check +CVE-2024-36076 (Syslifters SysReptor before 2024.40 has a CSRF vulnerability for WebSo ...) + TODO: check +CVE-2024-36070 (tine before 2023.11.8, when an LDAP backend is used, allows anonymous ...) + TODO: check +CVE-2024-36053 (In the mintupload package through 4.2.0 for Linux Mint, service-name m ...) + TODO: check +CVE-2024-35947 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux NOTE: https://git.kernel.org/linus/00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c (6.9-rc7) -CVE-2024-35946 [wifi: rtw89: fix null pointer access when abort scan] +CVE-2024-35946 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.8.9-1 NOTE: https://git.kernel.org/linus/7e11a2966f51695c0af0b1f976a32d64dee243b2 (6.9-rc1) -CVE-2024-35945 [net: phy: phy_device: Prevent nullptr exceptions on ISR] +CVE-2024-35945 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.8.9-1 NOTE: https://git.kernel.org/linus/61c81872815f46006982bb80460c0c80a949b35b (6.9-rc1) -CVE-2024-35944 [VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()] +CVE-2024-35944 (In the Linux kernel, the following vulnerability has been resolved: V ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/19b070fefd0d024af3daa7329cbc0d00de5302ec (6.9-rc1) -CVE-2024-35943 [pmdomain: ti: Add a null pointer check to the omap_prm_domain_init] +CVE-2024-35943 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.8.9-1 NOTE: https://git.kernel.org/linus/5d7f58ee08434a33340f75ac7ac5071eea9673b3 (6.9-rc1) -CVE-2024-35942 [pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain] +CVE-2024-35942 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.8.9-1 NOTE: https://git.kernel.org/linus/697624ee8ad557ab5417f985d2c804241a7ad30d (6.9-rc1) -CVE-2024-35941 [net: skbuff: add overflow debug check to pull/push helpers] +CVE-2024-35941 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 NOTE: https://git.kernel.org/linus/219eee9c0d16f1b754a8b85275854ab17df0850a (6.9-rc1) -CVE-2024-35940 [pstore/zone: Add a null pointer check to the psz_kmsg_read] +CVE-2024-35940 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/98bc7e26e14fbb26a6abf97603d59532475e97f8 (6.9-rc1) -CVE-2024-35939 [dma-direct: Leak pages on dma_set_decrypted() failure] +CVE-2024-35939 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 NOTE: https://git.kernel.org/linus/b9fa16949d18e06bdf728a560f5c8af56d2bdcaf (6.9-rc1) -CVE-2024-35938 [wifi: ath11k: decrease MHI channel buffer length to 8KB] +CVE-2024-35938 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 NOTE: https://git.kernel.org/linus/1cca1bddf9ef080503c15378cecf4877f7510015 (6.9-rc1) -CVE-2024-35937 [wifi: cfg80211: check A-MSDU format more carefully] +CVE-2024-35937 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.8.9-1 NOTE: https://git.kernel.org/linus/9ad7974856926129f190ffbe3beea78460b3b7cc (6.9-rc1) -CVE-2024-35936 [btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()] +CVE-2024-35936 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/7411055db5ce64f836aaffd422396af0075fdc99 (6.9-rc1) -CVE-2024-35935 [btrfs: send: handle path ref underflow in header iterate_inode_ref()] +CVE-2024-35935 (In the Linux kernel, the following vulnerability has been
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b860abcc by security tracker role at 2024-05-19T08:12:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2024-5099 (A vulnerability was found in SourceCodester Simple Inventory System 1. ...) + TODO: check +CVE-2024-5098 (A vulnerability has been found in SourceCodester Simple Inventory Syst ...) + TODO: check +CVE-2024-5097 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check +CVE-2024-5096 (A vulnerability classified as problematic was found in Hipcam Device u ...) + TODO: check +CVE-2024-5095 (A vulnerability classified as problematic has been found in Victor Zsv ...) + TODO: check +CVE-2024-36050 (Nix through 2.22.1 mishandles certain usage of hash caches, which make ...) + TODO: check +CVE-2024-36048 (QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x b ...) + TODO: check +CVE-2024-28064 (Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/Env ...) + TODO: check +CVE-2024-28063 (Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenSe ...) + TODO: check CVE-2024-5094 (A vulnerability was found in SourceCodester Best House Rental Manageme ...) NOT-FOR-US: SourceCodester Best House Rental Management System CVE-2024-5093 (A vulnerability has been found in SourceCodester Best House Rental Man ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b860abcc783ac01d8927012dd7cff12d5eab30a6 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b860abcc783ac01d8927012dd7cff12d5eab30a6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 900286a7 by security tracker role at 2024-05-18T20:11:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2024-5094 (A vulnerability was found in SourceCodester Best House Rental Manageme ...) + TODO: check +CVE-2024-5093 (A vulnerability has been found in SourceCodester Best House Rental Man ...) + TODO: check +CVE-2024-5088 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-4432 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-3745 (MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vul ...) + TODO: check +CVE-2024-3658 (The Build App Online plugin for WordPress is vulnerable to authenticat ...) + TODO: check +CVE-2024-36043 (question_image.ts in SurveyJS Form Library before 1.10.4 allows conten ...) + TODO: check +CVE-2024-34083 (aiosmptd is a reimplementation of the Python stdlib smtpd.py based on ...) + TODO: check +CVE-2024-31879 (IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbit ...) + TODO: check CVE-2024-5069 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Simple Online Mens Salon Management System CVE-2024-4891 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/900286a776289abb7b797d49dac3e87153268aad -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/900286a776289abb7b797d49dac3e87153268aad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bfb6dbc0 by security tracker role at 2024-05-18T08:11:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,45 @@ +CVE-2024-5069 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-4891 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) + TODO: check +CVE-2024-4865 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-4849 (The WordPress Automatic Plugin plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-4709 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-4698 (The Testimonial Carousel For Elementor plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-4374 (The DethemeKit For Elementor plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-4264 (A remote code execution (RCE) vulnerability exists in the berriai/lite ...) + TODO: check +CVE-2024-3812 (The Salient Core plugin for WordPress is vulnerable to Local File Incl ...) + TODO: check +CVE-2024-3811 (The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-3810 (The Salient Shortcodes plugin for WordPress is vulnerable to Local Fil ...) + TODO: check +CVE-2024-3714 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...) + TODO: check +CVE-2024-35313 (In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length ...) + TODO: check +CVE-2024-35312 (In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 ...) + TODO: check +CVE-2024-2782 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-2772 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-2771 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-23583 (An attacker could potentially intercept credentials via the task manag ...) + TODO: check +CVE-2024-23556 (SSL/TLS Renegotiation functionality potentially leading to DoS attack ...) + TODO: check +CVE-2024-23554 (Cross-Site Request Forgery (CSRF) on Session Token vulnerability that ...) + TODO: check +CVE-2023-52424 (The IEEE 802.11 standard sometimes enables an adversary to trick a vic ...) + TODO: check CVE-2024-5072 (Improper input validation in PAM JIT elevation feature in Devolutions ...) NOT-FOR-US: Devolutions Server CVE-2024-5066 (A vulnerability classified as critical was found in PHPGurukul Online ...) @@ -14551,10 +14593,10 @@ CVE-2024-0083 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, wh NOT-FOR-US: NVIDIA ChatRTX CVE-2024-0082 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where a ...) NOT-FOR-US: NVIDIA ChatRTX -CVE-2024-25743 (In the Linux kernel through 6.7.2, an untrusted hypervisor can inject ...) +CVE-2024-25743 (In the Linux kernel through 6.9, an untrusted hypervisor can inject vi ...) - linux NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html -CVE-2024-25742 +CVE-2024-25742 (In the Linux kernel before 6.9, an untrusted hypervisor can inject vir ...) - linux NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html CVE-2024-3464 (A vulnerability was found in SourceCodester Laundry Management System ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfb6dbc0860a88f1196900861cdb4fc94b5f32f9 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfb6dbc0860a88f1196900861cdb4fc94b5f32f9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d614d57 by security tracker role at 2024-05-17T20:12:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,565 @@ +CVE-2024-5072 (Improper input validation in PAM JIT elevation feature in Devolutions ...) + TODO: check +CVE-2024-5066 (A vulnerability classified as critical was found in PHPGurukul Online ...) + TODO: check +CVE-2024-5065 (A vulnerability classified as critical has been found in PHPGurukul On ...) + TODO: check +CVE-2024-5064 (A vulnerability was found in PHPGurukul Online Course Registration Sys ...) + TODO: check +CVE-2024-5063 (A vulnerability was found in PHPGurukul Online Course Registration Sys ...) + TODO: check +CVE-2024-5055 (Uncontrolled resource consumption vulnerability in XAMPP Windows, vers ...) + TODO: check +CVE-2024-5052 (Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 ...) + TODO: check +CVE-2024-5051 (A vulnerability has been found in SourceCodester Gas Agency Management ...) + TODO: check +CVE-2024-5050 (A vulnerability, which was classified as critical, was found in Wangsh ...) + TODO: check +CVE-2024-5049 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-5048 (A vulnerability classified as critical was found in code-projects Budg ...) + TODO: check +CVE-2024-5047 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-5046 (A vulnerability was found in SourceCodester Online Examination System ...) + TODO: check +CVE-2024-5045 (A vulnerability was found in SourceCodester Online Birth Certificate M ...) + TODO: check +CVE-2024-5044 (A vulnerability was found in Emlog Pro 2.3.4. It has been classified a ...) + TODO: check +CVE-2024-5043 (A vulnerability was found in Emlog Pro 2.3.4 and classified as critica ...) + TODO: check +CVE-2024-5042 (A flaw was found in the Submariner project. Due to unnecessary role-ba ...) + TODO: check +CVE-2024-5022 (The file scheme of URLs would be hidden, resulting in potential spoofi ...) + TODO: check +CVE-2024-4998 + REJECTED +CVE-2024-4789 (Cost Calculator Builder Pro plugin for WordPress is vulnerable to Serv ...) + TODO: check +CVE-2024-4214 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) + TODO: check +CVE-2024-3292 (A race condition vulnerability exists where an authenticated, local at ...) + TODO: check +CVE-2024-3291 (When installing Nessus Agent to a directory outside of the default loc ...) + TODO: check +CVE-2024-3290 (A race condition vulnerability exists where an authenticated, local at ...) + TODO: check +CVE-2024-3289 (When installing Nessus to a directory outside of the default location ...) + TODO: check +CVE-2024-35859 (In the Linux kernel, the following vulnerability has been resolved: b ...) + TODO: check +CVE-2024-35858 (In the Linux kernel, the following vulnerability has been resolved: n ...) + TODO: check +CVE-2024-35857 (In the Linux kernel, the following vulnerability has been resolved: i ...) + TODO: check +CVE-2024-35856 (In the Linux kernel, the following vulnerability has been resolved: B ...) + TODO: check +CVE-2024-35855 (In the Linux kernel, the following vulnerability has been resolved: m ...) + TODO: check +CVE-2024-35854 (In the Linux kernel, the following vulnerability has been resolved: m ...) + TODO: check +CVE-2024-35853 (In the Linux kernel, the following vulnerability has been resolved: m ...) + TODO: check +CVE-2024-35852 (In the Linux kernel, the following vulnerability has been resolved: m ...) + TODO: check +CVE-2024-35851 (In the Linux kernel, the following vulnerability has been resolved: B ...) + TODO: check +CVE-2024-35850 (In the Linux kernel, the following vulnerability has been resolved: B ...) + TODO: check +CVE-2024-35849 (In the Linux kernel, the following vulnerability has been resolved: b ...) + TODO: check +CVE-2024-35848 (In the Linux kernel, the following vulnerability has been resolved: e ...) + TODO: check +CVE-2024-35847 (In the Linux kernel, the following vulnerability has been resolved: i ...) + TODO: check +CVE-2024-35846 (In the Linux kernel, the following vulnerability has been resolved: m ...) + TODO: check +CVE-2024-35845 (In the Linux kernel, the following vulnerability has been resolved: w ...) + TODO: check +CVE-2024-35844 (In the Linux kernel, the following vulnerability has been resolved: f ...) + TODO: check +CVE-2024-35843 (In the Linux kernel, the following vulnerability has been
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e74dc6f7 by security tracker role at 2024-05-17T08:11:45+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,20 +1,244 @@ -CVE-2024-21823 +CVE-2024-4204 (The Bulk Posts Editing For WordPress plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-3609 (The ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce plu ...) + TODO: check +CVE-2024-3580 (The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and e ...) + TODO: check +CVE-2024-3551 (The Penci Soledad Data Migrator plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-3231 (The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and e ...) + TODO: check +CVE-2024-3134 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...) + TODO: check +CVE-2024-35110 (A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulner ...) + TODO: check +CVE-2024-34757 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34752 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34575 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34567 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-33556 (Unrestricted Upload of File with Dangerous Type vulnerability in 8them ...) + TODO: check +CVE-2024-32800 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-31351 (Unrestricted Upload of File with Dangerous Type vulnerability in Copym ...) + TODO: check +CVE-2024-30060 (Azure Monitor Agent Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-2744 (The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise ...) + TODO: check +CVE-2024-2697 (The socialdriver-framework WordPress plugin before 2024.0.0 does not v ...) + TODO: check +CVE-2024-2619 (The Elementor Header & Footer Builder for WordPress is vulnerable to H ...) + TODO: check +CVE-2024-24981 (Improper input validation in PfrSmiUpdateFw driver in UEFI firmware fo ...) + TODO: check +CVE-2024-23980 (Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware ...) + TODO: check +CVE-2024-23487 (Improper input validation in UserAuthenticationSmm driver in UEFI firm ...) + TODO: check +CVE-2024-22476 (Improper input validation in some Intel(R) Neural Compressor software ...) + TODO: check +CVE-2024-22390 (Improper input validation in firmware for some Intel(R) FPGA products ...) + TODO: check +CVE-2024-22384 (Out-of-bounds read for some Intel(R) Trace Analyzer and Collector soft ...) + TODO: check +CVE-2024-22382 (Improper input validation in PprRequestLog module in UEFI firmware for ...) + TODO: check +CVE-2024-22379 (Uncontrolled search path in some Intel(R) Inspector software before ve ...) + TODO: check +CVE-2024-22095 (Improper input validation in PlatformVariableInitDxe driver in UEFI fi ...) + TODO: check +CVE-2024-22015 (Improper input validation for some Intel(R) DLB driver software before ...) + TODO: check +CVE-2024-21864 (Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics ...) + TODO: check +CVE-2024-21862 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Ed ...) + TODO: check +CVE-2024-21861 (Uncontrolled search path in some Intel(R) GPA Framework software befor ...) + TODO: check +CVE-2024-21843 (Uncontrolled search path for some Intel(R) Computing Improvement Progr ...) + TODO: check +CVE-2024-21841 (Uncontrolled search path for some Intel(R) Distribution for GDB softwa ...) + TODO: check +CVE-2024-21837 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Editio ...) + TODO: check +CVE-2024-21835 (Insecure inherited permissions in some Intel(R) XTU software before ve ...) + TODO: check +CVE-2024-21831 (Uncontrolled search path in some Intel(R) Processor Diagnostic Tool so ...) + TODO: check +CVE-2024-21828 (Improper access control in some Intel(R) Ethernet Controller Administr ...) + TODO: check +CVE-2024-21818 (Uncontrolled search path in some Intel(R) PCM software before version ...) + TODO: check +CVE-2024-21814 (Uncontrolled search path for some Intel(R) Chipset Device Software bef ...) + TODO: check +CVE-2024-21813 (Exposure of resource to wrong sphere in some Intel(R) DTT software ins ...) + TODO: check +CVE-2024-21809 (Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edit ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b5d0e50 by security tracker role at 2024-05-16T20:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,299 @@ +CVE-2024-5023 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + TODO: check +CVE-2024-4999 (A vulnerability in the web-based management interface of multiple Ligo ...) + TODO: check +CVE-2024-4993 (Vulnerability in SiAdmin 1.1 that allows XSS via the /show.php query p ...) + TODO: check +CVE-2024-4992 (Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/ ...) + TODO: check +CVE-2024-4991 (Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/ ...) + TODO: check +CVE-2024-4984 (The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-4976 (Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing obj ...) + TODO: check +CVE-2024-4975 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4974 (A vulnerability, which was classified as problematic, was found in cod ...) + TODO: check +CVE-2024-4973 (A vulnerability classified as critical was found in code-projects Simp ...) + TODO: check +CVE-2024-4972 (A vulnerability classified as critical has been found in code-projects ...) + TODO: check +CVE-2024-4968 (A vulnerability was found in SourceCodester Interactive Map with Marke ...) + TODO: check +CVE-2024-4967 (A vulnerability was found in SourceCodester Interactive Map with Marke ...) + TODO: check +CVE-2024-4966 (A vulnerability was found in SourceCodester SchoolWebTech 1.0. It has ...) + TODO: check +CVE-2024-4965 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DA ...) + TODO: check +CVE-2024-4964 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Li ...) + TODO: check +CVE-2024-4963 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + TODO: check +CVE-2024-4962 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + TODO: check +CVE-2024-4961 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) + TODO: check +CVE-2024-4960 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) + TODO: check +CVE-2024-4956 (Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticate ...) + TODO: check +CVE-2024-4950 (Inappropriate implementation in Downloads in Google Chrome prior to 12 ...) + TODO: check +CVE-2024-4949 (Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a ...) + TODO: check +CVE-2024-4948 (Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed ...) + TODO: check +CVE-2024-4947 (Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a ...) + TODO: check +CVE-2024-4946 (A vulnerability was found in SourceCodester Online Art Gallery Managem ...) + TODO: check +CVE-2024-4945 (A vulnerability was found in SourceCodester Best Courier Management Sy ...) + TODO: check +CVE-2024-4933 (A vulnerability has been found in SourceCodester Simple Online Bidding ...) + TODO: check +CVE-2024-4932 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-4931 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-4930 (A vulnerability classified as critical was found in SourceCodester Sim ...) + TODO: check +CVE-2024-4929 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2024-4928 (A vulnerability was found in SourceCodester Simple Online Bidding Syst ...) + TODO: check +CVE-2024-4927 (A vulnerability was found in SourceCodester Simple Online Bidding Syst ...) + TODO: check +CVE-2024-4926 (A vulnerability was found in SourceCodester School Intramurals Student ...) + TODO: check +CVE-2024-4925 (A vulnerability was found in SourceCodester School Intramurals Student ...) + TODO: check +CVE-2024-4923 (A vulnerability has been found in Codezips E-Commerce Site 1.0 and cla ...) + TODO: check +CVE-2024-4922 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check +CVE-2024-4921 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-4920 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...) + TODO: check +CVE-2024-4919 (A vulnerability was found in Campcodes Online Examination System 1.0. ...) + TODO: check +CVE-2024-4918
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 112e76f2 by security tracker role at 2024-05-15T20:11:59+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,175 @@ +CVE-2024-4910 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4909 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4908 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4907 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-4906 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-4905 (A vulnerability classified as critical has been found in Kashipara Col ...) + TODO: check +CVE-2024-4904 (A vulnerability was found in Byzoro Smart S200 Management Platform up ...) + TODO: check +CVE-2024-4903 (A vulnerability was found in Tongda OA 2017. It has been declared as c ...) + TODO: check +CVE-2024-4837 (In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or ea ...) + TODO: check +CVE-2024-4702 (The Mega Elements plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-4670 (The All-in-One Video Gallery plugin for WordPress is vulnerable to Loc ...) + TODO: check +CVE-2024-4622 (If misconfigured, alpitronic Hypercharger EV charging devices can expo ...) + TODO: check +CVE-2024-4357 (An information disclosure vulnerability exists in Progress Telerik Rep ...) + TODO: check +CVE-2024-4202 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2 (18.1. ...) + TODO: check +CVE-2024-4200 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2 (18.1. ...) + TODO: check +CVE-2024-4010 (The Email Subscribers by Icegram Express plugin for WordPress is vulne ...) + TODO: check +CVE-2024-3970 (Server Side Request Forgery vulnerabilityhas been discovered in OpenTe ...) + TODO: check +CVE-2024-3968 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...) + TODO: check +CVE-2024-3967 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...) + TODO: check +CVE-2024-3892 (A local code execution vulnerability is possible in Telerik UI for Win ...) + TODO: check +CVE-2024-3488 (File Upload vulnerability in unauthenticated session found in OpenText ...) + TODO: check +CVE-2024-3487 (Broken Authentication vulnerability discovered in OpenText\u2122 iMana ...) + TODO: check +CVE-2024-3486 (XML External Entity injection vulnerability foundin OpenText\u2122 iMa ...) + TODO: check +CVE-2024-3485 (Server Side Request Forgery vulnerabilityhas been discovered in OpenTe ...) + TODO: check +CVE-2024-3484 (Path Traversal foundin OpenText\u2122 iManager 3.2.6.0200. This can le ...) + TODO: check +CVE-2024-3483 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...) + TODO: check +CVE-2024-3319 (An issue was identified in the Identity Security Cloud (ISC) Transform ...) + TODO: check +CVE-2024-3318 (A file path traversal vulnerability was identified in the DelimitedFil ...) + TODO: check +CVE-2024-3317 (An improper access control was identified in the Identity Security Clo ...) + TODO: check +CVE-2024-3182 (Install-type password disclosure vulnerability inUniversal Installer i ...) + TODO: check +CVE-2024-35179 (Stalwart Mail Server is an open-source mail server. Prior to version 0 ...) + TODO: check +CVE-2024-35102 (Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv- ...) + TODO: check +CVE-2024-34955 (Code-projects Budget Management 1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2024-34954 (Code-projects Budget Management 1.0 is vulnerable to Cross Site Script ...) + TODO: check +CVE-2024-34913 (An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and b ...) + TODO: check +CVE-2024-34909 (An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allow ...) + TODO: check +CVE-2024-34906 (An arbitrary file upload vulnerability in dootask v0.30.13 allows atta ...) + TODO: check +CVE-2024-34101 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: ...) + TODO: check +CVE-2024-34100 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) + TODO: check +CVE-2024-34099 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) + TODO: check +CVE-2024-34098 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 46925bfd by security tracker role at 2024-05-15T08:12:04+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,114 @@ -CVE-2024-3044 [Graphic on-click binding allows unchecked script execution] +CVE-2024-4894 (ITPison OMICARD EDM fails to properly filter specific URL parameter, ...) + TODO: check +CVE-2024-4893 (DigiWin EasyFlow .NET lacks validation for certain input parameters, a ...) + TODO: check +CVE-2024-4847 (The Alt Text AI \u2013 Automatically generate image alt text for SEO a ...) + TODO: check +CVE-2024-4734 (The Import and export users and customers plugin for WordPress is vuln ...) + TODO: check +CVE-2024-4666 (The Borderless \u2013 Widgets, Elements, Templates and Toolkit for Ele ...) + TODO: check +CVE-2024-4656 (The Import and export users and customers plugin for WordPress is vuln ...) + TODO: check +CVE-2024-4636 (The Image Optimization by Optimole \u2013 Lazy Load, CDN, Convert WebP ...) + TODO: check +CVE-2024-4618 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-4562 (In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerab ...) + TODO: check +CVE-2024-4561 (In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vul ...) + TODO: check +CVE-2024-4373 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) + TODO: check +CVE-2024-4370 (The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPr ...) + TODO: check +CVE-2024-4363 (The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress i ...) + TODO: check +CVE-2024-4208 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) + TODO: check +CVE-2024-4199 (The Bulk Posts Editing For WordPress plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-3824 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not hav ...) + TODO: check +CVE-2024-3823 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not hav ...) + TODO: check +CVE-2024-3822 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not san ...) + TODO: check +CVE-2024-3749 (The SP Project & Document Manager WordPress plugin through 4.71 lacks ...) + TODO: check +CVE-2024-3748 (The SP Project & Document Manager WordPress plugin through 4.71 is mis ...) + TODO: check +CVE-2024-3744 (A security issue was discovered in azure-file-csi-driver where an acto ...) + TODO: check +CVE-2024-3634 (The month name translation benaceur WordPress plugin before 2.3.8 does ...) + TODO: check +CVE-2024-3631 (The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF c ...) + TODO: check +CVE-2024-3630 (The HL Twitter WordPress plugin through 2014.1.18 does not sanitise an ...) + TODO: check +CVE-2024-3629 (The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF c ...) + TODO: check +CVE-2024-3548 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) + TODO: check +CVE-2024-3407 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks ...) + TODO: check +CVE-2024-3406 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check ...) + TODO: check +CVE-2024-3405 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check ...) + TODO: check +CVE-2024-3189 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) + TODO: check +CVE-2024-35175 (sshpiper is a reverse proxy for sshd. Starting in version 1.0.50 and p ...) + TODO: check +CVE-2024-35109 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35108 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-32888 (The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provi ...) + TODO: check +CVE-2024-31556 (An issue in Reportico Web before v.8.1.0 allows a local attacker to ex ...) + TODO: check +CVE-2024-31483 (An authenticated sensitive information disclosure vulnerability exists ...) + TODO: check +CVE-2024-31482 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) + TODO: check +CVE-2024-31481 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...) + TODO: check +CVE-2024-31480 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...) + TODO: check +CVE-2024-31479 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...) + TODO: check +CVE-2024-31478 (Multiple unauthenticated
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 52088067 by security tracker role at 2024-05-14T20:11:56+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,73 +1,475 @@ -CVE-2024-4778 +CVE-2024-4871 (A vulnerability was found in Satellite. When running a remote executio ...) + TODO: check +CVE-2024-4860 (The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are ...) + TODO: check +CVE-2024-4859 (Solidus <= 4.3.4is affected by a Stored Cross-Site Scripting vulnerabi ...) + TODO: check +CVE-2024-4624 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-4473 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...) + TODO: check +CVE-2024-4440 (The 140+ Widgets | Best Addons For Elementor \u2013 FREE plugin for Wo ...) + TODO: check +CVE-2024-4392 (The Jetpack \u2013 WP Security, Backup, Speed, & Growth plugin for Wor ...) + TODO: check +CVE-2024-4333 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) + TODO: check +CVE-2024-3676 (The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection ...) + TODO: check +CVE-2024-3579 (Open-source project Online Shopping System Advanced is vulnerable to R ...) + TODO: check +CVE-2024-3374 (An unauthenticated user can trigger a fatal assertion in the server wh ...) + TODO: check +CVE-2024-3372 (Improper validation of certain metadata input may result in the server ...) + TODO: check +CVE-2024-35012 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35011 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35010 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35009 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-34950 (D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-34914 (php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a wea ...) + TODO: check +CVE-2024-34773 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) + TODO: check +CVE-2024-34772 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) + TODO: check +CVE-2024-34771 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) + TODO: check +CVE-2024-34717 (PrestaShop is an open source e-commerce web application. In PrestaShop ...) + TODO: check +CVE-2024-34716 (PrestaShop is an open source e-commerce web application. A cross-site ...) + TODO: check +CVE-2024-34714 (The Hoppscotch Browser Extension is a browser extension for Hoppscotch ...) + TODO: check +CVE-2024-34713 (sshproxy is used on a gateway to transparently proxy a user SSH connec ...) + TODO: check +CVE-2024-34712 (Oceanic is a NodeJS library for interfacing with Discord. Prior to ver ...) + TODO: check +CVE-2024-34358 (TYPO3 is an enterprise content management system. Starting in version ...) + TODO: check +CVE-2024-34357 (TYPO3 is an enterprise content management system. Starting in version ...) + TODO: check +CVE-2024-34356 (TYPO3 is an enterprise content management system. Starting in version ...) + TODO: check +CVE-2024-34355 (TYPO3 is an enterprise content management system. Starting in version ...) + TODO: check +CVE-2024-34256 (OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function ...) + TODO: check +CVE-2024-34243 (Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the user ...) + TODO: check +CVE-2024-34191 (htmly v2.9.6 was discovered to contain an arbitrary file deletion vuln ...) + TODO: check +CVE-2024-34086 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...) + TODO: check +CVE-2024-34085 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...) + TODO: check +CVE-2024-33868 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is L ...) + TODO: check +CVE-2024-33867 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is a ...) + TODO: check +CVE-2024-33866 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is / ...) + TODO: check +CVE-2024-33865 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is a ...) + TODO: check +CVE-2024-33864 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is S ...) + TODO: check +CVE-2024-33863 (An issue was discovered in linqi before 1.4.0.1 on Windows. There
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6fa9a4f6 by security tracker role at 2024-05-14T08:11:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,122 @@ -CVE-2024-4761 +CVE-2024-4855 (Use after free issue in editcap could cause denial of service via craf ...) + TODO: check +CVE-2024-4854 (MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4. ...) + TODO: check +CVE-2024-4853 (Memory handling issue in editcap could cause denial of service via cra ...) + TODO: check +CVE-2024-4840 (An flaw was found in the OpenStack Platform (RHOSP) director, a toolse ...) + TODO: check +CVE-2024-4810 (In register_device, the return value of ida_simple_get is unchecked, i ...) + TODO: check +CVE-2024-4712 (An arbitrary file creation vulnerability exists in PaperCut NG/MF that ...) + TODO: check +CVE-2024-4445 (The WP Compress \u2013 Image Optimizer [All-In-One] plugin for WordPre ...) + TODO: check +CVE-2024-4144 (The Simple Basic Contact Form plugin for WordPress for WordPress is vu ...) + TODO: check +CVE-2024-4139 (Manage Bank Statement ReProcessing Rules does not perform necessary au ...) + TODO: check +CVE-2024-4138 (Manage Bank Statement ReProcessing Rules does not perform necessary au ...) + TODO: check +CVE-2024-3241 (The Ultimate Blocks WordPress plugin before 3.1.7 does not validate a ...) + TODO: check +CVE-2024-3037 (An arbitrary file deletion vulnerability exists in PaperCut NG/MF that ...) + TODO: check +CVE-2024-34687 (SAP NetWeaver Application Server for ABAP and ABAP Platform do not suf ...) + TODO: check +CVE-2024-33878 + REJECTED +CVE-2024-33009 (SAP Global Label Management is vulnerable to SQL injection. On exploit ...) + TODO: check +CVE-2024-33008 (SAP Replication Server allows an attacker to use gateway for executing ...) + TODO: check +CVE-2024-33007 (PDFViewer is a control delivered as part of SAPUI5 product which shows ...) + TODO: check +CVE-2024-33006 (An unauthenticated attacker can upload a malicious file to the server ...) + TODO: check +CVE-2024-33004 (SAP Business Objects Business Intelligence Platform is vulnerable to I ...) + TODO: check +CVE-2024-33002 (Document Service handler (obsolete) in Data Provisioning Service does ...) + TODO: check +CVE-2024-33000 (SAP Bank Account Management does not perform necessary authorization c ...) + TODO: check +CVE-2024-32733 (Due to missing input validation and output encoding of untrusted data, ...) + TODO: check +CVE-2024-32731 (SAP My Travel Requests does not perform necessary authorization checks ...) + TODO: check +CVE-2024-28165 (SAP Business Objects Business Intelligence Platform is vulnerable to s ...) + TODO: check +CVE-2024-27852 (A privacy issue was addressed with improved client ID handling for alt ...) + TODO: check +CVE-2024-27847 (This issue was addressed with improved checks This issue is fixed in i ...) + TODO: check +CVE-2024-27843 (A logic issue was addressed with improved checks. This issue is fixed ...) + TODO: check +CVE-2024-27842 (The issue was addressed with improved checks. This issue is fixed in m ...) + TODO: check +CVE-2024-27841 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2024-27839 (A privacy issue was addressed by moving sensitive data to a more secur ...) + TODO: check +CVE-2024-27837 (A downgrade issue was addressed with additional code-signing restricti ...) + TODO: check +CVE-2024-27835 (This issue was addressed through improved state management. This issue ...) + TODO: check +CVE-2024-27834 (The issue was addressed with improved checks. This issue is fixed in i ...) + TODO: check +CVE-2024-27829 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2024-27827 (This issue was addressed through improved state management. This issue ...) + TODO: check +CVE-2024-27825 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...) + TODO: check +CVE-2024-27824 (This issue was addressed by removing the vulnerable code. This issue i ...) + TODO: check +CVE-2024-27822 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check +CVE-2024-27821 (A path handling issue was addressed with improved validation. This iss ...) + TODO: check +CVE-2024-27818 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2024-27816 (A logic issue was addressed with improved checks. This issue is fixed ...) + TODO: check +CVE-2024-27813 (The issue was addressed with
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 652d3782 by security tracker role at 2024-05-13T20:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,28 +1,214 @@ -CVE-2024-27401 [firewire: nosy: ensure user_length is taken into account when fetching packet contents] +CVE-2024-4825 (A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 tha ...) + TODO: check +CVE-2024-4824 (Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injecti ...) + TODO: check +CVE-2024-4823 (Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the ...) + TODO: check +CVE-2024-4822 (Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the ...) + TODO: check +CVE-2024-4820 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) + TODO: check +CVE-2024-4819 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4818 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4817 (A vulnerability has been found in Campcodes Online Laundry Management ...) + TODO: check +CVE-2024-4816 (A vulnerability, which was classified as critical, was found in Ruijie ...) + TODO: check +CVE-2024-4815 (A vulnerability, which was classified as critical, has been found in R ...) + TODO: check +CVE-2024-4814 (A vulnerability classified as critical was found in Ruijie RG-UAC up t ...) + TODO: check +CVE-2024-4813 (A vulnerability classified as critical has been found in Ruijie RG-UAC ...) + TODO: check +CVE-2024-4747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-4068 (The NPM package `braces` fails to limit the number of characters it ca ...) + TODO: check +CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...) + TODO: check +CVE-2024-3462 (Ant Media Server Community Edition in a default configuration is vulne ...) + TODO: check +CVE-2024-3263 (YMS VIS Pro is an information system for veterinary and food administr ...) + TODO: check +CVE-2024-35172 (Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPi ...) + TODO: check +CVE-2024-35171 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-35170 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-35169 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-35167 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-35166 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-35165 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-35099 (TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stac ...) + TODO: check +CVE-2024-35050 (An issue in SurveyKing v1.3.1 allows attackers to escalate privileges ...) + TODO: check +CVE-2024-35049 (SurveyKing v1.3.1 was discovered to keep users' sessions active after ...) + TODO: check +CVE-2024-35048 (An issue in SurveyKing v1.3.1 allows attackers to execute a session re ...) + TODO: check +CVE-2024-34921 (TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a co ...) + TODO: check +CVE-2024-34899 (WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).) + TODO: check +CVE-2024-34812 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-34811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34749 (Phormer prior to version 3.35 contains a cross-site scripting vulnerab ...) + TODO: check +CVE-2024-34709 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2024-34708 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2024-34707 (Nautobot is a Network Source of Truth and Network Automation Platform. ...) + TODO: check +CVE-2024-34706 (Valtimo is an open source business process and case management platfor ...) + TODO: check +CVE-2024-34704 (era-compiler-solidity is the ZKsync compiler for Solidity. The proble ...) + TODO: check +CVE-2024-34701 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...) + TODO: check +CVE-2024-34699 (GZ::CTF is a capture the flag platform. Prior to 0.20.1, unprivileged ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e78c894 by security tracker role at 2024-05-13T08:12:08+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,39 @@ +CVE-2024-4809 (A vulnerability has been found in SourceCodester Open Source Clinic Ma ...) + TODO: check +CVE-2024-4808 (A vulnerability, which was classified as critical, was found in Kaship ...) + TODO: check +CVE-2024-4807 (A vulnerability, which was classified as critical, has been found in K ...) + TODO: check +CVE-2024-4806 (A vulnerability classified as critical was found in Kashipara College ...) + TODO: check +CVE-2024-4805 (A vulnerability classified as critical has been found in Kashipara Col ...) + TODO: check +CVE-2024-4804 (A vulnerability was found in Kashipara College Management System 1.0. ...) + TODO: check +CVE-2024-4803 (A vulnerability was found in Kashipara College Management System 1.0. ...) + TODO: check +CVE-2024-4802 (A vulnerability was found in Kashipara College Management System 1.0. ...) + TODO: check +CVE-2024-4801 (A vulnerability was found in Kashipara College Management System 1.0 a ...) + TODO: check +CVE-2024-4800 (A vulnerability has been found in Kashipara College Management System ...) + TODO: check +CVE-2024-3239 (The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress pl ...) + TODO: check +CVE-2024-35205 (The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for ...) + TODO: check +CVE-2024-35204 (Veritas System Recovery before 23.2_Hotfix has incorrect permissions f ...) + TODO: check +CVE-2024-32700 (Unrestricted Upload of File with Dangerous Type vulnerability in Kogne ...) + TODO: check +CVE-2024-2299 (A stored Cross-Site Scripting (XSS) vulnerability exists in the parisn ...) + TODO: check +CVE-2024-29212 (Due to an unsafe de-serialization method used by the Veeam Service Pr ...) + TODO: check +CVE-2024-26306 (iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server wi ...) + TODO: check +CVE-2023-5052 (vulnerability in Uniform Server Zero, version 10.2.5, consisting of an ...) + TODO: check CVE-2024-4799 (A vulnerability, which was classified as critical, was found in Kaship ...) NOT-FOR-US: Kashipara College Management System CVE-2024-4798 (A vulnerability, which was classified as critical, has been found in S ...) @@ -53100,7 +53136,7 @@ CVE-2023-2358 (Hitachi Vantara Pentaho Business Analytics Server prior to versio NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server CVE-2023-29497 (A privacy issue was addressed with improved handling of temporary file ...) NOT-FOR-US: Apple -CVE-2023-43040 [Improperly verified POST keys] +CVE-2023-43040 (IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to ...) {DLA-3629-1} - ceph 16.2.11+ds-5 (bug #1053690) [bookworm] - ceph (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e78c8948c97e8346baaccce80737717691832cd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e78c8948c97e8346baaccce80737717691832cd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e7ceb659 by security tracker role at 2024-05-12T20:12:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-4799 (A vulnerability, which was classified as critical, was found in Kaship ...) + TODO: check +CVE-2024-4798 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check CVE-2024-4797 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4796 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) @@ -30710,6 +30714,7 @@ CVE-2023-7227 (SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are v CVE-2023-6282 (IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, w ...) NOT-FOR-US: IceHrm CVE-2023-52076 (Atril Document Viewer is the default document reader of the MATE deskt ...) + {DSA-5688-1} - atril 1.26.2-1 (bug #1061522) NOTE: https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37 NOTE: https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ceb65948fa0ef180455d3fe7147a417cbd1b2b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ceb65948fa0ef180455d3fe7147a417cbd1b2b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ec72f73 by security tracker role at 2024-05-12T08:11:45+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2024-4797 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4796 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4795 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4794 (A vulnerability has been found in Campcodes Online Laundry Management ...) + TODO: check +CVE-2024-4793 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-4792 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-4791 (A vulnerability classified as critical was found in Contemporary Contr ...) + TODO: check +CVE-2024-4790 (A vulnerability classified as problematic has been found in DedeCMS 5. ...) + TODO: check CVE-2024-4738 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4737 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ec72f7327848d71a30a6fcd81ead843b241bde8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ec72f7327848d71a30a6fcd81ead843b241bde8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 06a1d63f by security tracker role at 2024-05-11T20:11:47+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,77 @@ +CVE-2024-4738 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4737 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4736 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4630 (The Starter Templates \u2014 Elementor, WordPress & Beaver Builder Tem ...) + TODO: check +CVE-2024-4574 (The Graphina \u2013 Elementor Charts and Graphs plugin for WordPress i ...) + TODO: check +CVE-2024-4560 (The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-4487 (The Blocksy Companion plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-4430 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) + TODO: check +CVE-2024-4417 (The Falang multilanguage for WordPress plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-4413 (The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Objec ...) + TODO: check +CVE-2024-4329 (The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-4213 (The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-4209 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) + TODO: check +CVE-2024-4046 (Cracking vulnerability in the OS security module Impact: Successful ex ...) + TODO: check +CVE-2024-3055 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-32999 (Cracking vulnerability in the OS security module Impact: Successful ex ...) + TODO: check +CVE-2024-32998 (NULL pointer access vulnerability in the clock module Impact: Successf ...) + TODO: check +CVE-2024-32997 (Race condition vulnerability in the binder driver module Impact: Succe ...) + TODO: check +CVE-2024-32996 (Privilege escalation vulnerability in the account module Impact: Succe ...) + TODO: check +CVE-2024-32995 (Denial of service (DoS) vulnerability in the AMS module Impact: Succes ...) + TODO: check +CVE-2024-32993 (Out-of-bounds access vulnerability in the memory module Impact: Succes ...) + TODO: check +CVE-2024-32992 (Insufficient verification vulnerability in the baseband module Impact: ...) + TODO: check +CVE-2024-32991 (Permission verification vulnerability in the wpa_supplicant module Imp ...) + TODO: check +CVE-2024-32990 (Permission verification vulnerability in the system sharing pop-up mod ...) + TODO: check +CVE-2024-32989 (Insufficient verification vulnerability in the system sharing pop-up m ...) + TODO: check +CVE-2024-28761 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) + TODO: check +CVE-2024-28760 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) + TODO: check +CVE-2024-27460 (A privilege escalation exists in the updater for Plantronics Hub 3.25. ...) + TODO: check +CVE-2023-5447 (Missing lock check in SynHsaService may create a use-after-free condit ...) + TODO: check +CVE-2023-52721 (The WindowManager module has a vulnerability in permission control. Im ...) + TODO: check +CVE-2023-52720 (Race condition vulnerability in the soundtrigger module Impact: Succes ...) + TODO: check +CVE-2023-52719 (Privilege escalation vulnerability in the PMS module Impact: Successfu ...) + TODO: check +CVE-2023-52384 (Double-free vulnerability in the RSMC module Impact: Successful exploi ...) + TODO: check +CVE-2023-52383 (Double-free vulnerability in the RSMC module Impact: Successful exploi ...) + TODO: check +CVE-2023-47712 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local u ...) + TODO: check +CVE-2023-47711 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authen ...) + TODO: check +CVE-2023-47709 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote ...) + TODO: check CVE-2024-4735 (A vulnerability has been found in Campcodes Legal Case Management Syst ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4732 (A vulnerability, which was classified as problematic, has been found i ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06a1d63f9e1efa4eab9f0780b051baa8bd2f6539 -- View it on GitLab:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a9933148 by security tracker role at 2024-05-10T20:12:07+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,211 @@ -CVE-2024-4671 +CVE-2024-4735 (A vulnerability has been found in Campcodes Legal Case Management Syst ...) + TODO: check +CVE-2024-4732 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4731 (A vulnerability classified as problematic was found in Campcodes Legal ...) + TODO: check +CVE-2024-4730 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-4729 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4728 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4727 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4726 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4725 (A vulnerability has been found in Campcodes Legal Case Management Syst ...) + TODO: check +CVE-2024-4724 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-4723 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4722 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-4721 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-4720 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4719 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4718 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4717 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4716 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-4715 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-4714 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4713 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-4701 (A path traversal issue potentially leading to remote code execution in ...) + TODO: check +CVE-2024-4699 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + TODO: check +CVE-2024-4689 (Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPix ...) + TODO: check +CVE-2024-4688 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-4687 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-4686 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4631 + REJECTED +CVE-2024-4490 (The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plug ...) + TODO: check +CVE-2024-4481 (The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vul ...) + TODO: check +CVE-2024-4449 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-4448 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024- (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-4434 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-4398 (The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for ...) + TODO: check +CVE-2024-4280 (The White Label CMS plugin for WordPress is vulnerable to unauthorized ...) + TODO: check +CVE-2024-4277 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-4275 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-4232 (This vulnerability exists in Digisol Router (DG-GR1321: Hardware versi ...) + TODO: check +CVE-2024-4231 (This vulnerability exists in Digisol Router (DG-GR1321: Hardware versi ...) + TODO: check +CVE-2024-4129 (Improper Authentication vulnerability in Snow Software AB Snow License ...) + TODO: check +CVE-2024-4044 (A deserialization of untrusted data vulnerability exists in
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 459a3e8f by security tracker role at 2024-05-09T20:12:38+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,373 @@ +CVE-2024-4685 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4684 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4683 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4682 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-4681 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-4678 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4677 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4676 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4675 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-4674 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-4673 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4614 + REJECTED +CVE-2024-4606 (Deserialization of Untrusted Data vulnerability in BdThemes Ultimate S ...) + TODO: check +CVE-2024-4605 (The Breakdance plugin for WordPress is vulnerable to Remote Code Execu ...) + TODO: check +CVE-2024-4579 + REJECTED +CVE-2024-4572 + REJECTED +CVE-2024-4571 + REJECTED +CVE-2024-4567 (The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-4545 (All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 ...) + TODO: check +CVE-2024-4542 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) + TODO: check +CVE-2024-4463 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vul ...) + TODO: check +CVE-2024-4446 (The Content Views \u2013 Post Grid & Filter, Recent Posts, Category Po ...) + TODO: check +CVE-2024-4441 (The XML Sitemap & Google News plugin for WordPress is vulnerable to Lo ...) + TODO: check +CVE-2024-4425 (The access control inCemiPark software stores integration (e.g. FTP or ...) + TODO: check +CVE-2024-4424 (The access control inCemiPark software does not properly validate user ...) + TODO: check +CVE-2024-4423 (The access control inCemiPark software does not properly validate user ...) + TODO: check +CVE-2024-4411 (The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-4397 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-4386 (The Gallery Block (Meow Gallery) plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4383 (The Simple Membership plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-4339 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) + TODO: check +CVE-2024-4335 (The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulne ...) + TODO: check +CVE-2024-4316 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) + TODO: check +CVE-2024-4314 (The Hostel plugin for WordPress is vulnerable to Cross-Site Request Fo ...) + TODO: check +CVE-2024-4312 (The Soccer Engine \u2013 Soccer Plugin for WordPress plugin for WordPr ...) + TODO: check +CVE-2024-4193 (The Testimonial Slider plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-4158 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...) + TODO: check +CVE-2024-4150 (The Simple Basic Contact Form plugin for WordPress is vulnerable to Re ...) + TODO: check +CVE-2024-4107 (The Elementor Website Builder \u2013 More than Just a Page Builder Pro ...) + TODO: check +CVE-2024-4104 (The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is ...) + TODO: check +CVE-2024-4103 (The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is ...) + TODO: check +CVE-2024-4082 (The Joli FAQ SEO \u2013 WordPress FAQ Plugin plugin for WordPress is v ...) + TODO: check +CVE-2024-4041 (The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Si ...) + TODO: check +CVE-2024-4038 (The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a7277cec by security tracker role at 2024-05-09T08:12:01+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,43 @@ +CVE-2024-4672 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-4597 (An issue has been discovered in GitLab EE affecting all versions from ...) + TODO: check +CVE-2024-4539 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2024-3903 (The Add Custom CSS and JS WordPress plugin through 1.20 does not have ...) + TODO: check +CVE-2024-3590 (The LetterPress WordPress plugin through 1.2.2 does not have CSRF che ...) + TODO: check +CVE-2024-3582 (The UnGallery WordPress plugin through 2.2.4 does not have CSRF check ...) + TODO: check +CVE-2024-3016 (NEC Platforms DT900 and DT900S Series 5.0.0.0 \u2013 v5.3.4.4, v5.4.0. ...) + TODO: check +CVE-2024-34365 (** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerabilit ...) + TODO: check +CVE-2024-34308 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stac ...) + TODO: check +CVE-2024-34196 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware ...) + TODO: check +CVE-2024-32672 (A Segmentation Fault issue discovered in Samsung Open Source Escargo ...) + TODO: check +CVE-2024-32669 (Improper Input Validation vulnerability in Samsung Open Source escargo ...) + TODO: check +CVE-2024-2651 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) + TODO: check +CVE-2024-2454 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2024-28759 (A crafted network packet may cause a buffer overrun in Wind River VxWo ...) + TODO: check +CVE-2024-27793 (The issue was addressed with improved checks. This issue is fixed in i ...) + TODO: check +CVE-2024-26517 (SQL Injection vulnerability in School Task Manager v.1.0 allows a remo ...) + TODO: check +CVE-2023-6688 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2023-6682 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2023-5971 (The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does ...) + TODO: check CVE-2024-29510 - ghostscript NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html @@ -917,13 +957,13 @@ CVE-2023-32873 (In keyInstall, there is a possible out of bounds write due to a TODO: check CVE-2023-32871 (In DA, there is a possible permission bypass due to an incorrect statu ...) TODO: check -CVE-2024-29857 +CVE-2024-29857 (An issue was discovered in Bouncy Castle Java Cryptography APIs before ...) - bouncycastle (bug #1070655) [bookworm] - bouncycastle (Minor issue) [bullseye] - bouncycastle (Minor issue) NOTE: https://github.com/bcgit/bc-java/issues/1635 NOTE: https://www.bouncycastle.org/latest_releases.html -CVE-2024-30172 +CVE-2024-30172 (An issue was discovered in Bouncy Castle Java Cryptography APIs before ...) - bouncycastle (bug #1070655) [bookworm] - bouncycastle (Minor issue) [bullseye] - bouncycastle (Minor issue) @@ -5240,7 +5280,7 @@ CVE-2022-48682 (In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition a [buster] - fdupes (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200381 NOTE: https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f (v2.2.0) -CVE-2024-27282 [Arbitrary memory address read vulnerability with Regex search] +CVE-2024-27282 (An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplie ...) {DSA-5677-1} - ruby3.2 (bug #1069968) - ruby3.1 (bug #1069969) @@ -5757,7 +5797,7 @@ CVE-2024-25583 (A crafted response from an upstream server the recursor has been NOTE: Fixed by: https://github.com/PowerDNS/pdns/commit/e1247da968077ee7c58fa41447057ee2a2b09fc9 (rec-4.8.8) CVE-2024-3154 (A flaw was found in cri-o, where an arbitrary systemd property can be ...) - cri-o (bug #979702) -CVE-2024-30171 +CVE-2024-30171 (An issue was discovered in Bouncy Castle Java TLS API and JSSE Provide ...) - bouncycastle (bug #1070655) [bookworm] - bouncycastle (Minor issue) [bullseye] - bouncycastle (Minor issue) @@ -11535,6 +11575,7 @@ CVE-2024-31498 (Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windo CVE-2024-31212 (InstantCMS is a free and open source content management system. A SQL ...) NOT-FOR-US: InstantCMS
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0de2b438 by security tracker role at 2024-05-08T20:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,177 @@ +CVE-2024-4654 (A vulnerability was found in BlueNet Technology Clinical Browsing Syst ...) + TODO: check +CVE-2024-4653 (A vulnerability was found in BlueNet Technology Clinical Browsing Syst ...) + TODO: check +CVE-2024-4652 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-4651 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4650 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-4649 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-4648 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4647 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4646 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4645 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + TODO: check +CVE-2024-4644 (A vulnerability has been found in SourceCodester Prison Management Sys ...) + TODO: check +CVE-2024-4281 (The Link Library plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check +CVE-2024-4233 (Missing Authorization vulnerability in Tyche Softwares Print Invoice & ...) + TODO: check +CVE-2024-4135 (The WP Latest Posts plugin for WordPress is vulnerable to arbitrary sh ...) + TODO: check +CVE-2024-3951 (PTC Codebeamer is vulnerable to a cross site scripting vulnerability t ...) + TODO: check +CVE-2024-3507 (Improper privilege management vulnerability in Lunar software that aff ...) + TODO: check +CVE-2024-34574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34572 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34571 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34570 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34569 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34568 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34565 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34564 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34563 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34562 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34561 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34560 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34558 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34553 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34547 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34546 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34414 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34347 (@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environm ...) + TODO: check +CVE-2024-34257 (TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the ap ...) + TODO: check +CVE-2024-34255 (jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in ...) + TODO: check +CVE-2024-34244 (libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_writ ...) + TODO: check +CVE-2024-33612 (An improper certificate validation vulnerability exists in BIG-IP Next ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5880276e by security tracker role at 2024-05-08T08:12:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,73 @@ +CVE-2024-4456 (In affected versions of Octopus Server with certain access levels it w ...) + TODO: check +CVE-2024-4393 (The Social Connect plugin for WordPress is vulnerable to authenticatio ...) + TODO: check +CVE-2024-4162 (A buffer error in Panasonic KW Watcher versions 1.00 through 2.83 may ...) + TODO: check +CVE-2024-4030 (On Windows a directory returned by tempfile.mkdtemp() would not always ...) + TODO: check +CVE-2024-3494 (The Mesmerize Companion plugin for WordPress is vulnerable to Stored C ...) + TODO: check +CVE-2024-34346 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure ...) + TODO: check +CVE-2024-32674 (Heateor Social Login WordPress prior to 1.1.32 contains a cross-site s ...) + TODO: check +CVE-2024-2860 (The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a ...) + TODO: check +CVE-2024-27273 (IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram ...) + TODO: check +CVE-2024-23713 (In migrateNotificationFilter of NotificationManagerService.java, there ...) + TODO: check +CVE-2024-23712 (In multiple functions of AppOpsService.java, there is a possible way t ...) + TODO: check +CVE-2024-23710 (In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.j ...) + TODO: check +CVE-2024-23709 (In multiple locations, there is a possible out of bounds write due to ...) + TODO: check +CVE-2024-23708 (In multiple functions of NotificationManagerService.java, there is a p ...) + TODO: check +CVE-2024-23707 (In multiple locations, there is a possible permissions bypass due to i ...) + TODO: check +CVE-2024-23706 (In multiple locations, there is a possible bypass of health data permi ...) + TODO: check +CVE-2024-23705 (In multiple locations, there is a possible failure to persist or enfor ...) + TODO: check +CVE-2024-23704 (In onCreate of WifiDialogActivity.java, there is a possible way to byp ...) + TODO: check +CVE-2024-23551 (Database scanning using username and password stores the credentials i ...) + TODO: check +CVE-2024-22266 (VMware Avi Load Balancer contains an information disclosure vulnerabil ...) + TODO: check +CVE-2024-22264 (VMware Avi Load Balancer contains a privilege escalation vulnerability ...) + TODO: check +CVE-2024-1076 (The SSL Zen WordPress plugin before 4.6.0 only relies on the use of . ...) + TODO: check +CVE-2024-0043 (In multiple locations, there is a possible notification listener grant ...) + TODO: check +CVE-2024-0042 (In TBD of TBD, there is a possible confusion of OEM and DRM certificat ...) + TODO: check +CVE-2024-0027 (In multiple functions of SnoozeHelper.java, there is a possible way to ...) + TODO: check +CVE-2024-0026 (In multiple functions of SnoozeHelper.java, there is a possible persis ...) + TODO: check +CVE-2024-0025 (In sendIntentSender of ActivityManagerService.java, there is a possibl ...) + TODO: check +CVE-2024-0024 (In multiple methods of UserManagerService.java, there is a possible fa ...) + TODO: check +CVE-2024-0022 (In multiple functions of CompanionDeviceManagerService.java, there is ...) + TODO: check +CVE-2023-40694 (IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sen ...) + TODO: check +CVE-2023-40490 (Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution ...) + TODO: check +CVE-2023-37325 (D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability ...) + TODO: check +CVE-2023-35757 (D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overfl ...) + TODO: check +CVE-2023-35749 (D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overf ...) + TODO: check +CVE-2023-35748 (D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based B ...) + TODO: check CVE-2024-4438 NOT-FOR-US: Incomplete backport in Red Hat OpenStack platform CVE-2024-4437 @@ -1478,7 +1548,7 @@ CVE-2023-50230 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remot - bluez 5.70-1.1 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1812/ NOTE: https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443 -CVE-2023-50229 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ...) (5.70) +CVE-2023-50229 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ...) - bluez 5.70-1.1 NOTE:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 65aa002c by security tracker role at 2024-05-07T20:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,12 +1,177 @@ -CVE-2024-4559 +CVE-2024-4601 (An incorrect authentication vulnerability has been found in Socomec Ne ...) + TODO: check +CVE-2024-4600 (Cross-Site Request Forgery vulnerability in Socomec Net Vision, versio ...) + TODO: check +CVE-2024-4599 (Remote denial of service vulnerability in LAN Messenger affecting vers ...) + TODO: check +CVE-2024-4596 (A vulnerability was found in Kimai up to 2.15.0 and classified as prob ...) + TODO: check +CVE-2024-4595 (A vulnerability has been found in SEMCMS up to 4.8 and classified as c ...) + TODO: check +CVE-2024-4594 (A vulnerability, which was classified as problematic, was found in Ded ...) + TODO: check +CVE-2024-4593 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4592 (A vulnerability classified as problematic was found in DedeCMS 5.7. Th ...) + TODO: check +CVE-2024-4591 (A vulnerability classified as problematic has been found in DedeCMS 5. ...) + TODO: check +CVE-2024-4590 (A vulnerability was found in DedeCMS 5.7. It has been rated as problem ...) + TODO: check +CVE-2024-4589 (A vulnerability was found in DedeCMS 5.7. It has been declared as prob ...) + TODO: check +CVE-2024-4588 (A vulnerability was found in DedeCMS 5.7. It has been classified as pr ...) + TODO: check +CVE-2024-4587 (A vulnerability was found in DedeCMS 5.7 and classified as problematic ...) + TODO: check +CVE-2024-4586 (A vulnerability has been found in DedeCMS 5.7 and classified as proble ...) + TODO: check +CVE-2024-4585 (A vulnerability, which was classified as problematic, was found in Ded ...) + TODO: check +CVE-2024-4584 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4583 (A vulnerability classified as problematic was found in Faraday GM8181 ...) + TODO: check +CVE-2024-4582 (A vulnerability classified as critical has been found in Faraday GM818 ...) + TODO: check +CVE-2024-4538 (IDOR vulnerability in Janto Ticketing Software affecting version 4.3r1 ...) + TODO: check +CVE-2024-4537 (IDOR vulnerability in Janto Ticketing Software affecting version 4.3r1 ...) + TODO: check +CVE-2024-4536 (In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the ED ...) + TODO: check +CVE-2024-4346 (The Startklar Elementor Addons plugin for WordPress is vulnerable to a ...) + TODO: check +CVE-2024-4345 (The Startklar Elementor Addons plugin for WordPress is vulnerable to a ...) + TODO: check +CVE-2024-34523 (AChecker 1.5 allows remote attackers to read the contents of arbitrary ...) + TODO: check +CVE-2024-34517 (The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE privi ...) + TODO: check +CVE-2024-34342 (react-pdf displays PDFs in React apps. If PDF.js is used to load a mal ...) + TODO: check +CVE-2024-34341 (Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, ...) + TODO: check +CVE-2024-34315 (CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vune ...) + TODO: check +CVE-2024-34314 (CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vune ...) + TODO: check +CVE-2024-34084 (Minder's `HandleGithubWebhook` is susceptible to a denial of service a ...) + TODO: check +CVE-2024-33860 (An issue was discovered in Logpoint before 7.4.0. It allows Local File ...) + TODO: check +CVE-2024-33859 (An issue was discovered in Logpoint before 7.4.0. HTML code sent throu ...) + TODO: check +CVE-2024-33858 (An issue was discovered in Logpoint before 7.4.0. A path injection vul ...) + TODO: check +CVE-2024-33857 (An issue was discovered in Logpoint before 7.4.0. Due to a lack of inp ...) + TODO: check +CVE-2024-33856 (An issue was discovered in Logpoint before 7.4.0. An attacker can enum ...) + TODO: check +CVE-2024-33783 (MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via ...) + TODO: check +CVE-2024-33782 (MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the func ...) + TODO: check +CVE-2024-33781 (MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the func ...) + TODO: check +CVE-2024-33780 (MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via ...) + TODO: check +CVE-2024-33748 (Cross-site scripting (XSS) vulnerability in the search function in Mvn ...) + TODO: check +CVE-2024-33434 (An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 890237f7 by security tracker role at 2024-05-07T08:11:34+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,79 @@ +CVE-2024-4186 (The Build App Online plugin for WordPress is vulnerable to authenticat ...) + TODO: check +CVE-2024-3759 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) + TODO: check +CVE-2024-3758 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) + TODO: check +CVE-2024-3757 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...) + TODO: check +CVE-2024-3628 (The EasyEvent WordPress plugin through 1.0.0 does not sanitise and esc ...) + TODO: check +CVE-2024-34534 (A SQL injection vulnerability in Cybrosys Techno Solutions Text Comman ...) + TODO: check +CVE-2024-34533 (A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Dat ...) + TODO: check +CVE-2024-34532 (A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe mo ...) + TODO: check +CVE-2024-34413 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31078 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...) + TODO: check +CVE-2024-30973 (An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-2 ...) + TODO: check +CVE-2024-2913 (A race condition vulnerability exists in the mintplex-labs/anything-ll ...) + TODO: check +CVE-2024-29941 (Insecure storage of the ICT MIFARE and DESFire encryption keys in the ...) + TODO: check +CVE-2024-28725 (Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attacker ...) + TODO: check +CVE-2024-27217 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) + TODO: check +CVE-2024-23808 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) + TODO: check +CVE-2024-22472 (A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devi ...) + TODO: check +CVE-2024-20872 (Improper handling of insufficient privileges vulnerability in Talkback ...) + TODO: check +CVE-2024-20871 (Improper authorization vulnerability in Samsung Keyboard prior to vers ...) + TODO: check +CVE-2024-20870 (Improper verification of intent by broadcast receiver vulnerability in ...) + TODO: check +CVE-2024-20869 (Improper privilege management vulnerability in Samsung Internet prior ...) + TODO: check +CVE-2024-20868 (Improper input validation in Samsung Notes prior to version 4.4.15 all ...) + TODO: check +CVE-2024-20867 (Improper privilege management vulnerability in Samsung Email prior to ...) + TODO: check +CVE-2024-20866 (Authentication bypass vulnerability in Setupwizard prior to SMR May-20 ...) + TODO: check +CVE-2024-20865 (Authentication bypass in bootloader prior to SMR May-2024 Release 1 al ...) + TODO: check +CVE-2024-20864 (Improper access control vulnerability in DarManagerService prior to SM ...) + TODO: check +CVE-2024-20863 (Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 ...) + TODO: check +CVE-2024-20862 (Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allo ...) + TODO: check +CVE-2024-20861 (Use after free vulnerability in SveService prior to SMR May-2024 Relea ...) + TODO: check +CVE-2024-20860 (Improper export of android application components vulnerability in Tel ...) + TODO: check +CVE-2024-20859 (Improper access control vulnerability in FactoryCamera prior to SMR Ma ...) + TODO: check +CVE-2024-20858 (Improper access control vulnerability in setCocktailHostCallbacks of C ...) + TODO: check +CVE-2024-20857 (Improper access control vulnerability in startListening of CocktailBar ...) + TODO: check +CVE-2024-20856 (Improper Authentication vulnerability in Secure Folder prior to SMR Ma ...) + TODO: check +CVE-2024-20855 (Improper access control vulnerability in multitasking framework prior ...) + TODO: check +CVE-2024-20821 (A vulnerability possible to reconfigure OTP allows local attackers to ...) + TODO: check +CVE-2024-1695 (A potential security vulnerability has been identified in the HP Appli ...) + TODO: check +CVE-2023-33548 (Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with firmwar ...) + TODO: check CVE-2024-4568 (In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources lea ...) TODO: check CVE-2024-4549 (A denial of service vulnerability exists in Delta Electronics DIAEnerg ...) @@ -782,9 +858,9 @@ CVE-2024-33911 (Improper Neutralization of Special Elements used in an SQL Comma
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b4fdd773 by security tracker role at 2024-05-06T20:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,307 @@ +CVE-2024-4568 (In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources lea ...) + TODO: check +CVE-2024-4549 (A denial of service vulnerability exists in Delta Electronics DIAEnerg ...) + TODO: check +CVE-2024-4548 (An SQLi vulnerability exists inDelta Electronics DIAEnergie v1.10.1.86 ...) + TODO: check +CVE-2024-4547 (A SQLi vulnerability exists inDelta ElectronicsDIAEnergie v1.10.1.8610 ...) + TODO: check +CVE-2024-4528 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + TODO: check +CVE-2024-4527 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4526 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4525 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-4524 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-4523 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4522 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-4521 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-4519 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4518 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4517 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4516 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4515 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-4514 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-4513 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4512 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2024-4511 (A vulnerability classified as critical has been found in Shanghai Sunf ...) + TODO: check +CVE-2024-4510 (A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been ...) + TODO: check +CVE-2024-4509 (A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been ...) + TODO: check +CVE-2024-4508 (A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been ...) + TODO: check +CVE-2024-4507 (A vulnerability was found in Ruijie RG-UAC up to 20240428 and classifi ...) + TODO: check +CVE-2024-4506 (A vulnerability has been found in Ruijie RG-UAC up to 20240428 and cla ...) + TODO: check +CVE-2024-4505 (A vulnerability, which was classified as critical, was found in Ruijie ...) + TODO: check +CVE-2024-4504 (A vulnerability, which was classified as critical, has been found in R ...) + TODO: check +CVE-2024-4503 (A vulnerability classified as critical was found in Ruijie RG-UAC up t ...) + TODO: check +CVE-2024-4502 (A vulnerability classified as critical has been found in Ruijie RG-UAC ...) + TODO: check +CVE-2024-3756 (The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF ...) + TODO: check +CVE-2024-3755 (The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise a ...) + TODO: check +CVE-2024-3752 (The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and ...) + TODO: check +CVE-2024-3661 (By design, the DHCP protocol does not authenticate messages, including ...) + TODO: check +CVE-2024-3576 (The NPort 5100A Series prior to version 1.6 is affected by web server ...) + TODO: check +CVE-2024-34538 (Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography.) + TODO: check +CVE-2024-34529 (Nebari through 2024.4.1 prints the temporary Keycloak root password.) + TODO: check +CVE-2024-34528 (WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race ...) + TODO: check +CVE-2024-34527 (spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print stateme ...) + TODO: check +CVE-2024-34525 (FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext ...) + TODO: check +CVE-2024-34524 (In XLANG OpenAgents through fe73ac4, the allowed_file protection mecha ...) + TODO: check +CVE-2024-34519 (Avantra
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c0c41f3e by security tracker role at 2024-05-05T20:12:00+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,25 @@ +CVE-2024-4501 (A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been ...) + TODO: check +CVE-2024-4500 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + TODO: check +CVE-2024-34511 (Component Server in Gradio before 4.13 does not properly consider _is_ ...) + TODO: check +CVE-2024-34510 (Gradio before 4.20 allows credential leakage on Windows.) + TODO: check +CVE-2024-34509 (dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid ...) + TODO: check +CVE-2024-34508 (dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid D ...) + TODO: check +CVE-2024-34507 (An issue was discovered in includes/CommentFormatter/CommentParser.php ...) + TODO: check +CVE-2024-34506 (An issue was discovered in includes/specials/SpecialMovePage.php in Me ...) + TODO: check +CVE-2024-34502 (An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, ...) + TODO: check +CVE-2024-34500 (An issue was discovered in the UnlinkedWikibase extension in MediaWiki ...) + TODO: check +CVE-2024-34474 (Clario through 2024-04-11 for Desktop has weak permissions for %PROGRA ...) + TODO: check CVE-2024-4497 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been dec ...) NOT-FOR-US: Tenda CVE-2024-4496 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been cla ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0c41f3e62b0ba3fe4c03ecccfedf4eeb92e6bb4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0c41f3e62b0ba3fe4c03ecccfedf4eeb92e6bb4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f7b62f3 by security tracker role at 2024-05-05T08:11:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,49 @@ +CVE-2024-4497 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been dec ...) + TODO: check +CVE-2024-4496 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been cla ...) + TODO: check +CVE-2024-4495 (A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified a ...) + TODO: check +CVE-2024-4494 (A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classif ...) + TODO: check +CVE-2024-4493 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-4492 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-4491 (A vulnerability classified as critical was found in Tenda i21 1.0.0.14 ...) + TODO: check +CVE-2024-34490 (In Maxima through 5.47.0 before 51704c, the plotting facilities make u ...) + TODO: check +CVE-2024-34489 (OFPHello in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause ...) + TODO: check +CVE-2024-34488 (OFPMultipartReply in parser.py in Faucet SDN Ryu 4.34 allows attackers ...) + TODO: check +CVE-2024-34487 (OFPFlowStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to c ...) + TODO: check +CVE-2024-34486 (OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to ...) + TODO: check +CVE-2024-34484 (OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers to caus ...) + TODO: check +CVE-2024-34483 (OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows attackers ...) + TODO: check +CVE-2024-34478 (btcd before 0.24.0 does not correctly implement the consensus rules ou ...) + TODO: check +CVE-2024-34476 (Open5GS before 2.7.1 is vulnerable to a reachable assertion that can c ...) + TODO: check +CVE-2024-34475 (Open5GS before 2.7.1 is vulnerable to a reachable assertion that can c ...) + TODO: check +CVE-2024-34473 (An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An a ...) + TODO: check +CVE-2024-34469 (Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module ...) + TODO: check +CVE-2024-34468 (Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.) + TODO: check +CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers to discover the PHPSESSION cook ...) + TODO: check +CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during attachment preview.) + TODO: check +CVE-2023-52729 (TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error ...) + TODO: check CVE-2024-3868 (The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2024-3240 (The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injec ...) @@ -17897,30 +17943,35 @@ CVE-2024-2182 (A flaw was found in the Open Virtual Network (OVN). In OVN cluste NOTE: https://bugs.launchpad.net/bugs/2053113 NOTE: https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html CVE-2023-43490 (Incorrect calculation in microcode keying mechanism for some Intel(R) ...) + {DLA-3808-1} - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode (Decide after exposure on unstable for update) [bullseye] - intel-microcode (Decide after exposure on unstable for update) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 CVE-2023-39368 (Protection mechanism failure of bus lock regulator for some Intel(R) P ...) + {DLA-3808-1} - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode (Decide after exposure on unstable for update) [bullseye] - intel-microcode (Decide after exposure on unstable for update) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 CVE-2023-38575 (Non-transparent sharing of return predictor targets between contexts i ...) + {DLA-3808-1} - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode (Decide after exposure on unstable for update) [bullseye] - intel-microcode (Decide after exposure on unstable for update) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html NOTE:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c666d802 by security tracker role at 2024-05-04T08:11:55+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,17 @@ +CVE-2024-3868 (The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-3240 (The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injec ...) + TODO: check +CVE-2024-3237 (The ConvertPlug plugin for WordPress is vulnerable to unauthorized mod ...) + TODO: check +CVE-2024-34461 (Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snip ...) + TODO: check +CVE-2024-34460 (The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is a ...) + TODO: check +CVE-2024-1050 (The Import and export users and customers plugin for WordPress is vuln ...) + TODO: check +CVE-2023-7065 (The Stop Spammers Security | Block Spam Users, Comments, Forms plugin ...) + TODO: check CVE-2024-4466 (SQL injection vulnerability in Gescen on the centrosdigitales.net plat ...) NOT-FOR-US: Gescen CVE-2024-4461 (Unquoted path or search item vulnerability in SugarSync versions prior ...) @@ -5885,7 +5899,7 @@ CVE-2023-39367 (An OS command injection vulnerability exists in the web interfac CVE-2023-36505 (Improper Input Validation vulnerability in Saturday Drive Ninja Forms ...) NOT-FOR-US: WordPress plugin CVE-2024-2961 (The iconv() function in the GNU C Library versions 2.39 and older may ...) - {DSA-5673-1} + {DSA-5673-1 DLA-3807-1} - glibc 2.37-18 (bug #1069191) NOTE: https://www.openwall.com/lists/oss-security/2024/04/17/9 NOTE: https://www.openwall.com/lists/oss-security/2024/04/18/4 @@ -6908,7 +6922,7 @@ CVE-2024-3832 (Object corruption in V8 in Google Chrome prior to 124.0.6367.60 a - chromium 124.0.6367.60-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-4439 [Stored XSS in Avatar block] +CVE-2024-4439 (WordPress Core is vulnerable to Stored Cross-Site Scripting via user d ...) - wordpress 6.5.2+dfsg1-1 (bug #1069091) NOTE: https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/ NOTE: https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/ @@ -7620,6 +7634,7 @@ CVE-2024-3662 (The WPZOOM Social Feed Widget & Block plugin for WordPress is vul CVE-2023-6494 (The WPC Smart Quick View for WooCommerce plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-32487 (less through 653 allows OS command execution via a newline character i ...) + {DSA-5679-1} - less 590-2.1 (bug #1068938) NOTE: https://www.openwall.com/lists/oss-security/2024/04/12/5 NOTE: Fixed by: https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33 @@ -23825,6 +23840,7 @@ CVE-2024-26318 (Serenity before 6.8.0 allows XSS via an email link because Login CVE-2024-24722 (An unquoted service path vulnerability in the 12d Synergy Server and F ...) NOT-FOR-US: 12d Synergy Server CVE-2022-48624 (close_altfile in filename.c in less before 606 omits shell_quote calls ...) + {DSA-5679-1} - less 590-2.1 (bug #1064293) [buster] - less (Minor issue) NOTE: https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144 (v606) @@ -251772,7 +251788,8 @@ CVE-2020-35467 (The Docker Docs Docker image through 2020-12-14 contains a blank NOT-FOR-US: Docker Docs Docker image CVE-2020-35466 (The Blackfire Docker image through 2020-12-14 contains a blank passwor ...) NOT-FOR-US: Blackfire Docker image -CVE-2020-35465 (The FullArmor HAPI File Share Mount Docker image through 2020-12-14 co ...) +CVE-2020-35465 + REJECTED NOT-FOR-US: FullArmor HAPI File Share Mount Docker image CVE-2020-35464 (Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank p ...) NOT-FOR-US: Weave Cloud Agent Docker image @@ -265165,7 +265182,7 @@ CVE-2020-26734 RESERVED CVE-2020-26733 (Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF H ...) NOT-FOR-US: SKYWORTH GN542VF Hardware -CVE-2020-26732 (SKYWORTH GN542VF Boa version 0.94.13 does not set the Secure flag for ...) +CVE-2020-26732 (SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 do ...) NOT-FOR-US: Skyworth GN542VF Boa CVE-2020-26731 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c666d8020ff9b386d73c8b980472b116c55c6b8e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c666d8020ff9b386d73c8b980472b116c55c6b8e You're receiving
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 865bd4ed by security tracker role at 2024-05-02T08:11:48+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,35 @@ +CVE-2024-4142 (An Improper input validation vulnerability that could potentially lead ...) + TODO: check +CVE-2024-3490 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-3481 (The Counter Box WordPress plugin before 1.2.4 does not have CSRF chec ...) + TODO: check +CVE-2024-3478 (The Herd Effects WordPress plugin before 5.2.7 does not have CSRF che ...) + TODO: check +CVE-2024-3477 (The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks ...) + TODO: check +CVE-2024-3476 (The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF c ...) + TODO: check +CVE-2024-3475 (The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF c ...) + TODO: check +CVE-2024-3474 (The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF ...) + TODO: check +CVE-2024-3472 (The Modal Window WordPress plugin before 5.3.10 does not have CSRF ch ...) + TODO: check +CVE-2024-3471 (The Button Generator WordPress plugin before 3.0 does not have CSRF c ...) + TODO: check +CVE-2024-3280 (The Follow Us Badges plugin for WordPress is vulnerable to Stored Cros ...) + TODO: check +CVE-2024-32971 (Apollo Router is a configurable, graph router written in Rust to run a ...) + TODO: check +CVE-2024-32962 (xml-crypto is an xml digital signature and encryption library for Node ...) + TODO: check +CVE-2024-32882 (Wagtail is an open source content management system built on Django. I ...) + TODO: check +CVE-2024-2405 (The Float menu WordPress plugin before 6.0.1 does not have CSRF check ...) + TODO: check +CVE-2023-51631 (D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow ...) + TODO: check CVE-2024-33835 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remo ...) NOT-FOR-US: Tenda CVE-2024-33820 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V ...) @@ -468,10 +500,12 @@ CVE-2022-48669 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cda9c0d556283e2d4adaa9960b2dc19b16156bae (6.9-rc1) CVE-2024-4331 (Use after free in Picture In Picture in Google Chrome prior to 124.0.6 ...) + {DSA-5676-1} - chromium 124.0.6367.118-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-4368 (Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowe ...) + {DSA-5676-1} - chromium 124.0.6367.118-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) @@ -158237,7 +158271,8 @@ CVE-2022-27460 RESERVED CVE-2022-27459 RESERVED -CVE-2022-27458 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...) +CVE-2022-27458 + REJECTED {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 @@ -205736,10 +205771,10 @@ CVE-2021-36596 RESERVED CVE-2021-36595 RESERVED -CVE-2021-36594 - RESERVED -CVE-2021-36593 - RESERVED +CVE-2021-36594 (SSRF in Oxwall 1.8.7 (1) allows an attacker to execute arbitrary c ...) + TODO: check +CVE-2021-36593 (Oxwall 1.8.7 (1) is vulnerable to Incorrect Access Control. Unauth ...) + TODO: check CVE-2021-36592 RESERVED CVE-2021-36591 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/865bd4ed64ada8c2bc0d2643d129b57fea269fea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/865bd4ed64ada8c2bc0d2643d129b57fea269fea You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7cb76107 by security tracker role at 2024-05-01T20:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,342 +1,476 @@ -CVE-2024-27392 [nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()] +CVE-2024-33835 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remo ...) + TODO: check +CVE-2024-33820 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V ...) + TODO: check +CVE-2024-33775 (An issue with the Autodiscover component in Nagios XI 2024R1.01 allows ...) + TODO: check +CVE-2024-33518 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) + TODO: check +CVE-2024-33517 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) + TODO: check +CVE-2024-33516 (An unauthenticated Denial of Service (DoS) vulnerability exists in the ...) + TODO: check +CVE-2024-33515 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...) + TODO: check +CVE-2024-33514 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...) + TODO: check +CVE-2024-33513 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...) + TODO: check +CVE-2024-33512 (There is a buffer overflow vulnerability in the underlying Local User ...) + TODO: check +CVE-2024-33511 (There is a buffer overflow vulnerability in the underlying Automatic R ...) + TODO: check +CVE-2024-33442 (An issue in flusity-CMS v.2.33 allows a remote attacker to execute arb ...) + TODO: check +CVE-2024-33431 (An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a ...) + TODO: check +CVE-2024-33430 (An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 a ...) + TODO: check +CVE-2024-33429 (Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 ...) + TODO: check +CVE-2024-33428 (Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 a ...) + TODO: check +CVE-2024-33424 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...) + TODO: check +CVE-2024-33423 (Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSim ...) + TODO: check +CVE-2024-33393 (An issue in spidernet-io spiderpool v.0.9.3 and before allows a local ...) + TODO: check +CVE-2024-33307 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...) + TODO: check +CVE-2024-33306 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...) + TODO: check +CVE-2024-33304 (SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scrip ...) + TODO: check +CVE-2024-33300 (Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross ...) + TODO: check +CVE-2024-33292 (SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote ...) + TODO: check +CVE-2024-33078 (Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send ...) + TODO: check +CVE-2024-32984 (Yamux is a stream multiplexer over reliable, ordered connections such ...) + TODO: check +CVE-2024-32979 (Nautobot is a Network Source of Truth and Network Automation Platform ...) + TODO: check +CVE-2024-32973 (Pluto is a superset of Lua 5.4 with a focus on general-purpose program ...) + TODO: check +CVE-2024-32213 (The LoMag WareHouse Management application version 1.0.20.120 and olde ...) + TODO: check +CVE-2024-32212 (SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0. ...) + TODO: check +CVE-2024-32211 (An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before a ...) + TODO: check +CVE-2024-32210 (The LoMag WareHouse Management application version 1.0.20.120 and olde ...) + TODO: check +CVE-2024-31413 (Free of pointer not at start of buffer vulnerability exists in CX-One ...) + TODO: check +CVE-2024-31412 (Out-of-bounds read vulnerability exists in CX-Programmer included in C ...) + TODO: check +CVE-2024-30176 (In Logpoint before 7.4.0, an attacker can enumerate a valid list of us ...) + TODO: check +CVE-2024-29011 (Use of hard-coded password in the GMS ECM endpoint leading to authenti ...) + TODO: check +CVE-2024-29010 (The XML document processed in the GMS ECM URL endpoint is vulnerable t ...) + TODO: check +CVE-2024-28893 (Certain HP software packages (SoftPaqs) are potentially vulnerable to ...) + TODO: check +CVE-2024-28775 (IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. ...) + TODO: check +CVE-2024-28764 (IBM WebSphere Automation 1.7.0 could allow an attacker with privileged ...) + TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 73ae8f0d by security tracker role at 2024-05-01T08:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,426 +1,474 @@ -CVE-2024-27022 [fork: defer linking file vma until vma is fully initialized] +CVE-2024-4369 (An information disclosure flaw was found in OpenShift's internal image ...) + TODO: check +CVE-2024-4349 (A vulnerability has been found in SourceCodester Pisay Online E-Learni ...) + TODO: check +CVE-2024-4348 (A vulnerability, which was classified as problematic, was found in osC ...) + TODO: check +CVE-2024-4192 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of ...) + TODO: check +CVE-2024-3591 (The Geo Controller WordPress plugin before 8.6.5 unserializes user inp ...) + TODO: check +CVE-2024-34149 (In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots202311 ...) + TODO: check +CVE-2024-33768 (lunasvg v2.3.9 was discovered to contain a segmentation violation via ...) + TODO: check +CVE-2024-33767 (lunasvg v2.3.9 was discovered to contain a segmentation violation via ...) + TODO: check +CVE-2024-33766 (lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Except ...) + TODO: check +CVE-2024-33764 (lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/s ...) + TODO: check +CVE-2024-33763 (lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at l ...) + TODO: check +CVE-2024-32970 (Phlex is a framework for building object-oriented views in Ruby. In af ...) + TODO: check +CVE-2024-32967 (Zitadel is an open source identity management system. In case ZITADEL ...) + TODO: check +CVE-2024-32966 (Static Web Server (SWS) is a tiny and fast production-ready web server ...) + TODO: check +CVE-2024-32963 (Navidrome is an open source web-based music collection server and stre ...) + TODO: check +CVE-2024-32890 (librespeed/speedtest is an open source, self-hosted speed test for HTM ...) + TODO: check +CVE-2024-32018 (RIOT is a real-time multi-threading operating system that supports a r ...) + TODO: check +CVE-2024-32017 (RIOT is a real-time multi-threading operating system that supports a r ...) + TODO: check +CVE-2024-31225 (RIOT is a real-time multi-threading operating system that supports a r ...) + TODO: check +CVE-2024-29466 (Directory Traversal vulnerability in lsgwr spring boot online exam v.0 ...) + TODO: check +CVE-2024-28979 (Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS i ...) + TODO: check +CVE-2024-28978 (Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Imprope ...) + TODO: check +CVE-2024-23336 (MyBB is a free and open source forum software. The default list of dis ...) + TODO: check +CVE-2024-23335 (MyBB is a free and open source forum software. The backup management m ...) + TODO: check +CVE-2024-27022 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/35e351780fa9d8240dd6f7e4f245f9ea37e96c19 (6.9-rc5) -CVE-2024-27021 [r8169: fix LED-related deadlock on module removal] +CVE-2024-27021 (In the Linux kernel, the following vulnerability has been resolved: r ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/19fa4f2a85d777a8052e869c1b892a2f7556569d (6.9-rc4) -CVE-2024-27020 [netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()] +CVE-2024-27020 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux NOTE: https://git.kernel.org/linus/f969eb84ce482331a991079ab7a5c4dc3b7f89bf (6.9-rc5) -CVE-2024-27019 [netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()] +CVE-2024-27019 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux NOTE: https://git.kernel.org/linus/d78d867dcea69c328db30df665be5be7d0148484 (6.9-rc5) -CVE-2024-27018 [netfilter: br_netfilter: skip conntrack input hook for promisc packets] +CVE-2024-27018 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/751de2012eafa4d46d8081056761fa0e9cc8a178 (6.9-rc5) -CVE-2024-27017 [netfilter: nft_set_pipapo: walk over current view on
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 522a2023 by security tracker role at 2024-04-30T20:12:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,113 @@ +CVE-2024-4340 (Passing a heavily nested list to sqlparse.parse() leads to a Denial of ...) + TODO: check +CVE-2024-4337 (Adive Framework 2.0.8, does not sufficiently encode user-controlled in ...) + TODO: check +CVE-2024-4336 (Adive Framework 2.0.8, does not sufficiently encode user-controlled in ...) + TODO: check +CVE-2024-4185 (The Customer Email Verification for WooCommerce plugin for WordPress i ...) + TODO: check +CVE-2024-3746 (The entire parent directory - C:\ScadaPro and its sub-directories and ...) + TODO: check +CVE-2024-3411 (Implementations of IPMI Authenticated sessions does not provide enough ...) + TODO: check +CVE-2024-3072 (The ACF Front End Editor plugin for WordPress is vulnerable to unautho ...) + TODO: check +CVE-2024-34088 (In FRRouting (FRR) through 9.1, it is possible for the get_edge() func ...) + TODO: check +CVE-2024-33832 (OneNav v0.9.35-20240318 was discovered to contain a Server-Side Reques ...) + TODO: check +CVE-2024-33831 (A stored cross-site scripting (XSS) vulnerability in the Advanced Expe ...) + TODO: check +CVE-2024-33465 (Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allow ...) + TODO: check +CVE-2024-33437 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) + TODO: check +CVE-2024-33436 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) + TODO: check +CVE-2024-33383 (Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allow ...) + TODO: check +CVE-2024-33371 (Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remot ...) + TODO: check +CVE-2024-2 (An issue discovered in SpringBlade 3.7.1 allows attackers to obtain se ...) + TODO: check +CVE-2024-33309 (An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and i ...) + TODO: check +CVE-2024-33308 (An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and i ...) + TODO: check +CVE-2024-33275 (SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and bef ...) + TODO: check +CVE-2024-33274 (Directory Traversal vulnerability in FME Modules customfields v.2.2.7 ...) + TODO: check +CVE-2024-33273 (SQL injection vulnerability in shipup before v.3.3.0 allows a remote a ...) + TODO: check +CVE-2024-33270 (An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2 ...) + TODO: check +CVE-2024-33267 (SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before a ...) + TODO: check +CVE-2024-33103 (An arbitrary file upload vulnerability in the Media Manager component ...) + TODO: check +CVE-2024-33102 (A stored cross-site scripting (XSS) vulnerability in the component /pu ...) + TODO: check +CVE-2024-33101 (A stored cross-site scripting (XSS) vulnerability in the component /ac ...) + TODO: check +CVE-2024-2877 (Vault Enterprise, when configured with performance standby nodes and a ...) + TODO: check +CVE-2024-2663 (The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server ...) + TODO: check +CVE-2024-2617 (A vulnerability exists in the RTU500 that allows for authenticated and ...) + TODO: check +CVE-2024-2378 (A vulnerability exists in the web-authentication component of the SDM6 ...) + TODO: check +CVE-2024-2377 (A vulnerability exists in the too permissive HTTP response header web ...) + TODO: check +CVE-2024-29384 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) + TODO: check +CVE-2024-29320 (Wallos before 1.15.3 is vulnerable to SQL Injection via the category a ...) + TODO: check +CVE-2024-28716 (An issue in OpenStack Storlets yoga-eom allows a remote attacker to ex ...) + TODO: check +CVE-2024-28269 (ReCrystallize Server 5.10.0.0 allows administrators to upload files to ...) + TODO: check +CVE-2024-26331 (ReCrystallize Server 5.10.0.0 uses a authorization mechanism that reli ...) + TODO: check +CVE-2024-25938 (A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0 ...) + TODO: check +CVE-2024-25648 (A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0 ...) + TODO: check +CVE-2024-25575 (A type confusion vulnerability vulnerability exists in the way Foxit R ...) + TODO: check +CVE-2024-23774 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...) + TODO: check +CVE-2024-23773 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b9277d2b by security tracker role at 2024-04-30T08:11:48+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,63 @@ +CVE-2024-4327 (A vulnerability was found in Apryse WebViewer up to 10.8.0. It has bee ...) + TODO: check +CVE-2024-4226 (It was identified that in certain versions of Octopus Server, that a u ...) + TODO: check +CVE-2024-4225 (Multiple security vulnerabilities has been discovered in web interface ...) + TODO: check +CVE-2024-34050 (Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice b ...) + TODO: check +CVE-2024-34049 (Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice b ...) + TODO: check +CVE-2024-34048 (O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdat ...) + TODO: check +CVE-2024-34047 (O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateH ...) + TODO: check +CVE-2024-34046 (The O-RAN E2T I-Release Prometheus metric Increment function can crash ...) + TODO: check +CVE-2024-34045 (The O-RAN E2T I-Release Prometheus metric Increment function can crash ...) + TODO: check +CVE-2024-34044 (The O-RAN E2T I-Release buildPrometheusList function can have a NULL p ...) + TODO: check +CVE-2024-34043 (O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a ce ...) + TODO: check +CVE-2024-33522 (In vulnerable versions of Calico (v3.27.2 and below), Calico Enterpris ...) + TODO: check +CVE-2024-33401 (Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remot ...) + TODO: check +CVE-2024-33350 (Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote at ...) + TODO: check +CVE-2024-31837 (DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string ...) + TODO: check +CVE-2024-28294 (Limbas up to v5.2.14 was discovered to contain a SQL injection vulnera ...) + TODO: check +CVE-2024-27518 (An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 all ...) + TODO: check +CVE-2024-1371 (The LeadConnector plugin for WordPress is vulnerable to unauthorized m ...) + TODO: check +CVE-2024-0216 (The Google Doc Embedder plugin for WordPress is vulnerable to Server S ...) + TODO: check +CVE-2023-52728 (Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an i ...) + TODO: check +CVE-2023-52727 (Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an i ...) + TODO: check +CVE-2023-52726 (Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows i ...) + TODO: check +CVE-2023-52725 (Open Networking Foundation SD-RAN ONOS onos-kpimon 0.4.7 allows blocki ...) + TODO: check +CVE-2023-52724 (Open Networking Foundation SD-RAN onos-kpimon 0.4.7 allows out-of-boun ...) + TODO: check +CVE-2023-50434 (emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen wit ...) + TODO: check +CVE-2023-50433 (marshall in dhcp_packet.c in simple-dhcp-server through ec976d2 allows ...) + TODO: check +CVE-2023-50432 (simple-dhcp-server through ec976d2 allows remote attackers to cause a ...) + TODO: check +CVE-2023-46960 (Buffer Overflow vulnerability in PyPXE v.1.8.4 allows a remote attacke ...) + TODO: check +CVE-2023-46566 (Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e3 ...) + TODO: check +CVE-2023-31889 (An issue discovered in httpd in ASUS RT-AC51U with firmware version up ...) + TODO: check CVE-2024-4310 (Cross-site Scripting (XSS) vulnerability in HubBank affecting version ...) NOT-FOR-US: HubBank CVE-2024-4309 (SQL injection vulnerability in HubBank affecting version 1.0.2. This v ...) @@ -23009,7 +23069,7 @@ CVE-2024-22853 (D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded passw NOT-FOR-US: D-LINK CVE-2024-22852 (D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buff ...) NOT-FOR-US: D-LINK -CVE-2024-22773 (Intelbras Roteador ACtion RF 1200 1.2.2 esposes the Password in Cookie ...) +CVE-2024-22773 (Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 ...) NOT-FOR-US: Intelbras Roteador ACtion RF 1200 CVE-2024-22208 (phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9277d2b4c6ccf35157fb43ccdf6f92408025ea4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9277d2b4c6ccf35157fb43ccdf6f92408025ea4 You're receiving this email because of your account on salsa.debian.org. ___
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 796f8713 by security tracker role at 2024-04-29T20:12:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,133 @@ +CVE-2024-4310 (Cross-site Scripting (XSS) vulnerability in HubBank affecting version ...) + TODO: check +CVE-2024-4309 (SQL injection vulnerability in HubBank affecting version 1.0.2. This v ...) + TODO: check +CVE-2024-4308 (SQL injection vulnerability in HubBank affecting version 1.0.2. This v ...) + TODO: check +CVE-2024-4307 (SQL injection vulnerability in HubBank affecting version 1.0.2. This v ...) + TODO: check +CVE-2024-4306 (Critical unrestricted file upload vulnerability in HubBank affecting v ...) + TODO: check +CVE-2024-4304 (A Cross-Site Scripting XSS vulnerability has been detected on GT3 Solu ...) + TODO: check +CVE-2024-3375 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) + TODO: check +CVE-2024-34020 (A stack-based buffer overflow was found in the putSDN() function of ma ...) + TODO: check +CVE-2024-34011 (Local privilege escalation due to insecure folder permissions. The fol ...) + TODO: check +CVE-2024-34010 (Local privilege escalation due to unquoted search path vulnerability. ...) + TODO: check +CVE-2024-33684 (Missing Authorization vulnerability in Pdfcrowd Save as PDF plugin by ...) + TODO: check +CVE-2024-33652 (Missing Authorization vulnerability in Real Big Plugins Client Dash.Th ...) + TODO: check +CVE-2024-33636 (Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget ...) + TODO: check +CVE-2024-33635 (Missing Authorization vulnerability in Piotnet Piotnet Addons For Elem ...) + TODO: check +CVE-2024-33597 (Missing Authorization vulnerability in ProFaceOff SSU.This issue affec ...) + TODO: check +CVE-2024-33596 (Missing Authorization vulnerability in Five Star Plugins Five Star Res ...) + TODO: check +CVE-2024-33595 (Missing Authorization vulnerability in Jewel Theme Master Addons for E ...) + TODO: check +CVE-2024-33594 (Missing Authorization vulnerability in Leaky Paywall.This issue affect ...) + TODO: check +CVE-2024-33593 (Missing Authorization vulnerability in RedNao Smart Forms.This issue a ...) + TODO: check +CVE-2024-33591 (Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept ...) + TODO: check +CVE-2024-33590 (Server-Side Request Forgery (SSRF) vulnerability in codeSavory Knowled ...) + TODO: check +CVE-2024-33589 (Missing Authorization vulnerability in WPOmnia KB Support.This issue a ...) + TODO: check +CVE-2024-33588 (Missing Authorization vulnerability in codeSavory Knowledge Base docum ...) + TODO: check +CVE-2024-33587 (Missing Authorization vulnerability in Copy Content Protection Team Se ...) + TODO: check +CVE-2024-33586 (Missing Authorization vulnerability in Photo Gallery Team Photo Galler ...) + TODO: check +CVE-2024-33585 (Missing Authorization vulnerability in Tyche Softwares Payment Gateway ...) + TODO: check +CVE-2024-33558 (Missing Authorization vulnerability in 8theme XStore Core.This issue a ...) + TODO: check +CVE-2024-33449 (An SSRF issue in the PDFMyURL service allows a remote attacker to obta ...) + TODO: check +CVE-2024-33445 (An issue in hisiphp v2.0.111 allows a remote attacker to execute arbit ...) + TODO: check +CVE-2024-33444 (SQL injection vulnerability in onethink v.1.1 allows a remote attacker ...) + TODO: check +CVE-2024-33443 (An issue in onethink v.1.1 allows a remote attacker to execute arbitra ...) + TODO: check +CVE-2024-33438 (File Upload vulnerability in CubeCart before 6.5.5 allows an authentic ...) + TODO: check +CVE-2024-33435 (Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Tec ...) + TODO: check +CVE-2024-33345 (D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer derefe ...) + TODO: check +CVE-2024-8 (Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote ...) + TODO: check +CVE-2024-33276 (SQL Injection vulnerability in FME Modules preorderandnotication v.3.1 ...) + TODO: check +CVE-2024-33272 (SQL injection vulnerability in KnowBand for PrestaShop autosuggest bef ...) + TODO: check +CVE-2024-33271 (An issue in FME Modules eventsmanager before 4.4.0 allows an attacker ...) + TODO: check +CVE-2024-33269 (SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before ...) + TODO: check +CVE-2024-33268 (SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 al ...) + TODO: check +CVE-2024-33266 (SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8 ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f8fa9a7 by security tracker role at 2024-04-29T08:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,119 @@ +CVE-2024-4303 (ArmorX Android APP's multi-factor authentication (MFA) for the login f ...) + TODO: check +CVE-2024-4302 (Super 8 Live Chat online customer service platform fails to properly f ...) + TODO: check +CVE-2024-4301 (N-Reporter and N-Cloud, products of the N-Partner, have an OS Command ...) + TODO: check +CVE-2024-4300 (E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in ...) + TODO: check +CVE-2024-4299 (The system configuration interface of HGiga iSherlock (including MailS ...) + TODO: check +CVE-2024-4298 (The email search interface of HGiga iSherlock (including MailSherlock, ...) + TODO: check +CVE-2024-4297 (The system configuration interface of HGiga iSherlock (including MailS ...) + TODO: check +CVE-2024-4296 (The account management interface of HGiga iSherlock (including MailShe ...) + TODO: check +CVE-2024-3196 (A vulnerability was found in MailCleaner up to 2023.03.14. It has been ...) + TODO: check +CVE-2024-3195 (A vulnerability was found in MailCleaner up to 2023.03.14. It has been ...) + TODO: check +CVE-2024-3194 (A vulnerability was found in MailCleaner up to 2023.03.14 and classifi ...) + TODO: check +CVE-2024-3193 (A vulnerability has been found in MailCleaner up to 2023.03.14 and cla ...) + TODO: check +CVE-2024-3192 (A vulnerability, which was classified as problematic, was found in Mai ...) + TODO: check +CVE-2024-3191 (A vulnerability, which was classified as critical, has been found in M ...) + TODO: check +CVE-2024-33905 (In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS ...) + TODO: check +CVE-2024-33904 (In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), ...) + TODO: check +CVE-2024-33903 (In CARLA through 0.9.15.2, the collision sensor mishandles some situat ...) + TODO: check +CVE-2024-33899 (RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attacke ...) + TODO: check +CVE-2024-33891 (Delinea Secret Server before 11.7.01 allows attackers to bypass au ...) + TODO: check +CVE-2024-33686 (Missing Authorization vulnerability in Extend Themes Pathway, Extend T ...) + TODO: check +CVE-2024-33681 (Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Regen ...) + TODO: check +CVE-2024-33649 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33648 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33646 (Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Stick ...) + TODO: check +CVE-2024-33645 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33643 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33641 (Deserialization of Untrusted Data vulnerability in Team Yoast Custom f ...) + TODO: check +CVE-2024-33640 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33637 (Insertion of Sensitive Information into Log File vulnerability in Soli ...) + TODO: check +CVE-2024-33634 (Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Ad ...) + TODO: check +CVE-2024-33633 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33632 (Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Add ...) + TODO: check +CVE-2024-33631 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33630 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33629 (Server-Side Request Forgery (SSRF) vulnerability in Creative Motion Au ...) + TODO: check +CVE-2024-33627 (Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely ...) + TODO: check +CVE-2024-33584 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in D ...) + TODO: check +CVE-2024-33575 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-33571 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33566 (Missing Authorization vulnerability in N-Media OrderConvo allows OS Co ...) + TODO: check +CVE-2024-33562 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 80610b94 by security tracker role at 2024-04-28T20:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,190 +1,208 @@ -CVE-2024-26928 [smb: client: fix potential UAF in cifs_debug_files_proc_show()] +CVE-2024-4294 (A vulnerability, which was classified as critical, has been found in P ...) + TODO: check +CVE-2024-4293 (A vulnerability classified as problematic was found in PHPGurukul Doct ...) + TODO: check +CVE-2024-4292 (A vulnerability classified as critical has been found in Contemporary ...) + TODO: check +CVE-2024-33883 (The ejs (aka Embedded JavaScript templates) package before 3.1.10 for ...) + TODO: check +CVE-2024-33851 (phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based t ...) + TODO: check +CVE-2024-25050 (IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2 ...) + TODO: check +CVE-2023-52722 (An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zm ...) + TODO: check +CVE-2022-48685 (An issue was discovered in Logpoint 7.1 before 7.1.2. The daily execut ...) + TODO: check +CVE-2022-48684 (An issue was discovered in Logpoint before 7.1.1. Template injection w ...) + TODO: check +CVE-2024-26928 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/ca545b7f0823f19db0f1148d59bc5e1a56634502 (6.9-rc3) -CVE-2024-26927 [ASoC: SOF: Add some bounds checking to firmware data] +CVE-2024-26927 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/98f681b0f84cfc3a1d83287b77697679e0398306 (6.9-rc1) -CVE-2022-48668 [smb3: fix temporary data corruption in collapse range] +CVE-2022-48668 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4 (6.0-rc4) -CVE-2022-48667 [smb3: fix temporary data corruption in insert range] +CVE-2022-48667 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9c8b7a293f50253e694f19161c045817a938e551 (6.0-rc4) -CVE-2022-48666 [scsi: core: Fix a use-after-free] +CVE-2022-48666 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.0.2-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8fe4ce5836e932f5766317cb651c1ff2a4cd0506 (6.0-rc5) -CVE-2022-48665 [exfat: fix overflow for large capacity partition] +CVE-2022-48665 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2e9ceb6728f1dc2fa4b5d08f37d88cbc49a20a62 (6.0-rc7) -CVE-2022-48664 [btrfs: fix hang during unmount when stopping a space reclaim worker] +CVE-2022-48664 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 NOTE: https://git.kernel.org/linus/a362bb864b8db4861977d00bd2c3222503ccc34b (6.0-rc7) -CVE-2022-48663 [gpio: mockup: fix NULL pointer dereference when removing debugfs] +CVE-2022-48663 (In the Linux kernel, the following vulnerability has been resolved: g ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b7df41a6f79dfb18ba2203f8c5f0e9c0b9b57f68 (6.0-rc7) -CVE-2022-48662 [drm/i915/gem: Really move i915_gem_context.link under ref protection] +CVE-2022-48662 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d119888b09bd567e07c6b93a07f175df88857e02 (6.0-rc7) -CVE-2022-48661 [gpio: mockup: Fix potential resource leakage when register a chip] +CVE-2022-48661 (In the Linux kernel, the following vulnerability has been resolved: g ...) - linux 6.0.2-1
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e63461bf by security tracker role at 2024-04-27T20:12:34+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,31 @@ +CVE-2024-4291 (A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It ha ...) + TODO: check +CVE-2024-4257 (A vulnerability was found in BlueNet Technology Clinical Browsing Syst ...) + TODO: check +CVE-2024-4256 (A vulnerability was found in Techkshetra Info Solutions Savsoft Quiz 6 ...) + TODO: check +CVE-2024-4255 (A vulnerability, which was classified as critical, has been found in R ...) + TODO: check +CVE-2024-4252 (A vulnerability classified as critical has been found in Tenda i22 1.0 ...) + TODO: check +CVE-2024-4251 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been rat ...) + TODO: check +CVE-2024-4250 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been dec ...) + TODO: check +CVE-2024-4249 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been cla ...) + TODO: check +CVE-2024-4248 (A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified a ...) + TODO: check +CVE-2024-4247 (A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classif ...) + TODO: check +CVE-2024-4246 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-3342 (The Timetable and Event Schedule by MotoPress plugin for WordPress is ...) + TODO: check +CVE-2024-3309 (The Qi Addons For Elementor plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2024-25048 (IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer ...) + TODO: check CVE-2024-4245 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-4244 (A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4 ...) @@ -30891,6 +30919,7 @@ CVE-2023-51708 (Bentley eB System Management Console applications within Assetwi CVE-2023-51707 (MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows r ...) NOT-FOR-US: MotionPro CVE-2023-51704 (An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1. ...) + {DLA-3796-1} - mediawiki 1:1.39.6-1 [bookworm] - mediawiki 1:1.39.7-1~deb12u1 [bullseye] - mediawiki (Minor issue, fix along in next update) @@ -79680,8 +79709,8 @@ CVE-2023-1002 (A vulnerability, which was classified as problematic, has been fo NOT-FOR-US: MuYuCMS CVE-2023-1001 RESERVED -CVE-2023-1000 - RESERVED +CVE-2023-1000 (A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has be ...) + TODO: check CVE-2023-0999 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Sales Tracker Management System CVE-2023-0998 (A vulnerability classified as critical has been found in SourceCodeste ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e63461bf63f381231603dda8819a79f482702c4d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e63461bf63f381231603dda8819a79f482702c4d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5a993a91 by security tracker role at 2024-04-27T08:11:30+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,51 @@ +CVE-2024-4245 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-4244 (A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4 ...) + TODO: check +CVE-2024-4243 (A vulnerability classified as critical has been found in Tenda W9 1.0. ...) + TODO: check +CVE-2024-4242 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated ...) + TODO: check +CVE-2024-4241 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been decla ...) + TODO: check +CVE-2024-4240 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been class ...) + TODO: check +CVE-2024-4239 (A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as cr ...) + TODO: check +CVE-2024-3052 (Malformed S2 Nonce Get command classes can be sent to crash the gatewa ...) + TODO: check +CVE-2024-3051 (Malformed Device Reset Locally command classes can be sent to temporar ...) + TODO: check +CVE-2024-3034 (The BackUpWordPress plugin for WordPress is vulnerable to Directory Tr ...) + TODO: check +CVE-2024-32887 (Sidekiq is simple, efficient background processing for Ruby. Sidekiq i ...) + TODO: check +CVE-2024-32883 (MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot u ...) + TODO: check +CVE-2024-32881 (Danswer is the AI Assistant connected to company's docs, apps, and peo ...) + TODO: check +CVE-2024-32878 (Llama.cpp is LLM inference in C/C++. There is a use of uninitialized h ...) + TODO: check +CVE-2024-31828 (Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows att ...) + TODO: check +CVE-2024-31741 (Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote a ...) + TODO: check +CVE-2024-31601 (An issue in Beijing Panabit Network Software Co., Ltd Panalog big data ...) + TODO: check +CVE-2024-31551 (Directory Traversal vulnerability in lib/admin/image.admin.php in cmse ...) + TODO: check +CVE-2024-31502 (An issue in Insurance Management System v.1.0.0 and before allows a re ...) + TODO: check +CVE-2024-30804 (An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert ...) + TODO: check +CVE-2024-2859 (By default, SANnav OVA is shipped with root user login enabled. While ...) + TODO: check +CVE-2024-2838 (The WPC Composite Products for WooCommerce plugin for WordPress is vul ...) + TODO: check +CVE-2024-2258 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact For ...) + TODO: check +CVE-2024-28322 (SQL Injection vulnerability in /event-management-master/backend/regist ...) + TODO: check CVE-2024-4238 (A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified ...) TODO: check CVE-2024-4237 (A vulnerability, which was classified as critical, was found in Tenda ...) @@ -1201,13 +1249,13 @@ CVE-2024-29965 (In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to NOT-FOR-US: Brocade SANnav CVE-2024-29964 (Brocade SANnav versions before v2.3.0a do not correctly set permission ...) NOT-FOR-US: Brocade SANnav -CVE-2024-29963 (Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded keys ...) +CVE-2024-29963 (Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS k ...) NOT-FOR-US: Brocade SANnav CVE-2024-29962 (Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file per ...) NOT-FOR-US: Brocade SANnav CVE-2024-29961 (A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It a ...) NOT-FOR-US: Brocade SANnav -CVE-2024-29960 (In the Brocade SANnav server versions before v2.3.1 and v2.3.0a, the S ...) +CVE-2024-29960 (In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys insid ...) NOT-FOR-US: Brocade SANnav CVE-2024-29959 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Bro ...) NOT-FOR-US: Brocade SANnav View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a993a911078a8b61b85a31f3dc2f6ff91d339a5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a993a911078a8b61b85a31f3dc2f6ff91d339a5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9c638f00 by security tracker role at 2024-04-26T20:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,146 @@ -CVE-2023-52646 [aio: fix mremap after fork null-deref] +CVE-2024-4238 (A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified ...) + TODO: check +CVE-2024-4237 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-4236 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-4235 (A vulnerability classified as problematic was found in Netgear DG834Gv ...) + TODO: check +CVE-2024-4234 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-4198 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 ...) + TODO: check +CVE-2024-4195 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 ...) + TODO: check +CVE-2024-4183 (Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x bef ...) + TODO: check +CVE-2024-4182 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and ...) + TODO: check +CVE-2024-3962 (The Product Addons & Fields for WooCommerce plugin for WordPress is vu ...) + TODO: check +CVE-2024-3682 (The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable ...) + TODO: check +CVE-2024-3076 (The MM-email2image WordPress plugin through 0.2.5 does not have CSRF c ...) + TODO: check +CVE-2024-33697 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33696 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33695 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33694 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33693 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33692 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33691 (Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup ...) + TODO: check +CVE-2024-33690 (Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio. ...) + TODO: check +CVE-2024-33689 (Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Ha ...) + TODO: check +CVE-2024-33688 (Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Telur ...) + TODO: check +CVE-2024-33683 (Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Da ...) + TODO: check +CVE-2024-33682 (Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information ...) + TODO: check +CVE-2024-33680 (Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child ...) + TODO: check +CVE-2024-33679 (Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameThem ...) + TODO: check +CVE-2024-33678 (Cross-Site Request Forgery (CSRF) vulnerability in ClickCease ClickCea ...) + TODO: check +CVE-2024-33677 (Cross-Site Request Forgery (CSRF) vulnerability in Renzo Johnson Conta ...) + TODO: check +CVE-2024-33344 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in fte ...) + TODO: check +CVE-2024-33343 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in Chg ...) + TODO: check +CVE-2024-33342 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in Set ...) + TODO: check +CVE-2024-33263 (QuickJS commit 3b45d15 was discovered to contain an Assertion Failure ...) + TODO: check +CVE-2024-33260 (Jerryscript commit cefd391 was discovered to contain a segmentation vi ...) + TODO: check +CVE-2024-33259 (Jerryscript commit cefd391 was discovered to contain a segmentation vi ...) + TODO: check +CVE-2024-33258 (Jerryscript commit ff9ff8f was discovered to contain a segmentation vi ...) + TODO: check +CVE-2024-33255 (Jerryscript commit cefd391 was discovered to contain an Assertion Fail ...) + TODO: check +CVE-2024-32957 (Missing Authorization vulnerability in Live Composer Team Page Builder ...) + TODO: check +CVE-2024-32884 (gitoxide is a pure Rust implementation of Git. `gix-transport` does no ...) + TODO: check +CVE-2024-32880 (pyload is an open-source Download Manager written in pure Python. An a ...) + TODO: check +CVE-2024-32829 (Missing Authorization vulnerability in Supsystic Data Tables Generator ...) + TODO: check +CVE-2024-32828 (Missing Authorization
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 821a6aa0 by security tracker role at 2024-04-26T08:11:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,109 @@ +CVE-2024-4163 (The Skylab IGX IIoT Gateway allowed users to connect to it via a limit ...) + TODO: check +CVE-2024-4056 (Denial of service condition in M-Files Server in versions before 24.4. ...) + TODO: check +CVE-2024-3890 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-3678 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...) + TODO: check +CVE-2024-3265 (The Advanced Search WordPress plugin through 1.1.6 does not properly e ...) + TODO: check +CVE-2024-3188 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) + TODO: check +CVE-2024-3075 (The MM-email2image WordPress plugin through 0.2.5 does not validate an ...) + TODO: check +CVE-2024-3060 (The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize an ...) + TODO: check +CVE-2024-3059 (The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF c ...) + TODO: check +CVE-2024-3058 (The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF c ...) + TODO: check +CVE-2024-3048 (The Bannerlid WordPress plugin through 1.1.0 does not escape generated ...) + TODO: check +CVE-2024-33673 (An issue was discovered in Veritas Backup Exec before 22.2 HotFix 9173 ...) + TODO: check +CVE-2024-33672 (An issue was discovered in Veritas NetBackup before 10.4. The Multi-Th ...) + TODO: check +CVE-2024-33671 (An issue was discovered in Veritas Backup Exec before 22.2 HotFix 9173 ...) + TODO: check +CVE-2024-33670 (Passbolt API before 4.6.2 allows HTML injection in a URL parameter, re ...) + TODO: check +CVE-2024-33669 (An issue was discovered in Passbolt Browser Extension before 4.6.2. It ...) + TODO: check +CVE-2024-33668 (An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cach ...) + TODO: check +CVE-2024-33667 (An issue was discovered in Zammad before 6.3.0. An authenticated agent ...) + TODO: check +CVE-2024-33666 (An issue was discovered in Zammad before 6.3.0. Users with customer ac ...) + TODO: check +CVE-2024-33665 (angular-translate through 2.19.1 allows XSS via a crafted key that is ...) + TODO: check +CVE-2024-33664 (python-jose through 3.3.0 allows attackers to cause a denial of servic ...) + TODO: check +CVE-2024-33663 (python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA k ...) + TODO: check +CVE-2024-33661 (Portainer before 2.20.0 allows redirects when the target is not index. ...) + TODO: check +CVE-2024-33651 (Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gi ...) + TODO: check +CVE-2024-33650 (Cross-Site Request Forgery (CSRF) vulnerability in Cryout Creations Se ...) + TODO: check +CVE-2024-33642 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33639 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33638 (Cross-Site Request Forgery (CSRF) vulnerability in Brijesh Kothari Sma ...) + TODO: check +CVE-2024-33598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32868 (ZITADEL provides users the possibility to use Time-based One-Time-Pass ...) + TODO: check +CVE-2024-32651 (changedetection.io is an open source web page change detection, websit ...) + TODO: check +CVE-2024-32406 (Server-Side Template Injection (SSTI) vulnerability in inducer relate ...) + TODO: check +CVE-2024-32404 (Server-Side Template Injection (SSTI) vulnerability in inducer relate ...) + TODO: check +CVE-2024-31755 (cJSON v1.7.17 was discovered to contain a segmentation violation, whic ...) + TODO: check +CVE-2024-31610 (File Upload vulnerability in the function for employees to upload avat ...) + TODO: check +CVE-2024-31609 (Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attac ...) + TODO: check +CVE-2024-2920 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-2908 (The Call Now Button WordPress plugin before 1.4.7 does not sanitise a ...) + TODO: check +CVE-2024-2837 (The WP Chat App WordPress plugin before 3.6.4 does not sanitise and es ...) + TODO: check +CVE-2024-2603 (The Salon booking system WordPress plugin through 9.6.5 does not sanit ...) + TODO: check +CVE-2024-2439 (The Salon booking system WordPress plugin through 9.6.5 does not sanit ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 29679e3f by security tracker role at 2024-04-25T20:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,111 @@ +CVE-2024-4175 (Unicode transformation vulnerability in Hyperion affecting version 2.0 ...) + TODO: check +CVE-2024-4174 (Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affect ...) + TODO: check +CVE-2024-4172 (A vulnerability classified as problematic was found in idcCMS 1.35. Af ...) + TODO: check +CVE-2024-4171 (A vulnerability classified as critical has been found in Tenda W30E 1. ...) + TODO: check +CVE-2024-4170 (A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as ...) + TODO: check +CVE-2024-4169 (A vulnerability was found in Tenda 4G300 1.01.42. It has been declared ...) + TODO: check +CVE-2024-4168 (A vulnerability was found in Tenda 4G300 1.01.42. It has been classifi ...) + TODO: check +CVE-2024-4167 (A vulnerability was found in Tenda 4G300 1.01.42 and classified as cri ...) + TODO: check +CVE-2024-4166 (A vulnerability has been found in Tenda 4G300 1.01.42 and classified a ...) + TODO: check +CVE-2024-4165 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-4164 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-4077 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-4035 (The Photo Gallery \u2013 GT3 Image Gallery & Gutenberg Block Gallery p ...) + TODO: check +CVE-2024-4024 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2024-4006 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2024-3994 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) + TODO: check +CVE-2024-3733 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-3730 (The Simple Membership plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-33592 (Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Play ...) + TODO: check +CVE-2024-33247 (Sourcecodester Employee Task Management System v1.0 is vulnerable to S ...) + TODO: check +CVE-2024-32961 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32676 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) + TODO: check +CVE-2024-32649 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32648 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32647 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32646 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32645 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32481 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32467 (MeterSphere is an open source continuous testing platform. Prior to ve ...) + TODO: check +CVE-2024-32358 (An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitra ...) + TODO: check +CVE-2024-32324 (Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd ...) + TODO: check +CVE-2024-32236 (An issue in CmsEasy v.7.7 and before allows a remote attacker to obtai ...) + TODO: check +CVE-2024-31615 (ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php.) + TODO: check +CVE-2024-31574 (Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attac ...) + TODO: check +CVE-2024-31266 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-30939 (An issue discovered in Yealink VP59 Teams Editions with firmware versi ...) + TODO: check +CVE-2024-30890 (Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacke ...) + TODO: check +CVE-2024-30560 (Cross-Site Request Forgery (CSRF) vulnerability in \u5927\u4fa0WP DX-W ...) + TODO: check +CVE-2024-2829 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2024-2434 (An issue has been discovered in GitLab affecting all versions of GitLa ...) + TODO: check +CVE-2024-29660 (Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local att ...) + TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ae8df104 by security tracker role at 2024-04-25T08:12:35+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,16 +1,38 @@ -CVE-2024-26926 [binder: check offset alignment in binder_get_object()] +CVE-2024-4173 (A vulnerability in Brocade SANnav ova versions before Brocade SANnav v ...) + TODO: check +CVE-2024-4161 (In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic receiv ...) + TODO: check +CVE-2024-4159 (Brocade SANnav before Brocade SANnav v2.3.1 lacks protection mechanism ...) + TODO: check +CVE-2024-3988 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) + TODO: check +CVE-2024-3929 (The Content Views \u2013 Post Grid & Filter, Recent Posts, Category Po ...) + TODO: check +CVE-2024-3893 (The Classified Listing \u2013 Classified ads & Business Directory Plug ...) + TODO: check +CVE-2024-2907 (The AGCA WordPress plugin before 7.2.2 does not sanitise and escape s ...) + TODO: check +CVE-2024-29205 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + TODO: check +CVE-2024-23527 (An out-of-bounds read vulnerability in WLAvalancheService component of ...) + TODO: check +CVE-2024-20313 (A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE ...) + TODO: check +CVE-2023-51478 (Improper Authentication vulnerability in Abdul Hakeem Build App Online ...) + TODO: check +CVE-2024-26926 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/aaef73821a3b0194a01bd23ca4f704a04d40 (6.9-rc5) -CVE-2024-26925 [netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path] +CVE-2024-26925 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0d459e2ffb541841714839e8228b845458ed3b27 (6.9-rc3) -CVE-2024-26924 [netfilter: nft_set_pipapo: do not free live element] +CVE-2024-26924 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc (6.9-rc5) -CVE-2024-26923 [af_unix: Fix garbage collector racing against connect()] +CVE-2024-26923 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux NOTE: https://git.kernel.org/linus/47d8ac011fe1c9251070e1bd64cb10b48193ec51 (6.9-rc4) CVE-2024-4060 @@ -21286,11 +21308,14 @@ CVE-2024-24820 (Icinga Director is a tool designed to make Icinga 2 configuratio NOT-FOR-US: Icinga Director CVE-2024-24819 (icingaweb2-module-incubator is a working project of bleeding edge Icin ...) NOT-FOR-US: icingaweb2-module-incubator -CVE-2024-24499 (SQL Injection vulnerability in Employee Management System v.1.0 allows ...) +CVE-2024-24499 + REJECTED NOT-FOR-US: Employee Management System -CVE-2024-24498 (Unrestricted File Upload vulnerability in Employee Management System 1 ...) +CVE-2024-24498 + REJECTED NOT-FOR-US: Employee Management System -CVE-2024-24497 (SQL Injection vulnerability in Employee Management System v.1.0 allows ...) +CVE-2024-24497 + REJECTED NOT-FOR-US: Employee Management System CVE-2024-24496 (An issue in Daily Habit Tracker v.1.0 allows a remote attacker to mani ...) NOT-FOR-US: Daily Habit Tracker @@ -25183,7 +25208,8 @@ CVE-2024-0716 (A vulnerability classified as problematic has been found in Byzor NOT-FOR-US: Beijing Baichuo Smart S150 Management Platform CVE-2024-0714 (A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It ...) NOT-FOR-US: MiczFlor RPi-Jukebox-RFID -CVE-2024-0713 (A vulnerability was found in Monitorr 1.7.6m. It has been declared as ...) +CVE-2024-0713 + REJECTED NOT-FOR-US: Monitorr CVE-2024-0712 (A vulnerability was found in Byzoro Smart S150 Management Platform V31 ...) NOT-FOR-US: Beijing Baichuo Smart S150 Management Platform @@ -26286,7 +26312,7 @@ CVE-2023-42135 (PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50 NOT-FOR-US: PAX devices CVE-2023-42134 (PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45 ...) NOT-FOR-US: PAX devices -CVE-2023-6237 [openssl: Checking excessively long invalid RSA public keys may take a long time] +CVE-2023-6237 (Issue summary: Checking excessively long invalid RSA public keys may t ...) - openssl 3.1.5-1 (bug #1060858) [bookworm] -
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cf25cd45 by security tracker role at 2024-04-24T20:11:57+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,269 @@ +CVE-2024-4141 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an in ...) + TODO: check +CVE-2024-4127 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been classi ...) + TODO: check +CVE-2024-4126 (A vulnerability was found in Tenda W15E 15.11.0.14 and classified as c ...) + TODO: check +CVE-2024-4125 (A vulnerability has been found in Tenda W15E 15.11.0.14 and classified ...) + TODO: check +CVE-2024-4124 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-4123 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-4122 (A vulnerability classified as critical was found in Tenda W15E 15.11.0 ...) + TODO: check +CVE-2024-4121 (A vulnerability classified as critical has been found in Tenda W15E 15 ...) + TODO: check +CVE-2024-4120 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated ...) + TODO: check +CVE-2024-4119 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been declar ...) + TODO: check +CVE-2024-4118 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been classi ...) + TODO: check +CVE-2024-4117 (A vulnerability was found in Tenda W15E 15.11.0.14 and classified as c ...) + TODO: check +CVE-2024-4116 (A vulnerability has been found in Tenda W15E 15.11.0.14 and classified ...) + TODO: check +CVE-2024-4115 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-4114 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-4113 (A vulnerability classified as critical was found in Tenda TX9 22.03.02 ...) + TODO: check +CVE-2024-4112 (A vulnerability classified as critical has been found in Tenda TX9 22. ...) + TODO: check +CVE-2024-4111 (A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated ...) + TODO: check +CVE-2024-4093 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-4075 (A vulnerability classified as problematic has been found in Kashipara ...) + TODO: check +CVE-2024-4074 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) + TODO: check +CVE-2024-4073 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) + TODO: check +CVE-2024-4072 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) + TODO: check +CVE-2024-4071 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) + TODO: check +CVE-2024-4070 (A vulnerability has been found in Kashipara Online Furniture Shopping ...) + TODO: check +CVE-2024-4069 (A vulnerability, which was classified as critical, was found in Kaship ...) + TODO: check +CVE-2024-4066 (A vulnerability classified as critical has been found in Tenda AC8 16. ...) + TODO: check +CVE-2024-3371 (MongoDB Compass may accept and use insufficiently validated input from ...) + TODO: check +CVE-2024-3261 (The Strong Testimonials WordPress plugin before 3.1.12 does not valida ...) + TODO: check +CVE-2024-33531 (cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsi ...) + TODO: check +CVE-2024-32958 (Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannid ...) + TODO: check +CVE-2024-32956 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32955 (Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flo ...) + TODO: check +CVE-2024-32954 (Unrestricted Upload of File with Dangerous Type vulnerability in Tribu ...) + TODO: check +CVE-2024-32953 (Insertion of Sensitive Information into Log File vulnerability in News ...) + TODO: check +CVE-2024-32952 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32951 (Missing Authorization vulnerability in BloomPixel Max Addons Pro for B ...) + TODO: check +CVE-2024-32950 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32948 (Missing Authorization vulnerability in Repute Infosystems ARMember.Thi ...) + TODO: check +CVE-2024-32947 (Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Se ...) + TODO: check +CVE-2024-32879 (Python Social Auth is a social authentication/registration mechanism. ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ccfd9a6 by security tracker role at 2024-04-23T20:11:43+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,68 @@ -CVE-2024-26922 [drm/amdgpu: validate the parameters of bo mapping operations more clearly] +CVE-2024-4065 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated ...) + TODO: check +CVE-2024-4064 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been declar ...) + TODO: check +CVE-2024-4063 (A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. I ...) + TODO: check +CVE-2024-4062 (A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classi ...) + TODO: check +CVE-2024-3911 (An unauthenticated remote attacker candeceive users into performing un ...) + TODO: check +CVE-2024-3732 (The GeoDirectory \u2013 WordPress Business Directory Plugin, or Classi ...) + TODO: check +CVE-2024-3665 (The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-3491 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...) + TODO: check +CVE-2024-3185 (A key used in logging.json does not follow the least privilege princip ...) + TODO: check +CVE-2024-33217 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-33215 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-33214 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-33213 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-33212 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-33211 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-32679 (Missing Authorization vulnerability in Shared Files PRO Shared Files.T ...) + TODO: check +CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) + TODO: check +CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...) + TODO: check +CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) + TODO: check +CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) + TODO: check +CVE-2024-32482 (The Tillitis TKey signer device application is an ed25519 signing tool ...) + TODO: check +CVE-2024-32258 (The network server of fceux 2.7.0 has a path traversal vulnerability, ...) + TODO: check +CVE-2024-31804 (An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.2 ...) + TODO: check +CVE-2024-31208 (Synapse is an open-source Matrix homeserver. A remote Matrix user with ...) + TODO: check +CVE-2024-30800 (PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly z ...) + TODO: check +CVE-2024-2477 (The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site S ...) + TODO: check +CVE-2024-28627 (An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain s ...) + TODO: check +CVE-2024-28130 (An incorrect type conversion vulnerability exists in the DVPSSoftcopyV ...) + TODO: check +CVE-2024-21979 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) + TODO: check +CVE-2024-21972 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) + TODO: check +CVE-2024-0900 (The Elespare \u2013 Build Your Blog, News & Magazine Websites with Exp ...) + TODO: check +CVE-2023-47731 (IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pa ...) + TODO: check +CVE-2024-26922 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux NOTE: https://git.kernel.org/linus/6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75 (6.9-rc5) CVE-2024-4031 (Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM ...) @@ -37,7 +101,7 @@ CVE-2024-2760 (Bkav Home v7816, build 2403161130 is vulnerable to a Memory Infor NOT-FOR-US: Bkac CVE-2024-2493 (Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This is ...) NOT-FOR-US: Hitachi -CVE-2024-29368 (An issue discovered in moziloCMS v2.0 allows attackers to bypass file ...) +CVE-2024-29368 (An arbitrary file upload vulnerability in the file handling module of ...) NOT-FOR-US: moziloCMS CVE-2024-28890 (Forminator prior to 1.29.0 contains an unrestricted upload of file wit ...) NOT-FOR-US: WordPress plugin @@ -862,6 +926,7 @@
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 317d173b by security tracker role at 2024-04-23T08:11:57+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2024-4031 (Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM ...) + TODO: check +CVE-2024-3889 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) + TODO: check +CVE-2024-3664 (The Quick Featured Images plugin for WordPress is vulnerable to unauth ...) + TODO: check +CVE-2024-3293 (The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress ...) + TODO: check +CVE-2024-32657 (Hydra is a Continuous Integration service for Nix based projects. Atta ...) + TODO: check +CVE-2024-32656 (Ant Media Server is live streaming engine software. A local privilege ...) + TODO: check +CVE-2024-32653 (jadx is a Dex to Java decompiler. Prior to version 1.5.0, the packag ...) + TODO: check +CVE-2024-32480 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...) + TODO: check +CVE-2024-32479 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...) + TODO: check +CVE-2024-32461 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...) + TODO: check +CVE-2024-32394 (An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01 ...) + TODO: check +CVE-2024-31857 (Forminator prior to 1.15.4 contains a cross-site scripting vulnerabili ...) + TODO: check +CVE-2024-31077 (Forminator prior to 1.29.3 contains a SQL injection vulnerability. If ...) + TODO: check +CVE-2024-31036 (A heap-buffer-overflow vulnerability in the read_byte function in Nano ...) + TODO: check +CVE-2024-2799 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) + TODO: check +CVE-2024-2798 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) + TODO: check +CVE-2024-2760 (Bkav Home v7816, build 2403161130 is vulnerable to a Memory Informatio ...) + TODO: check +CVE-2024-2493 (Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This is ...) + TODO: check +CVE-2024-29368 (An issue discovered in moziloCMS v2.0 allows attackers to bypass file ...) + TODO: check +CVE-2024-28890 (Forminator prior to 1.29.0 contains an unrestricted upload of file wit ...) + TODO: check +CVE-2024-27574 (SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 a ...) + TODO: check +CVE-2024-21511 (Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrar ...) + TODO: check +CVE-2024-1241 (Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulne ...) + TODO: check +CVE-2023-6833 (Insertion of Sensitive Information into Log File vulnerability in Hita ...) + TODO: check +CVE-2023-48184 (QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free b ...) + TODO: check +CVE-2023-48183 (QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer derefe ...) + TODO: check CVE-2024-4040 (VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1. ...) NOT-FOR-US: CrushFTP CVE-2024-4026 (Cross-Site Scripting (XSS) vulnerability in the Holded application. Th ...) @@ -118,27 +170,27 @@ CVE-2018-25101 (A vulnerability, which was classified as problematic, has been f NOT-FOR-US: Koha Library Management System CVE-2015-10132 (A vulnerability classified as problematic was found in Thimo Grauerhol ...) NOT-FOR-US: WordPress plugin -CVE-2024-32041 [OutOfBound Read in zgfx_decompress_segment] +CVE-2024-32041 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release -CVE-2024-32039 [Integer overflow & OutOfBound Write in clear_decompress_residual_data] +CVE-2024-32039 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release -CVE-2024-32040 [integer underflow in nsc_rle_decode] +CVE-2024-32040 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release -CVE-2024-32458 [OutOfBound Read in planar_skip_plane_rle] +CVE-2024-32458 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 NOTE:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e395f3b2 by security tracker role at 2024-04-22T20:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,8 +1,92 @@ -CVE-2024-27349 +CVE-2024-4040 (VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1. ...) + TODO: check +CVE-2024-4026 (Cross-Site Scripting (XSS) vulnerability in the Holded application. Th ...) + TODO: check +CVE-2024-3645 (The Essential Addons for Elementor Pro plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-32691 (Missing Authorization vulnerability in realmag777 Active Products Tabl ...) + TODO: check +CVE-2024-32688 (Missing Authorization vulnerability in Long Watch Studio MyRewards.Thi ...) + TODO: check +CVE-2024-32687 (Missing Authorization vulnerability in WPClever WPC Frequently Bought ...) + TODO: check +CVE-2024-32684 (Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This i ...) + TODO: check +CVE-2024-32682 (Missing Authorization vulnerability in BdThemes Prime Slider \u2013 Ad ...) + TODO: check +CVE-2024-32681 (Missing Authorization vulnerability in BdThemes Prime Slider \u2013 Ad ...) + TODO: check +CVE-2024-32407 (An issue in inducer relate before v.2024.1 allows a remote attacker to ...) + TODO: check +CVE-2024-32405 (Cross Site Scripting vulnerability in inducer relate before v.2024.1 a ...) + TODO: check +CVE-2024-32399 (Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 a ...) + TODO: check +CVE-2024-32368 (Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-L ...) + TODO: check +CVE-2024-32238 (H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password ...) + TODO: check +CVE-2024-32205 + REJECTED +CVE-2024-31666 (An issue in flusity-CMS v.2.33 allows a remote attacker to execute arb ...) + TODO: check +CVE-2024-31545 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...) + TODO: check +CVE-2024-29661 (A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to ...) + TODO: check +CVE-2024-29376 (Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Pr ...) + TODO: check +CVE-2024-28717 (An issue in OpenStack Storlets yoga-eom allows a remote attacker to ex ...) + TODO: check +CVE-2024-28699 (A buffer overflow vulnerability in pdf2json v0.70 allows a local attac ...) + TODO: check +CVE-2024-28436 (Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DA ...) + TODO: check +CVE-2024-22856 (A SQL injection vulnerability via the Save Favorite Search function in ...) + TODO: check +CVE-2024-22815 (An issue in the communication protocol of Tormach xsTECH CNC Router, P ...) + TODO: check +CVE-2024-22813 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) + TODO: check +CVE-2024-22811 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) + TODO: check +CVE-2024-22809 (Incorrect access control in Tormach xsTECH CNC Router, PathPilot Contr ...) + TODO: check +CVE-2024-22808 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) + TODO: check +CVE-2024-22807 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) + TODO: check +CVE-2023-38302 (A certain software build for the Sharp Rouvo V device (SHARP/VZW_STTM2 ...) + TODO: check +CVE-2023-38301 (An issue was discovered in a third-party component related to vendor.g ...) + TODO: check +CVE-2023-38300 (A certain software build for the Orbic Maui device (Orbic/RC545L/RC545 ...) + TODO: check +CVE-2023-38299 (Various software builds for the AT Calypso, Nokia C100, Nokia C200, ...) + TODO: check +CVE-2023-38298 (Various software builds for the following TCL devices (30Z, A3X, 20XE, ...) + TODO: check +CVE-2023-38297 (An issue was discovered in a third-party com.factory.mmigroup componen ...) + TODO: check +CVE-2023-38296 (Various software builds for the following TCL 30Z and TCL A3X devices ...) + TODO: check +CVE-2023-38295 (Certain software builds for the TCL 30Z and TCL 10 Android devices con ...) + TODO: check +CVE-2023-38294 (Certain software builds for the Itel Vision 3 Turbo Android device con ...) + TODO: check +CVE-2023-38293 (Certain software builds for the Nokia C200 and Nokia C100 Android devi ...) + TODO: check +CVE-2023-38292 (Certain software builds for the TCL 20XE Android device contain a vuln ...) + TODO: check +CVE-2023-38291 (An issue was discovered in a third-party component related to ro.boot. ...) + TODO: check +CVE-2023-38290 (Certain software builds for
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d9f5714f by security tracker role at 2024-04-22T08:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,33 @@ +CVE-2024-4022 (A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-18 ...) + TODO: check +CVE-2024-4021 (A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-18 ...) + TODO: check +CVE-2024-32698 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32697 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32696 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32695 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32694 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32693 (Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automati ...) + TODO: check +CVE-2024-32690 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32418 (An issue in flusity CMS v2.33 allows a remote attacker to execute arbi ...) + TODO: check +CVE-2024-30799 (An issue in PX4 Autopilot v1.14 and before allows a remote attacker to ...) + TODO: check +CVE-2024-28722 (Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3 ...) + TODO: check +CVE-2023-7252 (The Tickera WordPress plugin before 3.5.2.5 does not prevent users fr ...) + TODO: check +CVE-2018-25101 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2015-10132 (A vulnerability classified as problematic was found in Thimo Grauerhol ...) + TODO: check CVE-2024-32041 [OutOfBound Read in zgfx_decompress_segment] - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 @@ -1922,7 +1952,7 @@ CVE-2024- [Stored XSS in Avatar block] NOTE: https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/ NOTE: https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/ CVE-2024-3302 (There was no limit to the number of HTTP/2 CONTINUATION frames that wo ...) - {DSA-5663-1 DLA-3790-1} + {DSA-5670-1 DSA-5663-1 DLA-3790-1} - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 @@ -1933,7 +1963,7 @@ CVE-2024-3865 (Memory safety bugs present in Firefox 124. Some of these bugs sho - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3865 CVE-2024-3864 (Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thund ...) - {DSA-5663-1 DLA-3790-1} + {DSA-5670-1 DSA-5663-1 DLA-3790-1} - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 @@ -1951,7 +1981,7 @@ CVE-2024-3862 (The MarkStack assignment operator, part of the JavaScript engine, - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3862 CVE-2024-3861 (If an AlignedBuffer were assigned to itself, the subsequent self-move ...) - {DSA-5663-1 DLA-3790-1} + {DSA-5670-1 DSA-5663-1 DLA-3790-1} - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 @@ -1962,7 +1992,7 @@ CVE-2024-3860 (An out-of-memory condition during object initialization could res - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3860 CVE-2024-3859 (On 32-bit versions there were integer-overflows that led to an out-of- ...) - {DSA-5663-1 DLA-3790-1} + {DSA-5670-1 DSA-5663-1 DLA-3790-1} - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 @@ -1973,7 +2003,7 @@ CVE-2024-3858 (It was possible to mutate a JavaScript object so that the JIT cou - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3858 CVE-2024-3857 (The JIT created incorrect code for arguments in certain cases. This le ...) - {DSA-5663-1 DLA-3790-1} + {DSA-5670-1 DSA-5663-1 DLA-3790-1} - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 @@ -1987,7 +2017,7 @@ CVE-2024-3855 (In certain cases the JIT incorrectly optimized MSubstr operations - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3855 CVE-2024-3854 (In some code patterns the JIT incorrectly optimized switch
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 96f4d461 by security tracker role at 2024-04-21T08:11:50+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-4020 (A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified ...) + TODO: check CVE-2024-4019 (A vulnerability classified as critical has been found in Byzoro Smart ...) TODO: check CVE-2024-4014 (The hCaptcha for WordPress plugin for WordPress is vulnerable to Store ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96f4d461182cf71c3da728d19547a080c8c4fc30 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96f4d461182cf71c3da728d19547a080c8c4fc30 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b0a25f8d by security tracker role at 2024-04-20T20:11:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-4019 (A vulnerability classified as critical has been found in Byzoro Smart ...) + TODO: check +CVE-2024-4014 (The hCaptcha for WordPress plugin for WordPress is vulnerable to Store ...) + TODO: check CVE-2024-4018 (Improper Privilege Management vulnerability in BeyondTrust U-Series Ap ...) TODO: check CVE-2024-4017 (Improper Privilege Management vulnerability in BeyondTrust U-Series Ap ...) @@ -1798,54 +1802,67 @@ CVE-2024- [gix-transport indirect code execution via malicious username] CVE-2024-27980 - nodejs (Only affects Windows) CVE-2024-3847 (Insufficient policy enforcement in WebUI in Google Chrome prior to 124 ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3846 (Inappropriate implementation in Prompts in Google Chrome prior to 124. ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3845 (Inappropriate implementation in Networks in Google Chrome prior to 124 ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3844 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3843 (Insufficient data validation in Downloads in Google Chrome prior to 12 ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3841 (Insufficient data validation in Browser Switcher in Google Chrome prio ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3840 (Insufficient policy enforcement in Site Isolation in Google Chrome pri ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3839 (Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 al ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3838 (Inappropriate implementation in Autofill in Google Chrome prior to 124 ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3837 (Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3834 (Use after free in Downloads in Google Chrome prior to 124.0.6367.60 al ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3833 (Object corruption in WebAssembly in Google Chrome prior to 124.0.6367. ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3832 (Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowe ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0a25f8d74221a3afd72d356c5f0b5d9534200b9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0a25f8d74221a3afd72d356c5f0b5d9534200b9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bea5ca51 by security tracker role at 2024-04-20T08:11:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,31 @@ +CVE-2024-4018 (Improper Privilege Management vulnerability in BeyondTrust U-Series Ap ...) + TODO: check +CVE-2024-4017 (Improper Privilege Management vulnerability in BeyondTrust U-Series Ap ...) + TODO: check +CVE-2024-32392 (Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote ...) + TODO: check +CVE-2024-32391 (Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 all ...) + TODO: check +CVE-2024-31994 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...) + TODO: check +CVE-2024-31993 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...) + TODO: check +CVE-2024-31992 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...) + TODO: check +CVE-2024-31991 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...) + TODO: check +CVE-2024-31584 (Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the ...) + TODO: check +CVE-2024-30974 (SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to ...) + TODO: check +CVE-2024-22905 (Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote ...) + TODO: check +CVE-2024-1730 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) + TODO: check +CVE-2024-1480 (Unitronics Vision Standard line of controllers allow the Information M ...) + TODO: check +CVE-2024-1057 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) + TODO: check CVE-2024-3979 (A vulnerability, which was classified as problematic, has been found i ...) - vsomeip (bug #997892) CVE-2024-3818 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bea5ca516ef30604040ea646c8690526a6b7a981 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bea5ca516ef30604040ea646c8690526a6b7a981 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6b9e1a5c by security tracker role at 2024-04-19T20:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,243 @@ +CVE-2024-3979 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-3818 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) + TODO: check +CVE-2024-3742 (Electrolink transmitters store credentials in clear-text. Use of these ...) + TODO: check +CVE-2024-3741 (Electrolink transmitters are vulnerable to an authentication bypass v ...) + TODO: check +CVE-2024-3731 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-3684 (A server side request forgery vulnerability was identified in GitHub E ...) + TODO: check +CVE-2024-3654 (An XSS vulnerability has been found in Teimas Global's Teixo, version ...) + TODO: check +CVE-2024-3646 (A command injection vulnerability was identified in GitHub Enterprise ...) + TODO: check +CVE-2024-3615 (The Media Library Folders plugin for WordPress is vulnerable to Reflec ...) + TODO: check +CVE-2024-3600 (The Poll Maker \u2013 Best WordPress Poll Plugin plugin for WordPress ...) + TODO: check +CVE-2024-3598 (The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-3560 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-3470 (An Improper Privilege Management vulnerability was identified in GitHu ...) + TODO: check +CVE-2024-32683 (Authorization Bypass Through User-Controlled Key vulnerability in Wpme ...) + TODO: check +CVE-2024-32652 (The adapter @hono/node-server allows you to run your Hono application ...) + TODO: check +CVE-2024-32650 (Rustls is a modern TLS library written in Rust. `rustls::ConnectionCom ...) + TODO: check +CVE-2024-32644 (Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain tha ...) + TODO: check +CVE-2024-32478 (Git Credential Manager (GCM) is a secure Git credential helper. Prior ...) + TODO: check +CVE-2024-32473 (Moby is an open source container framework that is a key component of ...) + TODO: check +CVE-2024-32409 (An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary ...) + TODO: check +CVE-2024-32206 (A stored cross-site scripting (XSS) vulnerability in the component \af ...) + TODO: check +CVE-2024-32166 (Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - ...) + TODO: check +CVE-2024-32038 (Wazuh is a free and open source platform used for threat prevention, d ...) + TODO: check +CVE-2024-31846 (An issue was discovered in Italtel Embrace 1.6.4. The web application ...) + TODO: check +CVE-2024-31841 (An issue was discovered in Italtel Embrace 1.6.4. The web server fails ...) + TODO: check +CVE-2024-31750 (SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote ...) + TODO: check +CVE-2024-31745 (Libdwarf v0.9.1 was discovered to contain a heap use-after-free via th ...) + TODO: check +CVE-2024-31744 (In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/j ...) + TODO: check +CVE-2024-31587 (SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an ...) + TODO: check +CVE-2024-31552 (CuteHttpFileServer v.3.1 version has an arbitrary file download vulner ...) + TODO: check +CVE-2024-31547 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...) + TODO: check +CVE-2024-31546 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...) + TODO: check +CVE-2024-31450 (Owncast is an open source, self-hosted, decentralized, single user liv ...) + TODO: check +CVE-2024-30938 (SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker t ...) + TODO: check +CVE-2024-30929 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) + TODO: check +CVE-2024-30928 (SQL Injection vulnerability in DerbyNet v9.0 and below allows attacker ...) + TODO: check +CVE-2024-30927 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) + TODO: check +CVE-2024-30926 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) + TODO: check +CVE-2024-30925 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) + TODO: check +CVE-2024-30924 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) + TODO: check +CVE-2024-30923 (SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e9c20f4 by security tracker role at 2024-04-18T20:11:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,193 @@ +CVE-2024-3948 (A vulnerability was found in SourceCodester Home Clean Service System ...) + TODO: check +CVE-2024-32689 (Missing Authorization vulnerability in GenialSouls WP Social Comments. ...) + TODO: check +CVE-2024-32686 (Insertion of Sensitive Information into Log File vulnerability in Inis ...) + TODO: check +CVE-2024-32604 (Authorization Bypass Through User-Controlled Key vulnerability in Plec ...) + TODO: check +CVE-2024-32603 (Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy ...) + TODO: check +CVE-2024-32602 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-32601 (Missing Authorization vulnerability in WP OnlineSupport, Essential Plu ...) + TODO: check +CVE-2024-32600 (Deserialization of Untrusted Data vulnerability in Averta Master Slide ...) + TODO: check +CVE-2024-32599 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-32598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32597 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32596 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32595 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32594 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32592 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32591 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32590 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32588 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32587 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32586 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32585 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32584 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32583 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32582 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32581 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32580 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32579 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32577 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32576 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32575 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32572 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32571 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32570 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32569 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32568 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32567 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32566 (Improper Neutralization of Input During Web Page Generation ('Cross-si
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3fd6e59a by security tracker role at 2024-04-18T08:11:47+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,61 @@ +CVE-2024-3932 (A vulnerability classified as problematic has been found in Totara LMS ...) + TODO: check +CVE-2024-3931 (A vulnerability was found in Totara LMS 18.0.1 Build 20231128.01. It h ...) + TODO: check +CVE-2024-3928 (A vulnerability was found in Dromara open-capacity-platform 2.0.1. It ...) + TODO: check +CVE-2024-32746 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32745 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32744 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32743 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32472 (excalidraw is an open source virtual hand-drawn style whiteboard. A st ...) + TODO: check +CVE-2024-32345 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...) + TODO: check +CVE-2024-32344 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...) + TODO: check +CVE-2024-32343 (A cross-site scripting (XSS) vulnerability in the Create Page of Boid ...) + TODO: check +CVE-2024-32342 (A cross-site scripting (XSS) vulnerability in the Create Page of Boid ...) + TODO: check +CVE-2024-32341 (Multiple cross-site scripting (XSS) vulnerabilities in the Home page o ...) + TODO: check +CVE-2024-32340 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32339 (Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page ...) + TODO: check +CVE-2024-32338 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32337 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-31869 (Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows ...) + TODO: check +CVE-2024-2729 (The Otter Blocks WordPress plugin before 2.6.6 does not properly esca ...) + TODO: check +CVE-2024-29956 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the ...) + TODO: check +CVE-2024-29955 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allo ...) + TODO: check +CVE-2024-29952 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allo ...) + TODO: check +CVE-2024-1429 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) + TODO: check +CVE-2024-1426 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) + TODO: check +CVE-2023-4509 (It is possible for an API key to be logged in clear text in the audit ...) + TODO: check +CVE-2023-4235 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) + TODO: check +CVE-2023-4234 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) + TODO: check +CVE-2023-4233 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) + TODO: check +CVE-2023-4232 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) + TODO: check CVE-2024-3914 (Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a ...) - chromium [bullseye] - chromium (see #1061268) @@ -11452,7 +11510,7 @@ CVE-2024-24693 (Improper access control in the installer for Zoom Rooms Client f CVE-2024-24692 (Race condition in the installer for Zoom Rooms Client for Windows befo ...) NOT-FOR-US: Zoom CVE-2024-24549 (Denial of Service due to improper input validation vulnerability for H ...) - {DLA-3779-1} + {DSA-5665-1 DLA-3779-1} - tomcat10 10.1.20-1 (bug #1066878) - tomcat9 9.0.70-2 NOTE: https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg @@ -11460,7 +11518,7 @@ CVE-2024-24549 (Denial of Service due to improper input validation vulnerability NOTE: https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0 (9.0.86) NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version CVE-2024-23672 (Denial of Service via incomplete cleanup vulnerability in Apache Tomca ...) - {DLA-3779-1} + {DSA-5665-1 DLA-3779-1} - tomcat10 10.1.20-1 (bug #1066877) - tomcat9 9.0.70-2 NOTE: https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f @@ -16334,7 +16392,7 @@ CVE-2024-23496 (A
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4195e357 by security tracker role at 2024-04-17T20:11:48+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,521 +1,789 @@ -CVE-2024-2961 [ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence] +CVE-2024-3914 (Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a ...) + TODO: check +CVE-2024-3910 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-3909 (A vulnerability classified as critical was found in Tenda AC500 2.0.1. ...) + TODO: check +CVE-2024-3908 (A vulnerability classified as critical has been found in Tenda AC500 2 ...) + TODO: check +CVE-2024-3907 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been ra ...) + TODO: check +CVE-2024-3906 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been de ...) + TODO: check +CVE-2024-3905 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been cl ...) + TODO: check +CVE-2024-3900 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long ...) + TODO: check +CVE-2024-3825 (Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw ...) + TODO: check +CVE-2024-3817 (HashiCorp\u2019s go-getter library is vulnerable to argument injection ...) + TODO: check +CVE-2024- (The Essential Addons for Elementor plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-3323 (Cross Site Scripting in UI Request/Response Validation in TIBCO Ja ...) + TODO: check +CVE-2024-32550 (Cross-Site Request Forgery (CSRF) vulnerability in BMI Adult & Kid Cal ...) + TODO: check +CVE-2024-32549 (Cross-Site Request Forgery (CSRF) vulnerability in Microkid Related Po ...) + TODO: check +CVE-2024-32548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32547 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32546 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32545 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32544 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32543 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32542 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32540 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32539 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32538 (Cross-Site Request Forgery (CSRF) vulnerability in Joshua Eldridge Eas ...) + TODO: check +CVE-2024-32536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32535 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32534 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32533 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32531 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32530 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32529 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32528 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32527 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32526 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32510 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32508 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32506 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-32505 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32463 (phlex is an open source framework for building object-oriented views i ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 44c50bee by security tracker role at 2024-04-17T08:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,58 +1,478 @@ +CVE-2024-3882 (A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been cla ...) + TODO: check +CVE-2024-3881 (A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified a ...) + TODO: check +CVE-2024-3880 (A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classif ...) + TODO: check +CVE-2024-3879 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-3878 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-3877 (A vulnerability classified as critical was found in Tenda F1202 1.2.0. ...) + TODO: check +CVE-2024-3876 (A vulnerability classified as critical has been found in Tenda F1202 1 ...) + TODO: check +CVE-2024-3875 (A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been ra ...) + TODO: check +CVE-2024-3874 (A vulnerability was found in Tenda W20E 15.11.0.6. It has been declare ...) + TODO: check +CVE-2024-3873 (A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It has bee ...) + TODO: check +CVE-2024-3872 (Mattermost Mobile app versions 2.13.0 and earlier use a regular expres ...) + TODO: check +CVE-2024-3871 (The Delta Electronics DVW-W02W2-E2 devices expose a web administration ...) + TODO: check +CVE-2024-3869 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-3867 (The archive-tainacan-collection theme for WordPress is vulnerable to R ...) + TODO: check +CVE-2024-3672 (The BA Book Everything plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-3660 (A arbitrary code injection vulnerability in TensorFlow's Keras framewo ...) + TODO: check +CVE-2024-3367 (Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1. ...) + TODO: check +CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-3067 (The WooCommerce Google Feed Manager plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-32634 (In huge memory get unmapped area check, code can never be reached beca ...) + TODO: check +CVE-2024-32633 (An unsigned value can never be negative, so eMMC full disk test will a ...) + TODO: check +CVE-2024-32632 (A value in ATCMD will be misinterpreted by printf, causing incorrect o ...) + TODO: check +CVE-2024-32631 (Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect compu ...) + TODO: check +CVE-2024-32625 (In OffloadAMRWriter, a scalar field is not initialized so will contain ...) + TODO: check +CVE-2024-32532 (Missing Authorization vulnerability in SiteGround Speed Optimizer.This ...) + TODO: check +CVE-2024-32525 (Missing Authorization vulnerability in Theme My Login.This issue affec ...) + TODO: check +CVE-2024-32524 (Missing Authorization vulnerability in Nuggethon Custom Order Statuses ...) + TODO: check +CVE-2024-32522 (Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Te ...) + TODO: check +CVE-2024-32520 (Missing Authorization vulnerability in WPClever WPC Grouped Product fo ...) + TODO: check +CVE-2024-32519 (Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCo ...) + TODO: check +CVE-2024-32518 (Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultim ...) + TODO: check +CVE-2024-32517 (Missing Authorization vulnerability in WooCommerce & WordPress Tutoria ...) + TODO: check +CVE-2024-32516 (Missing Authorization vulnerability in Palscode Multi Currency For Woo ...) + TODO: check +CVE-2024-32515 (Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega ...) + TODO: check +CVE-2024-32514 (Unrestricted Upload of File with Dangerous Type vulnerability in Poll ...) + TODO: check +CVE-2024-32513 (Insertion of Sensitive Information into Log File vulnerability in AdTr ...) + TODO: check +CVE-2024-32509 (Missing Authorization vulnerability in Loopus WP Cost Estimation & Pay ...) + TODO: check +CVE-2024-32455 (Missing Authorization vulnerability in Very Good Plugins Fatal Error N ...) + TODO: check +CVE-2024-32256 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...) + TODO: check +CVE-2024-32254 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...) + TODO: check +CVE-2024-32086 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e70c3222 by security tracker role at 2024-04-16T08:11:57+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,106 @@ +CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb) + TODO: check +CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the Authorizat ...) + TODO: check +CVE-2024-3573 (mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to impro ...) + TODO: check +CVE-2024-3572 (The scrapy/scrapy project is vulnerable to XML External Entity (XXE) a ...) + TODO: check +CVE-2024-3571 (langchain-ai/langchain is vulnerable to path traversal due to improper ...) + TODO: check +CVE-2024-3493 (A specific malformed fragmented packet type (fragmented packets may be ...) + TODO: check +CVE-2024-3271 (A command injection vulnerability exists in the run-llama/llama_index ...) + TODO: check +CVE-2024-3029 (In mintplex-labs/anything-llm, an attacker can exploit improper input ...) + TODO: check +CVE-2024-3028 (mintplex-labs/anything-llm is vulnerable to improper input validation, ...) + TODO: check +CVE-2024-32557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32036 (ImageSharp is a 2D graphics API. A heap-use-after-free flaw was found ...) + TODO: check +CVE-2024-31784 (An issue in Typora v.1.8.10 and before, allows a local attacker to obt ...) + TODO: check +CVE-2024-31783 (Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, ...) + TODO: check +CVE-2024-31652 (A cross-site scripting (XSS) in Cosmetics and Beauty Product Online St ...) + TODO: check +CVE-2024-31651 (A cross-site scripting (XSS) in Cosmetics and Beauty Product Online St ...) + TODO: check +CVE-2024-31650 (A cross-site scripting (XSS) in Cosmetics and Beauty Product Online St ...) + TODO: check +CVE-2024-31649 (A cross-site scripting (XSS) in Cosmetics and Beauty Product Online St ...) + TODO: check +CVE-2024-31648 (Cross Site Scripting (XSS) in Insurance Management System v1.0, allows ...) + TODO: check +CVE-2024-31634 (Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 a ...) + TODO: check +CVE-2024-30656 (An issue in Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-202 ...) + TODO: check +CVE-2024-30567 (An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allow ...) + TODO: check +CVE-2024-2912 (An insecure deserialization vulnerability exists in the BentoML framew ...) + TODO: check +CVE-2024-2424 (An input validation vulnerability exists in the Rockwell Automation501 ...) + TODO: check +CVE-2024-2260 (A session fixation vulnerability exists in the zenml-io/zenml applicat ...) + TODO: check +CVE-2024-2083 (A directory traversal vulnerability exists in the zenml-io/zenml repos ...) + TODO: check +CVE-2024-27794 (Claris FileMaker Server before version 20.3.2 was susceptible to a ref ...) + TODO: check +CVE-2024-23561 (HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information ...) + TODO: check +CVE-2024-23558 (HCL DevOps Deploy / HCL Launch does not invalidate session after logou ...) + TODO: check +CVE-2024-22262 (Applications that use UriComponentsBuilderto parse an externally provi ...) + TODO: check +CVE-2024-1961 (vertaai/modeldb is vulnerable to a path traversal attack due to improp ...) + TODO: check +CVE-2024-1739 (lunary-ai/lunary is vulnerable to an authentication issue due to impro ...) + TODO: check +CVE-2024-1738 (An incorrect authorization vulnerability exists in the lunary-ai/lunar ...) + TODO: check +CVE-2024-1666 (In lunary-ai/lunary version 1.0.0, an authorization flaw exists that a ...) + TODO: check +CVE-2024-1665 (lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluatio ...) + TODO: check +CVE-2024-1646 (parisneo/lollms-webui is vulnerable to authentication bypass due to in ...) + TODO: check +CVE-2024-1626 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...) + TODO: check +CVE-2024-1601 (An SQL injection vulnerability exists in the `delete_discussion()` fun ...) + TODO: check +CVE-2024-1594 (A path traversal vulnerability exists in the mlflow/mlflow repository, ...) + TODO: check +CVE-2024-1593 (A path traversal vulnerability exists in the mlflow/mlflow repository ...) + TODO: check +CVE-2024-1569 (parisneo/lollms-webui is vulnerable to a denial of service (DoS) attac ...) + TODO: check +CVE-2024-1561 (An issue was discovered in gradio-app/gradio, where the `/component_se ...) + TODO: check +CVE-2024-1560 (A
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bb6d802e by security tracker role at 2024-04-15T20:11:56+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,255 @@ +CVE-2024-3804 (A vulnerability, which was classified as critical, has been found in V ...) + TODO: check +CVE-2024-3803 (A vulnerability classified as critical was found in Vesystem Cloud Des ...) + TODO: check +CVE-2024-3802 (Vulnerabilities in Celeste 22.x was vulnerable to takeover from unauth ...) + TODO: check +CVE-2024-3797 (A vulnerability was found in SourceCodester QR Code Bookmark System 1. ...) + TODO: check +CVE-2024-3796 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) + TODO: check +CVE-2024-3795 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) + TODO: check +CVE-2024-3794 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) + TODO: check +CVE-2024-3793 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) + TODO: check +CVE-2024-3792 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) + TODO: check +CVE-2024-3791 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) + TODO: check +CVE-2024-3790 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) + TODO: check +CVE-2024-3789 (Uncontrolled resource consumption vulnerability in White Bear Solution ...) + TODO: check +CVE-2024-3788 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) + TODO: check +CVE-2024-3787 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) + TODO: check +CVE-2024-3786 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) + TODO: check +CVE-2024-3785 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) + TODO: check +CVE-2024-3784 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) + TODO: check +CVE-2024-3783 (The Backup Agents section in WBSAirback 21.02.04 is affected by a Path ...) + TODO: check +CVE-2024-3782 (Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which ...) + TODO: check +CVE-2024-3781 (Command injection vulnerability in the operating system. Improper neut ...) + TODO: check +CVE-2024-3780 (A vulnerability of Information Exposure has been found on Technicolor ...) + TODO: check +CVE-2024-32437 (Cross-Site Request Forgery (CSRF) vulnerability in impleCode eCommerce ...) + TODO: check +CVE-2024-32436 (Cross-Site Request Forgery (CSRF) vulnerability in Codemenschen Gift V ...) + TODO: check +CVE-2024-32435 (Cross-Site Request Forgery (CSRF) vulnerability in Affieasy Team AffiE ...) + TODO: check +CVE-2024-32434 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Ord ...) + TODO: check +CVE-2024-32433 (Cross-Site Request Forgery (CSRF) vulnerability in Themefic BEAF.This ...) + TODO: check +CVE-2024-32141 (Cross-Site Request Forgery (CSRF) vulnerability in Libsyn Libsyn Publi ...) + TODO: check +CVE-2024-32129 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...) + TODO: check +CVE-2024-32104 (Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove ...) + TODO: check +CVE-2024-32103 (Cross-Site Request Forgery (CSRF) vulnerability in Siteimprove.This is ...) + TODO: check +CVE-2024-32102 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Kingsley Clar ...) + TODO: check +CVE-2024-32101 (Cross-Site Request Forgery (CSRF) vulnerability in Omnisend Email Mark ...) + TODO: check +CVE-2024-32099 (Cross-Site Request Forgery (CSRF) vulnerability in James Ward WP Mail ...) + TODO: check +CVE-2024-32097 (Cross-Site Request Forgery (CSRF) vulnerability in Eyal Fitoussi GEO m ...) + TODO: check +CVE-2024-32096 (Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech WP Migrat ...) + TODO: check +CVE-2024-32095 (Cross-Site Request Forgery (CSRF) vulnerability in MultiParcels MultiP ...) + TODO: check +CVE-2024-32094 (Cross-Site Request Forgery (CSRF) vulnerability in ChurchThemes Church ...) + TODO: check +CVE-2024-32093 (Cross-Site Request Forgery (CSRF) vulnerability in Nose Graze Novelist ...) + TODO: check +CVE-2024-32092 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Bester Kimi ...) + TODO: check +CVE-2024-32091 (Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo Sangar Slide ...) + TODO: check +CVE-2024-32090 (Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church A ...) + TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f33239cd by security tracker role at 2024-04-15T08:12:01+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,189 @@ +CVE-2024-3778 (The file upload functionality of Ai3 QbiBot does not properly restrict ...) + TODO: check +CVE-2024-3777 (The password reset feature of Ai3 QbiBot lacks proper access control, ...) + TODO: check +CVE-2024-3776 (The parameter used in the login page of Netvision airPASS is not prope ...) + TODO: check +CVE-2024-3775 (aEnrich Technology a+HRD's functionality for downloading files using y ...) + TODO: check +CVE-2024-3774 (aEnrich Technology a+HRD's functionality for front-end retrieval of sy ...) + TODO: check +CVE-2024-3772 (Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 all ...) + TODO: check +CVE-2024-3771 (A vulnerability was found in PHPGurukul Student Record System 3.20 and ...) + TODO: check +CVE-2024-3770 (A vulnerability has been found in PHPGurukul Student Record System 3.2 ...) + TODO: check +CVE-2024-3769 (A vulnerability, which was classified as critical, was found in PHPGur ...) + TODO: check +CVE-2024-3768 (A vulnerability, which was classified as critical, has been found in P ...) + TODO: check +CVE-2024-3767 (A vulnerability classified as critical was found in PHPGurukul News Po ...) + TODO: check +CVE-2024-3766 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-3765 (A vulnerability classified as critical was found in Xiongmai AHB7804R- ...) + TODO: check +CVE-2024-3764 (A vulnerability classified as problematic has been found in Tuya Camer ...) + TODO: check +CVE-2024-3763 (A vulnerability was found in Emlog Pro 2.2.10. It has been rated as pr ...) + TODO: check +CVE-2024-3762 (A vulnerability was found in Emlog Pro 2.2.10. It has been declared as ...) + TODO: check +CVE-2024-3701 (The system application (com.transsion.kolun.aiservice) component does ...) + TODO: check +CVE-2024-3505 (JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to ...) + TODO: check +CVE-2024-32489 (TCPDF before 6.7.4 mishandles calls that use HTML syntax.) + TODO: check +CVE-2024-32488 (In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalati ...) + TODO: check +CVE-2024-32454 (Server-Side Request Forgery (SSRF) vulnerability in Wappointment Appoi ...) + TODO: check +CVE-2024-32453 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32452 (Cross-Site Request Forgery (CSRF) vulnerability in WP EasyCart.This is ...) + TODO: check +CVE-2024-32451 (Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages.T ...) + TODO: check +CVE-2024-32450 (Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team WpT ...) + TODO: check +CVE-2024-32449 (Cross-Site Request Forgery (CSRF) vulnerability in MagniGenie RestroPr ...) + TODO: check +CVE-2024-32448 (Cross-Site Request Forgery (CSRF) vulnerability in VideoYield.Com Ads. ...) + TODO: check +CVE-2024-32447 (Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Tea ...) + TODO: check +CVE-2024-32446 (Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet Sy ...) + TODO: check +CVE-2024-32445 (Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team We ...) + TODO: check +CVE-2024-32443 (Cross-Site Request Forgery (CSRF) vulnerability in IP2Location Downloa ...) + TODO: check +CVE-2024-32442 (Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This ...) + TODO: check +CVE-2024-32441 (Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This ...) + TODO: check +CVE-2024-32440 (Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgar ...) + TODO: check +CVE-2024-32439 (Cross-Site Request Forgery (CSRF) vulnerability in SwitchWP WP Client ...) + TODO: check +CVE-2024-32438 (Cross-Site Request Forgery (CSRF) vulnerability in cleverplugins.Com S ...) + TODO: check +CVE-2024-32431 (Deserialization of Untrusted Data vulnerability in WP All Import Impor ...) + TODO: check +CVE-2024-32430 (Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.Thi ...) + TODO: check +CVE-2024-32429 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32428 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32149 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 614a7d0c by security tracker role at 2024-04-14T20:11:57+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-24863 (In malidp_mw_connector_reset, new memory is allocated with kzalloc, bu ...) + TODO: check +CVE-2024-24862 (In function pci1_spi_probe, there is a potential null pointer that ...) + TODO: check CVE-2024-3740 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3739 (A vulnerability classified as critical was found in cym1102 nginxWebUI ...) @@ -3028,6 +3032,7 @@ CVE-2024-3296 (A timing-based side-channel flaw exists in the rust-openssl packa [bullseye] - rust-openssl (Minor issue) NOTE: https://github.com/sfackler/rust-openssl/issues/2171 CVE-2024-31309 (HTTP/2 CONTINUATIONDoS attack can cause Apache Traffic Server to consu ...) + {DSA-5659-1} - trafficserver 9.2.4+ds-1 (bug #1068417) NOTE: https://www.kb.cert.org/vuls/id/421644 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2269627 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/614a7d0cea5a8bce4d5287ba7e77a03f2e5b948e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/614a7d0cea5a8bce4d5287ba7e77a03f2e5b948e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 83cbcf8b by security tracker role at 2024-04-14T08:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-3740 (A vulnerability, which was classified as critical, has been found in c ...) + TODO: check CVE-2024-3739 (A vulnerability classified as critical was found in cym1102 nginxWebUI ...) NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3738 (A vulnerability classified as critical has been found in cym1102 nginx ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83cbcf8bebf55cf93cd4876de13a6f07521f938a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83cbcf8bebf55cf93cd4876de13a6f07521f938a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ef3140e7 by security tracker role at 2024-04-13T20:11:58+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,8 +1,28 @@ -CVE-2024-32487 [less(1) with LESSOPEN mishandles \n in paths] +CVE-2024-3739 (A vulnerability classified as critical was found in cym1102 nginxWebUI ...) + TODO: check +CVE-2024-3738 (A vulnerability classified as critical has been found in cym1102 nginx ...) + TODO: check +CVE-2024-3737 (A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has be ...) + TODO: check +CVE-2024-3736 (A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has be ...) + TODO: check +CVE-2024-3735 (A vulnerability was found in Smart Office up to 20240405. It has been ...) + TODO: check +CVE-2024-3721 (A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 ...) + TODO: check +CVE-2024-3720 (A vulnerability has been found in Tianwell Fire Intelligent Command Pl ...) + TODO: check +CVE-2024-3719 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-3662 (The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerab ...) + TODO: check +CVE-2023-6494 (The WPC Smart Quick View for WooCommerce plugin for WordPress is vulne ...) + TODO: check +CVE-2024-32487 (less through 653 allows OS command execution via a newline character i ...) - less (bug #1068938) NOTE: https://www.openwall.com/lists/oss-security/2024/04/12/5 NOTE: Fixed by: https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33 -CVE-2024-26817 [amdkfd: use calloc instead of kzalloc to avoid integer overflow] +CVE-2024-26817 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux NOTE: https://git.kernel.org/linus/3b0daecfeac0103aba8b293df07a0cbaf8b43f29 CVE-2024-3027 (The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef3140e7f28a017b0f3520ead8fc060756be20b7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef3140e7f28a017b0f3520ead8fc060756be20b7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 35bc06b6 by security tracker role at 2024-04-13T08:11:47+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,25 @@ +CVE-2024-3027 (The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized ...) + TODO: check +CVE-2024-32028 (OpenTelemetry dotnet is a dotnet telemetry framework. In affected vers ...) + TODO: check +CVE-2024-32019 (Netdata is an open source observability tool. In affected versions the ...) + TODO: check +CVE-2024-32005 (NiceGUI is an easy-to-use, Python-based UI framework. A local file inc ...) + TODO: check +CVE-2024-32003 (wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk ...) + TODO: check +CVE-2024-31462 (stable-diffusion-webui is a web interface for Stable Diffusion, implem ...) + TODO: check +CVE-2024-2583 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) + TODO: check +CVE-2024-29023 (Xibo is an Open Source Digital Signage platform with a web content man ...) + TODO: check +CVE-2024-29022 (Xibo is an Open Source Digital Signage platform with a web content man ...) + TODO: check +CVE-2024-28869 (Traefik is an HTTP reverse proxy and load balancer. In affected versio ...) + TODO: check +CVE-2024-1957 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...) + TODO: check CVE-2024-3707 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) NOT-FOR-US: OpenGnsys CVE-2024-3706 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) @@ -916,9 +938,11 @@ CVE-2021-47181 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/14651496a3de6807a17c310f63c894ea0c5d858e (5.16-rc1) CVE-2024-26816 (In the Linux kernel, the following vulnerability has been resolved: x ...) + {DSA-5658-1} - linux NOTE: https://git.kernel.org/linus/aaa8736370db1a78f0e8434344a484f9fd20be3b (6.9-rc1) CVE-2024-26815 (In the Linux kernel, the following vulnerability has been resolved: n ...) + {DSA-5658-1} - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) @@ -1824,6 +1848,7 @@ CVE-2023-41677 (A insufficiently protected credentials in Fortinet FortiProxy 7. CVE-2022-4965 (The Invitation Code Content Restriction Plugin from CreativeMinds plug ...) NOT-FOR-US: WordPress plugin CVE-2024-2201 [Native Branch History Injection] + {DSA-5658-1} - linux - xen [bullseye] - xen (EOLed in Bullseye) @@ -2093,6 +2118,7 @@ CVE-2014-125111 (A vulnerability was found in namithjawahar Wp-Insert up to 2.0. CVE-2011-10006 (A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has ...) NOT-FOR-US: WordPress plugin CVE-2024-26811 (In the Linux kernel, the following vulnerability has been resolved: k ...) + {DSA-5658-1} - linux NOTE: https://git.kernel.org/linus/a677ebd8ca2f2632ccdecbad7b87641274e15aac (6.9-rc3) CVE-2024-2511 (Issue summary: Some non-default TLS server configurations can cause un ...) @@ -2556,19 +2582,24 @@ CVE-2023-49965 (SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS v CVE-2023-48426 (u-boot bug that allows for u-boot shell and interrupt over UART) NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in Debian) CVE-2024-27437 (In the Linux kernel, the following vulnerability has been resolved: v ...) + {DSA-5658-1} - linux NOTE: https://git.kernel.org/linus/fe9a7082684eb059b925c535682e68c34d487d43 (6.9-rc1) CVE-2024-26814 (In the Linux kernel, the following vulnerability has been resolved: v ...) + {DSA-5658-1} - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7447d911af699a15f8d050dfcb7c680a86f87012 (6.9-rc1) CVE-2024-26813 (In the Linux kernel, the following vulnerability has been resolved: v ...) + {DSA-5658-1} - linux NOTE: https://git.kernel.org/linus/675daf435e9f8e5a5eab140a9864dfad6668b375 (6.9-rc1) CVE-2024-26812 (In the Linux kernel, the following vulnerability has been resolved: v ...) + {DSA-5658-1} - linux NOTE: https://git.kernel.org/linus/18c198c96a815c962adc2b9b77909eec0be7df4d (6.9-rc1) CVE-2024-26810 (In the Linux kernel, the following vulnerability has been resolved: v ...) + {DSA-5658-1} - linux NOTE: https://git.kernel.org/linus/810cd4bb53456d0503cc4e7934e063835152c1b7 (6.9-rc1) CVE-2024-24746 (Loop with Unreachable Exit Condition ('Infinite
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4567ee24 by security tracker role at 2024-04-12T20:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,194 @@ -CVE-2024-31391 +CVE-2024-3707 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) + TODO: check +CVE-2024-3706 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) + TODO: check +CVE-2024-3705 (Unrestricted file upload vulnerability in OpenGnsys affecting version ...) + TODO: check +CVE-2024-3704 (SQL Injection Vulnerability has been found on OpenGnsys product affect ...) + TODO: check +CVE-2024-3698 (A vulnerability was found in Campcodes House Rental Management System ...) + TODO: check +CVE-2024-3697 (A vulnerability was found in Campcodes House Rental Management System ...) + TODO: check +CVE-2024-3696 (A vulnerability was found in Campcodes House Rental Management System ...) + TODO: check +CVE-2024-3695 (A vulnerability has been found in SourceCodester Computer Laboratory M ...) + TODO: check +CVE-2024-3691 (A vulnerability, which was classified as critical, has been found in P ...) + TODO: check +CVE-2024-3690 (A vulnerability classified as critical was found in PHPGurukul Small C ...) + TODO: check +CVE-2024-3689 (A vulnerability classified as problematic has been found in Zhejiang L ...) + TODO: check +CVE-2024-3688 (A vulnerability was found in Xiamen Four-Faith RMP Router Management P ...) + TODO: check +CVE-2024-3687 (A vulnerability was found in bihell Dice 3.1.0 and classified as probl ...) + TODO: check +CVE-2024-3686 (A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified ...) + TODO: check +CVE-2024-3685 (A vulnerability, which was classified as critical, was found in DedeCM ...) + TODO: check +CVE-2024-3211 (The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-3054 (WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR ...) + TODO: check +CVE-2024-32000 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging ...) + TODO: check +CVE-2024-31839 (Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allo ...) + TODO: check +CVE-2024-31818 (Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote at ...) + TODO: check +CVE-2024-31372 (Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bo ...) + TODO: check +CVE-2024-31371 (Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Eve ...) + TODO: check +CVE-2024-31364 (Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX W ...) + TODO: check +CVE-2024-31363 (Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issu ...) + TODO: check +CVE-2024-31362 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGr ...) + TODO: check +CVE-2024-31360 (Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC ...) + TODO: check +CVE-2024-31354 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow ...) + TODO: check +CVE-2024-31305 (Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.T ...) + TODO: check +CVE-2024-31303 (Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign- ...) + TODO: check +CVE-2024-31301 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple ...) + TODO: check +CVE-2024-31293 (Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downlo ...) + TODO: check +CVE-2024-31289 (Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Ele ...) + TODO: check +CVE-2024-31279 (Cross-Site Request Forgery (CSRF) vulnerability in Catch Plugins Gener ...) + TODO: check +CVE-2024-31272 (Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ...) + TODO: check +CVE-2024-31271 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate ...) + TODO: check +CVE-2024-31269 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Goog ...) + TODO: check +CVE-2024-31268 (Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team App ...) + TODO: check +CVE-2024-31265 (Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This is ...) + TODO: check +CVE-2024-31264 (Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counte ...) + TODO: check +CVE-2024-31263 (Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repaymen ...) + TODO: check +CVE-2024-31262 (Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60b95ffd by security tracker role at 2024-04-12T08:11:50+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,47 @@ +CVE-2024-3400 (A command injection vulnerability in the GlobalProtect feature of Palo ...) + TODO: check +CVE-2024-30850 (An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to exe ...) + TODO: check +CVE-2024-30614 (An issue in Ametys CMS v4.5.0 and before allows attackers to obtain se ...) + TODO: check +CVE-2024-2801 (The Shopkeeper Extender plugin for WordPress is vulnerable to Stored C ...) + TODO: check +CVE-2024-2137 (The All-in-One Addons for Elementor \u2013 WidgetKit plugin for WordPr ...) + TODO: check +CVE-2024-29400 (An issue was discovered in RuoYi v4.5.1, allows attackers to obtain se ...) + TODO: check +CVE-2024-28458 (Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 al ...) + TODO: check +CVE-2024-27592 (Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows a ...) + TODO: check +CVE-2024-25376 (An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBA ...) + TODO: check +CVE-2024-22734 (An issue was discovered in AMCS Group Trux Waste Management Software b ...) + TODO: check +CVE-2024-22526 (Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows loca ...) + TODO: check +CVE-2024-22357 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6 ...) + TODO: check +CVE-2023-50307 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6 ...) + TODO: check +CVE-2023-49528 (Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, al ...) + TODO: check +CVE-2023-48865 (An issue discovered in Reportico Till 8.1.0 allows attackers to obtain ...) + TODO: check +CVE-2023-45186 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6 ...) + TODO: check +CVE-2023-44857 (An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker ...) + TODO: check +CVE-2023-44856 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) + TODO: check +CVE-2023-44855 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) + TODO: check +CVE-2023-44854 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) + TODO: check +CVE-2023-44853 (\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a ...) + TODO: check +CVE-2023-44852 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) + TODO: check CVE-2024-1874 - php8.2 8.2.18-1 - php7.4 @@ -22,7 +66,7 @@ CVE-2024-2757 - php7.3 NOTE: Fixed in: 8.2.18 TODO: fill in with GHSA security advisory references and further details -CVE-2024-27309 +CVE-2024-27309 (While an Apache Kafka cluster is being migrated from ZooKeeper mode to ...) - kafka (bug #786460) CVE-2024-3344 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) NOT-FOR-US: WordPress plugin @@ -124,13 +168,13 @@ CVE-2023-32295 (Missing Authorization vulnerability in Alex Tselegidis Easy!Appo NOT-FOR-US: WordPress plugin CVE-2023-32228 (A firmware bug which may lead to misinterpretation of data in the AMC2 ...) NOT-FOR-US: Bosch -CVE-2024-3092 +CVE-2024-3092 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab -CVE-2024-2279 +CVE-2024-2279 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab -CVE-2023-6489 +CVE-2023-6489 (A denial of service vulnerability was identified in GitLab CE/EE, vers ...) - gitlab -CVE-2023-6678 +CVE-2023-6678 (An issue has been discovered in GitLab EE affecting all versions befor ...) - gitlab CVE-2024-3652 (The Libreswan Project was notified of an issue causing libreswan to re ...) - libreswan View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60b95ffd5838d72b879cc3f921af681abde47452 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60b95ffd5838d72b879cc3f921af681abde47452 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 95461784 by security tracker role at 2024-04-11T20:20:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,103 @@ +CVE-2024-3344 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) + TODO: check +CVE-2024-3343 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) + TODO: check +CVE-2024-32112 (Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. ...) + TODO: check +CVE-2024-32109 (Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / ...) + TODO: check +CVE-2024-32108 (Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Con ...) + TODO: check +CVE-2024-32107 (Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Li ...) + TODO: check +CVE-2024-32106 (Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Comp ...) + TODO: check +CVE-2024-32105 (Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX W ...) + TODO: check +CVE-2024-32083 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32080 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31937 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31936 (Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP ...) + TODO: check +CVE-2024-31935 (Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple ...) + TODO: check +CVE-2024-31934 (Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link W ...) + TODO: check +CVE-2024-31932 (Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Bloc ...) + TODO: check +CVE-2024-31931 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31930 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31929 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31928 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31927 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31926 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31925 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31861 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-31678 (Sourcecodester Loan Management System v1.0 is vulnerable to SQL Inject ...) + TODO: check +CVE-2024-31387 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31361 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31285 (Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress T ...) + TODO: check +CVE-2024-30273 (Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack- ...) + TODO: check +CVE-2024-30272 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...) + TODO: check +CVE-2024-30271 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...) + TODO: check +CVE-2024-29454 (An issue discovered in packages or nodes in ROS2 Humble Hawksbill with ...) + TODO: check +CVE-2024-25852 (Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution v ...) + TODO: check +CVE-2024-22722 (Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1. ...) + TODO: check +CVE-2024-22721 (Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 al ...) + TODO: check +CVE-2024-22719 (SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to ru ...) + TODO: check +CVE-2024-22718 (Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows at ...) + TODO: check +CVE-2024-22717 (Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows at ...) + TODO: check +CVE-2024-20798 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...) + TODO: check +CVE-2024-20797 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of- ...) + TODO: check +CVE-2024-20796 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of- ...) + TODO: check +CVE-2024-20795 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a813895 by security tracker role at 2024-04-11T08:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,111 @@ +CVE-2024-3652 (The Libreswan Project was notified of an issue causing libreswan to re ...) + TODO: check +CVE-2024-3621 (A vulnerability was found in SourceCodester Kortex Lite Advocate Offic ...) + TODO: check +CVE-2024-3620 (A vulnerability was found in SourceCodester Kortex Lite Advocate Offic ...) + TODO: check +CVE-2024-3619 (A vulnerability has been found in SourceCodester Kortex Lite Advocate ...) + TODO: check +CVE-2024-3618 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-3617 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-3616 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2024-3614 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2024-3613 (A vulnerability was found in SourceCodester Warehouse Management Syste ...) + TODO: check +CVE-2024-3612 (A vulnerability was found in SourceCodester Warehouse Management Syste ...) + TODO: check +CVE-2024-3285 (The Slider, Gallery, and Carousel by MetaSlider \u2013 Responsive Word ...) + TODO: check +CVE-2024-32001 (SpiceDB is a graph database purpose-built for storing and evaluating a ...) + TODO: check +CVE-2024-31999 (@festify/secure-session creates a secure stateless cookie session for ...) + TODO: check +CVE-2024-31997 (XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, ...) + TODO: check +CVE-2024-31996 (XWiki Platform is a generic wiki platform. Starting in version 3.0.1 a ...) + TODO: check +CVE-2024-31995 (`@digitalbazaar/zcap` provides JavaScript reference implementation for ...) + TODO: check +CVE-2024-31988 (XWiki Platform is a generic wiki platform. Starting in version 13.9-rc ...) + TODO: check +CVE-2024-31987 (XWiki Platform is a generic wiki platform. Starting in version 6.4-mil ...) + TODO: check +CVE-2024-31986 (XWiki Platform is a generic wiki platform. Starting in version 3.1 and ...) + TODO: check +CVE-2024-31985 (XWiki Platform is a generic wiki platform. Starting in version 3.1 and ...) + TODO: check +CVE-2024-30917 (An issue was discovered in eProsima FastDDS v.2.14.0 and before, allow ...) + TODO: check +CVE-2024-30916 (An issue was discovered in eProsima FastDDS v.2.14.0 and before, allow ...) + TODO: check +CVE-2024-30915 (An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de ...) + TODO: check +CVE-2024-30885 (Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, a ...) + TODO: check +CVE-2024-30884 (Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version ...) + TODO: check +CVE-2024-30883 (Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6. ...) + TODO: check +CVE-2024-30880 (Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6. ...) + TODO: check +CVE-2024-30879 (Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6. ...) + TODO: check +CVE-2024-30878 (A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allo ...) + TODO: check +CVE-2024-30728 (An issue was discovered in the default configurations of ROS (Robot Op ...) + TODO: check +CVE-2024-2966 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) + TODO: check +CVE-2024-29903 (Cosign provides code signing and transparency for containers and binar ...) + TODO: check +CVE-2024-29902 (Cosign provides code signing and transparency for containers and binar ...) + TODO: check +CVE-2024-29504 (Cross Site Scripting vulnerability in Summernote v.0.8.18 and before a ...) + TODO: check +CVE-2024-29460 (An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate th ...) + TODO: check +CVE-2024-29455 (An arbitrary file upload vulnerability has been discovered in ROS2 Hum ...) + TODO: check +CVE-2024-29452 (An insecure deserialization vulnerability has been identified in ROS2 ...) + TODO: check +CVE-2024-29450 (An issue has been discovered in the permission and access control comp ...) + TODO: check +CVE-2024-29449 (An issue was discovered in ROS2 Humble Hawksbill in ROS_VERSION 2 and ...) + TODO: check +CVE-2024-29448 (A buffer overflow vulnerability has been discovered in the C++ compone ...) + TODO: check +CVE-2024-29447 (An issue was discovered in the default configurations of ROS2 Humble H ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2611a4fb by security tracker role at 2024-04-10T20:11:54+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,173 +1,411 @@ -CVE-2021-47219 [scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()] +CVE-2024-3570 (A stored Cross-Site Scripting (XSS) vulnerability exists in the chat f ...) + TODO: check +CVE-2024-3569 (A Denial of Service (DoS) vulnerability exists in the mintplex-labs/an ...) + TODO: check +CVE-2024-3568 (The huggingface/transformers library is vulnerable to arbitrary code e ...) + TODO: check +CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in the upda ...) + TODO: check +CVE-2024-3566 (A command inject vulnerability allows an attacker to perform command i ...) + TODO: check +CVE-2024-3516 (Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 ...) + TODO: check +CVE-2024-3515 (Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowe ...) + TODO: check +CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In this v ...) + TODO: check +CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN ...) + TODO: check +CVE-2024-3387 (A weak (low bit strength) device certificate in Palo Alto Networks Pan ...) + TODO: check +CVE-2024-3386 (An incorrect string comparison vulnerability in Palo Alto Networks PAN ...) + TODO: check +CVE-2024-3385 (A packet processing mechanism in Palo Alto Networks PAN-OS software en ...) + TODO: check +CVE-2024-3384 (A vulnerability in Palo Alto Networks PAN-OS software enables a remote ...) + TODO: check +CVE-2024-3383 (A vulnerability in how Palo Alto Networks PAN-OS software processes da ...) + TODO: check +CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that enable ...) + TODO: check +CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with manage ...) + TODO: check +CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome prior to 1 ...) + TODO: check +CVE-2024-3101 (In mintplex-labs/anything-llm, an improper input validation vulnerabil ...) + TODO: check +CVE-2024-3098 (A vulnerability was identified in the `exec_utils` class of the `llama ...) + TODO: check +CVE-2024-3025 (mintplex-labs/anything-llm is vulnerable to path traversal attacks due ...) + TODO: check +CVE-2024-31984 (Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, an ...) + TODO: check +CVE-2024-31983 (XWiki Platform is a generic wiki platform. In multilingual wikis, tran ...) + TODO: check +CVE-2024-31982 (XWiki Platform is a generic wiki platform. Starting in version 2.4-mil ...) + TODO: check +CVE-2024-31981 (XWiki Platform is a generic wiki platform. Starting in version 3.0.1 a ...) + TODO: check +CVE-2024-31944 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerc ...) + TODO: check +CVE-2024-31943 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipp ...) + TODO: check +CVE-2024-31939 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any X ...) + TODO: check +CVE-2024-31924 (Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Im ...) + TODO: check +CVE-2024-31874 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninit ...) + TODO: check +CVE-2024-31873 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains ha ...) + TODO: check +CVE-2024-31872 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) + TODO: check +CVE-2024-31871 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) + TODO: check +CVE-2024-31819 (An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker ...) + TODO: check +CVE-2024-31492 (An external control of file name or path vulnerability [CWE-73] in Fo ...) + TODO: check +CVE-2024-31465 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...) + TODO: check +CVE-2024-31464 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...) + TODO: check +CVE-2024-31461 (Plane, an open-source project management tool, has a Server-Side Reque ...) + TODO: check +CVE-2024-31430 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...) + TODO: check +CVE-2024-31386 (Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X ...) + TODO: check +CVE-2024-31358 (Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating ...) + TODO: check +CVE-2024-31356
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84fde809 by security tracker role at 2024-04-10T08:12:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,147 @@ +CVE-2024-3556 + REJECTED +CVE-2024-3542 (A vulnerability classified as problematic was found in Campcodes Churc ...) + TODO: check +CVE-2024-3541 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-3540 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) + TODO: check +CVE-2024-3539 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) + TODO: check +CVE-2024-3538 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) + TODO: check +CVE-2024-3537 (A vulnerability was found in Campcodes Church Management System 1.0 an ...) + TODO: check +CVE-2024-3536 (A vulnerability has been found in Campcodes Church Management System 1 ...) + TODO: check +CVE-2024-3535 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-3534 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-3533 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-3532 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-3531 (A vulnerability was found in Campcodes Complete Online Student Managem ...) + TODO: check +CVE-2024-3530 (A vulnerability was found in Campcodes Complete Online Student Managem ...) + TODO: check +CVE-2024-3529 (A vulnerability was found in Campcodes Complete Online Student Managem ...) + TODO: check +CVE-2024-3528 (A vulnerability was found in Campcodes Complete Online Student Managem ...) + TODO: check +CVE-2024-3526 (A vulnerability has been found in Campcodes Online Event Management Sy ...) + TODO: check +CVE-2024-3525 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-3524 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-3523 (A vulnerability classified as critical was found in Campcodes Online E ...) + TODO: check +CVE-2024-3522 (A vulnerability classified as critical has been found in Campcodes Onl ...) + TODO: check +CVE-2024-3521 (A vulnerability was found in Byzoro Smart S80 Management Platform up t ...) + TODO: check +CVE-2024-3313 (SUBNET Solutions Inc. has identified vulnerabilities in third-party c ...) + TODO: check +CVE-2024-3235 (The Essential Grid Gallery WordPress Plugin plugin for WordPress is vu ...) + TODO: check +CVE-2024-3210 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) + TODO: check +CVE-2024-3120 (A stack-buffer overflow vulnerability exists in all versions of sngrep ...) + TODO: check +CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of sngrep since ...) + TODO: check +CVE-2024-3020 (The plugin is vulnerable to PHP Object Injection in versions up to and ...) + TODO: check +CVE-2024-30737 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) + TODO: check +CVE-2024-30736 (An insecure deserialization vulnerability has been identified in ROS K ...) + TODO: check +CVE-2024-30735 (An arbitrary file upload vulnerability has been discovered in ROS Kine ...) + TODO: check +CVE-2024-30733 (A buffer overflow vulnerability has been discovered in the C++ compone ...) + TODO: check +CVE-2024-30730 (An insecure logging vulnerability has been identified within ROS Kinet ...) + TODO: check +CVE-2024-30729 (An OS command injection vulnerability has been discovered in ROS Kinet ...) + TODO: check +CVE-2024-30727 (An issue was discovered in ROS Kinetic Kame in Kinetic Kame ROS_VERSIO ...) + TODO: check +CVE-2024-30726 (A shell injection vulnerability was discovered in ROS (Robot Operating ...) + TODO: check +CVE-2024-30724 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) + TODO: check +CVE-2024-30723 (An unauthorized node injection vulnerability has been identified in RO ...) + TODO: check +CVE-2024-30722 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) + TODO: check +CVE-2024-30721 (An arbitrary file upload vulnerability has been discovered in ROS2 Das ...) + TODO: check +CVE-2024-30719 (An insecure deserialization vulnerability has been identified in ROS2 ...) + TODO: check +CVE-2024-30718 (An issue was discovered in ROS2 Dashing Diademata in
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 088a99dd by security tracker role at 2024-04-09T20:12:02+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,741 @@ +CVE-2024-3545 (Improper permission handling in the vault offline cache feature in Dev ...) + TODO: check +CVE-2024-3514 (The Responsive Tabs plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-3512 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) + TODO: check +CVE-2024-3446 (A double free vulnerability was found in QEMU virtio devices (virtio-g ...) + TODO: check +CVE-2024-3281 (A vulnerability was discovered in the firmware builds after 8.0.2.3267 ...) + TODO: check +CVE-2024-3267 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-3266 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-3244 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) + TODO: check +CVE-2024-3214 (The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-3213 (The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-3208 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...) + TODO: check +CVE-2024-3167 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-3136 (The MasterStudy LMS plugin for WordPress is vulnerable to Local File I ...) + TODO: check +CVE-2024-3097 (The WordPress Gallery Plugin \u2013 NextGEN Gallery plugin for WordPre ...) + TODO: check +CVE-2024-3093 (The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-3064 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for ...) + TODO: check +CVE-2024-3053 (The Forminator \u2013 Contact Form, Payment Form & Custom Form Builder ...) + TODO: check +CVE-2024-3046 (In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4 ...) + TODO: check +CVE-2024-31978 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) + TODO: check +CVE-2024-31868 (Improper Encoding or Escaping of Output vulnerability in Apache Zeppel ...) + TODO: check +CVE-2024-31867 (Improper Input Validation vulnerability in Apache Zeppelin. The attac ...) + TODO: check +CVE-2024-31866 (Improper Encoding or Escaping of Output vulnerability in Apache Zeppel ...) + TODO: check +CVE-2024-31865 (Improper Input Validation vulnerability in Apache Zeppelin. The attac ...) + TODO: check +CVE-2024-31864 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-31863 (Authentication Bypass by Spoofing vulnerability by replacing to exsiti ...) + TODO: check +CVE-2024-31862 (Improper Input Validation vulnerability in Apache Zeppelin when creati ...) + TODO: check +CVE-2024-31860 (Improper Input Validation vulnerability in Apache Zeppelin. By adding ...) + TODO: check +CVE-2024-31544 (A stored cross-site scripting (XSS) vulnerability in Computer Laborato ...) + TODO: check +CVE-2024-31507 (Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL ...) + TODO: check +CVE-2024-31506 (Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL ...) + TODO: check +CVE-2024-31487 (A improper limitation of a pathname to a restricted directory ('path t ...) + TODO: check +CVE-2024-31457 (gin-vue-admin is a backstage management system based on vue and gin, w ...) + TODO: check +CVE-2024-31455 (Minder by Stacklok is an open source software supply chain security pl ...) + TODO: check +CVE-2024-31454 (PsiTransfer is an open source, self-hosted file sharing solution. Prio ...) + TODO: check +CVE-2024-31453 (PsiTransfer is an open source, self-hosted file sharing solution. Prio ...) + TODO: check +CVE-2024-31370 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-31369 (Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad ...) + TODO: check +CVE-2024-31368 (Missing Authorization vulnerability in PenciDesign Soledad.This issue ...) + TODO: check +CVE-2024-31367 (Missing Authorization vulnerability in PenciDesign Soledad.This issue ...) + TODO: check +CVE-2024-30706 (An issue was discovered in ROS2 Dashing Diademata versions ROS_VERSION ...) + TODO: check +CVE-2024-30704 (An insecure deserialization vulnerability has been identified in ROS2 ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dc9d4ef9 by security tracker role at 2024-04-09T08:11:47+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,97 @@ +CVE-2024-3466 (A vulnerability was found in SourceCodester Laundry Management System ...) + TODO: check +CVE-2024-3465 (A vulnerability was found in SourceCodester Laundry Management System ...) + TODO: check +CVE-2024-31366 (Missing Authorization vulnerability in Themify Post Type Builder (PTB) ...) + TODO: check +CVE-2024-31365 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31047 (An issue in Academy Software Foundation openexr v.3.2.3 and before all ...) + TODO: check +CVE-2024-30701 (An insecure logging vulnerability in ROS2 Galactic Geochelone ROS_VERS ...) + TODO: check +CVE-2024-30699 (A buffer overflow vulnerability has been discovered in the C++ compone ...) + TODO: check +CVE-2024-30697 (An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 a ...) + TODO: check +CVE-2024-30696 (OS command injection vulnerability in ROS2 Galactic Geochelone in ROS_ ...) + TODO: check +CVE-2024-30695 (An issue was discovered in the default configurations of ROS2 Galactic ...) + TODO: check +CVE-2024-30694 (A shell injection vulnerability was discovered in ROS2 (Robot Operatin ...) + TODO: check +CVE-2024-30692 (A issue was discovered in ROS2 Galactic Geochelone versions ROS_VERSIO ...) + TODO: check +CVE-2024-30691 (An issue was discovered in ROS2 Galactic Geochelone in version ROS_VER ...) + TODO: check +CVE-2024-30690 (An unauthorized node injection vulnerability has been identified in RO ...) + TODO: check +CVE-2024-30688 (An arbitrary file upload vulnerability has been discovered in ROS2 Iro ...) + TODO: check +CVE-2024-30687 (An insecure deserialization vulnerability has been identified in ROS2 ...) + TODO: check +CVE-2024-30686 (An issue was discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ...) + TODO: check +CVE-2024-30684 (An insecure logging vulnerability has been identified within ROS2 Iron ...) + TODO: check +CVE-2024-30683 (A buffer overflow vulnerability has been discovered in the C++ compone ...) + TODO: check +CVE-2024-30681 (An OS command injection vulnerability has been discovered in ROS2 Iron ...) + TODO: check +CVE-2024-30680 (Shell injection vulnerability was discovered in ROS2 (Robot Operating ...) + TODO: check +CVE-2024-30679 (An issue was discovered in the default configurations of ROS2 Iron Irw ...) + TODO: check +CVE-2024-30678 (An issue has been discovered in ROS2 Iron Irwini ROS_VERSION 2 and ROS ...) + TODO: check +CVE-2024-30676 (A Denial-of-Service (DoS) vulnerability exists in ROS2 Iron Irwini ver ...) + TODO: check +CVE-2024-30218 (The ABAP Application Server of SAP NetWeaver as well as ABAP Platforma ...) + TODO: check +CVE-2024-30217 (Cash Management in SAP S/4 HANA does not perform necessary authorizati ...) + TODO: check +CVE-2024-30216 (Cash Management in SAP S/4 HANA does not perform necessary authorizati ...) + TODO: check +CVE-2024-30215 (The Resource Settings page allows a high privilege attacker to load ex ...) + TODO: check +CVE-2024-30214 (The application allows a high privilege attacker to append a malicious ...) + TODO: check +CVE-2024-2975 (A race condition was identified through which privilege escalation was ...) + TODO: check +CVE-2024-28167 (SAP Group Reporting Data Collectiondoes not perform necessary authoriz ...) + TODO: check +CVE-2024-27901 (SAP Asset Accounting could allow a high privileged attacker to exploit ...) + TODO: check +CVE-2024-27899 (Self-Registrationand Modify your own profile in User Admin Application ...) + TODO: check +CVE-2024-27898 (SAP NetWeaver application, due to insufficient input validation, allow ...) + TODO: check +CVE-2024-27632 (An issue in GNU Savane v.3.12 and before allows a remote attacker to e ...) + TODO: check +CVE-2024-27631 (Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and befo ...) + TODO: check +CVE-2024-27630 (Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and befor ...) + TODO: check +CVE-2024-25646 (Due to improper validation,SAP BusinessObject Business Intelligence La ...) + TODO: check +CVE-2024-23584 (The NMAP Importer service may expose data store credentials to authori ...) + TODO: check +CVE-2024-23084 (Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsExce ...) + TODO: check +CVE-2024-23081 (ThreeTen Backport v1.6.8 was discovered to contain a NullPointerExcept
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 82289868 by security tracker role at 2024-04-08T20:12:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,159 @@ -CVE-2024-26811 [ksmbd: validate payload size in ipc response] +CVE-2024-3464 (A vulnerability was found in SourceCodester Laundry Management System ...) + TODO: check +CVE-2024-3463 (A vulnerability has been found in SourceCodester Laundry Management Sy ...) + TODO: check +CVE-2024-3458 (A vulnerability classified as critical was found in Netentsec NS-ASG A ...) + TODO: check +CVE-2024-3457 (A vulnerability classified as critical has been found in Netentsec NS- ...) + TODO: check +CVE-2024-3456 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) + TODO: check +CVE-2024-3455 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) + TODO: check +CVE-2024-3445 (A vulnerability was found in SourceCodester Laundry Management System ...) + TODO: check +CVE-2024-3444 (A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It ...) + TODO: check +CVE-2024-3443 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2024-3442 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-3441 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + TODO: check +CVE-2024-3440 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + TODO: check +CVE-2024-3439 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + TODO: check +CVE-2024-3438 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + TODO: check +CVE-2024-31817 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensi ...) + TODO: check +CVE-2024-31816 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensi ...) + TODO: check +CVE-2024-31815 (In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the c ...) + TODO: check +CVE-2024-31814 (TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login ...) + TODO: check +CVE-2024-31813 (TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authenticati ...) + TODO: check +CVE-2024-31812 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensi ...) + TODO: check +CVE-2024-31811 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...) + TODO: check +CVE-2024-31809 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...) + TODO: check +CVE-2024-31808 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...) + TODO: check +CVE-2024-31807 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...) + TODO: check +CVE-2024-31806 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Deni ...) + TODO: check +CVE-2024-31805 (TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Te ...) + TODO: check +CVE-2024-31447 (Shopware 6 is an open commerce platform based on Symfony Framework and ...) + TODO: check +CVE-2024-31442 (Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In al ...) + TODO: check +CVE-2024-31375 (Missing Authorization vulnerability in Saleswonder.Biz Team WP2LEADS.T ...) + TODO: check +CVE-2024-31357 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31224 (GPT Academic provides interactive interfaces for large language models ...) + TODO: check +CVE-2024-31221 (Sunshine is a self-hosted game stream host for Moonlight. Starting in ...) + TODO: check +CVE-2024-31205 (Saleor is an e-commerce platform. Starting in version 3.10.0 and prior ...) + TODO: check +CVE-2024-30269 (DataEase, an open source data visualization and analysis tool, has a d ...) + TODO: check +CVE-2024-2834 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified ...) + TODO: check +CVE-2024-28732 (An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu ver ...) + TODO: check +CVE-2024-28270 (An issue discovered in web-flash v3.0 allows attackers to reset passwo ...) + TODO: check +CVE-2024-28224 (Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadve ...) + TODO: check +CVE-2024-28066 (In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a h ...) + TODO: check +CVE-2024-27897 (Input verification vulnerability in the call module. Impact: Successfu ...) + TODO: check +CVE-2024-27896 (Input verification
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f72ca01 by security tracker role at 2024-04-08T08:11:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,101 @@ +CVE-2024-3437 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + TODO: check +CVE-2024-3436 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + TODO: check +CVE-2024-3434 (A vulnerability classified as critical was found in CP Plus Wi-Fi Came ...) + TODO: check +CVE-2024-3433 (A vulnerability classified as problematic has been found in PuneethRed ...) + TODO: check +CVE-2024-3432 (A vulnerability was found in PuneethReddyHC Event Management 1.0. It h ...) + TODO: check +CVE-2024-3431 (A vulnerability was found in EyouCMS 1.6.5. It has been declared as cr ...) + TODO: check +CVE-2024-3430 (A vulnerability was found in QKSMS up to 3.9.4 on Android. It has been ...) + TODO: check +CVE-2024-31951 (In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, ...) + TODO: check +CVE-2024-31950 (In FRRouting (FRR) through 9.1, there can be a buffer overflow and dae ...) + TODO: check +CVE-2024-31949 (In FRRouting (FRR) through 9.1, an infinite loop can occur when receiv ...) + TODO: check +CVE-2024-31948 (In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix S ...) + TODO: check +CVE-2024-31022 (An issue was discovered in CandyCMS version 1.0.0, allows remote attac ...) + TODO: check +CVE-2024-30675 (Unauthorized node injection vulnerability in ROS2 Iron Irwini in ROS_V ...) + TODO: check +CVE-2024-30674 (Unauthorized access vulnerability in ROS2 Iron Irwini in ROS_VERSION i ...) + TODO: check +CVE-2024-30672 (Arbitrary file upload vulnerability in ROS (Robot Operating System) Me ...) + TODO: check +CVE-2024-30667 (Insecure deserialization vulnerability in ROS (Robot Operating System) ...) + TODO: check +CVE-2024-30666 (A buffer overflow vulnerability has been discovered in the C++ compone ...) + TODO: check +CVE-2024-30665 (An OS command injection vulnerability has been discovered in ROS (Robo ...) + TODO: check +CVE-2024-30663 (An issue was discovered in the default configurations of ROS (Robot Op ...) + TODO: check +CVE-2024-30662 (An issue was discovered in ROS (Robot Operating System) Melodic Moreni ...) + TODO: check +CVE-2024-30661 (An unauthorized access vulnerability has been discovered in ROS Melodi ...) + TODO: check +CVE-2024-30659 (Shell Injection vulnerability in ROS (Robot Operating System) Melodic ...) + TODO: check +CVE-2024-28744 (The password is empty in the initial configuration of ACERA 9010-08 fi ...) + TODO: check +CVE-2024-27488 (Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 thro ...) + TODO: check +CVE-2024-23658 (In camera driver, there is a possible use after free due to a logic er ...) + TODO: check +CVE-2024-1958 (The wpb-show-core WordPress plugin before 2.7 does not sanitise and es ...) + TODO: check +CVE-2024-1956 (The wpb-show-core WordPress plugin before 2.7 does not sanitise and es ...) + TODO: check +CVE-2024-1752 (The Font Farsi WordPress plugin through 1.6.6 does not sanitise and es ...) + TODO: check +CVE-2024-1589 (The SendPress Newsletters WordPress plugin through 1.23.11.6 does not ...) + TODO: check +CVE-2024-1588 (The SendPress Newsletters WordPress plugin through 1.23.11.6 does not ...) + TODO: check +CVE-2024-1292 (The wpb-show-core WordPress plugin before 2.6 does not sanitise and es ...) + TODO: check +CVE-2023-52536 (In faceid service, there is a possible out of bounds read due to a mis ...) + TODO: check +CVE-2023-52535 (In vsp driver, there is a possible missing verification incorrect inpu ...) + TODO: check +CVE-2023-52534 (In ngmm, there is a possible undefined behavior due to incorrect error ...) + TODO: check +CVE-2023-52533 (In modem-ps-nas-ngmm, there is a possible undefined behavior due to in ...) + TODO: check +CVE-2023-52352 (In Network Adapter Service, there is a possible missing permission che ...) + TODO: check +CVE-2023-52351 (In ril service, there is a possible out of bounds write due to a missi ...) + TODO: check +CVE-2023-52350 (In ril service, there is a possible out of bounds write due to a missi ...) + TODO: check +CVE-2023-52349 (In ril service, there is a possible out of bounds write due to a missi ...) + TODO: check +CVE-2023-52348 (In ril service, there is a possible out of bounds write due to a missi ...) + TODO: check +CVE-2023-52347 (In ril service, there is a possible out of bounds write due to a missi ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 49c2eef2 by security tracker role at 2024-04-07T20:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,93 @@ +CVE-2024-3428 (A vulnerability has been found in SourceCodester Online Courseware 1.0 ...) + TODO: check +CVE-2024-3427 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check +CVE-2024-3426 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-3425 (A vulnerability classified as critical was found in SourceCodester Onl ...) + TODO: check +CVE-2024-3424 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-3423 (A vulnerability was found in SourceCodester Online Courseware 1.0. It ...) + TODO: check +CVE-2024-3422 (A vulnerability was found in SourceCodester Online Courseware 1.0. It ...) + TODO: check +CVE-2024-3421 (A vulnerability was found in SourceCodester Online Courseware 1.0. It ...) + TODO: check +CVE-2024-3420 (A vulnerability was found in SourceCodester Online Courseware 1.0 and ...) + TODO: check +CVE-2024-3419 (A vulnerability has been found in SourceCodester Online Courseware 1.0 ...) + TODO: check +CVE-2024-3418 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-31349 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31348 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31346 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31345 (Unrestricted Upload of File with Dangerous Type vulnerability in Sukhc ...) + TODO: check +CVE-2024-31344 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31308 (Deserialization of Untrusted Data vulnerability in VJInfotech WP Impor ...) + TODO: check +CVE-2024-31306 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31296 (Authorization Bypass Through User-Controlled Key vulnerability in Repu ...) + TODO: check +CVE-2024-31292 (Unrestricted Upload of File with Dangerous Type vulnerability in Moove ...) + TODO: check +CVE-2024-31291 (Authorization Bypass Through User-Controlled Key vulnerability in Meta ...) + TODO: check +CVE-2024-31288 (Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoa ...) + TODO: check +CVE-2024-31286 (Unrestricted Upload of File with Dangerous Type vulnerability in J.N. ...) + TODO: check +CVE-2024-31280 (Unrestricted Upload of File with Dangerous Type vulnerability in Andy ...) + TODO: check +CVE-2024-31277 (Deserialization of Untrusted Data vulnerability in PickPlugins Product ...) + TODO: check +CVE-2024-31260 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-31258 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31257 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31256 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31255 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31241 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-31236 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31234 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-31233 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30418 (Vulnerability of insufficient permission verification in the app manag ...) + TODO: check +CVE-2024-30417 (Path traversal vulnerability in the Bluetooth-based sharing module. Im ...) + TODO: check +CVE-2024-30416 (Use After Free (UAF) vulnerability in the underlying driver module. Im ...) + TODO: check +CVE-2024-22155 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooComme ...) + TODO: check +CVE-2023-52717 (Permission verification vulnerability in the lock screen module. Impac ...) + TODO: check +CVE-2023-52716 (Vulnerability of starting activities in the background in the Activity ...) + TODO: check +CVE-2023-52715 (The SystemUI module has a vulnerability in permission management. Impa ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c92c5df7 by security tracker role at 2024-04-07T08:12:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2024-3417 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-3416 (A vulnerability classified as critical was found in SourceCodester Onl ...) + TODO: check +CVE-2024-3415 (A vulnerability was found in SourceCodester Human Resource Information ...) + TODO: check +CVE-2024-3414 (A vulnerability was found in SourceCodester Human Resource Information ...) + TODO: check +CVE-2024-30415 (Vulnerability of improper permission control in the window management ...) + TODO: check +CVE-2024-30414 (Command injection vulnerability in the AccountManager module. Impact: ...) + TODO: check +CVE-2024-30413 (Vulnerability of improper permission control in the window management ...) + TODO: check +CVE-2023-6877 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...) + TODO: check CVE-2024-3413 (A vulnerability has been found in SourceCodester Human Resource Inform ...) NOT-FOR-US: SourceCodester Human Resource Information System CVE-2024-3378 (A vulnerability has been found in iboss Secure Web Gateway up to 10.1 ...) @@ -373,7 +389,7 @@ CVE-2024-28871 (LibHTP is a security-aware parser for the HTTP protocol and the NOTE: https://redmine.openinfosecfoundation.org/issues/6757 CVE-2024-28787 (IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application G ...) NOT-FOR-US: IBM -CVE-2024-27575 (Directory Traversal vulnerability in INOTEC Sicherheitstechnik GmbH IN ...) +CVE-2024-27575 (INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote a ...) NOT-FOR-US: INOTEC CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is ...) NOT-FOR-US: IBM @@ -3243,7 +3259,7 @@ CVE-2023-39311 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion F CVE-2023-34020 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in U ...) NOT-FOR-US: WordPress plugin CVE-2024-28085 (wall in util-linux through 2.40, often installed with setgid tty permi ...) - {DSA-5650-1} + {DSA-5650-1 DLA-3782-1} - util-linux 2.39.3-11 (bug #1067849) NOTE: https://www.openwall.com/lists/oss-security/2024/03/27/5 NOTE: https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253 (v2.40) @@ -11791,6 +11807,7 @@ CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF li CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Ser ...) NOT-FOR-US: Tencent Blueking CMDB CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 SSL con ...) + {DLA-3780-1} - jetty9 9.4.54-1 (bug #1064923) NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 NOTE: https://github.com/jetty/jetty.project/issues/11256 @@ -16484,6 +16501,7 @@ CVE-2023-52426 (libexpat through 2.5.0 allows recursive XML Entity Expansion if NOTE: CVE is for fixing billion laughs attacks for users compiling *without* XML_DTD defined, NOTE: which is not the case for Debian. CVE-2023-52425 (libexpat through 2.5.0 allows a denial of service (resource consumptio ...) + {DLA-3783-1} - expat 2.6.0-1 (bug #1063238) NOTE: https://github.com/libexpat/libexpat/pull/789 NOTE: Merge commit: https://github.com/libexpat/libexpat/commit/34b598c5f594b015c513c73f06e7ced3323edbf1 @@ -186668,6 +186686,7 @@ CVE-2021-40814 (The Customer Photo Gallery addon before 2.9.4 for PrestaShop is CVE-2021-40813 (A cross-site scripting (XSS) vulnerability in the "Zip content" featur ...) NOT-FOR-US: Element-IT HTTP Commander CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...) + {DLA-3781-1} - libgd2 2.3.3-1 [bullseye] - libgd2 (Minor issue) [stretch] - libgd2 (Minor issue) @@ -193584,6 +193603,7 @@ CVE-2021-38117 CVE-2021-38116 RESERVED CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) thr ...) + {DLA-3781-1} - libgd2 2.3.3-1 (bug #991912) [bullseye] - libgd2 (Minor issue) [stretch] - libgd2 (Minor issue) @@ -195059,6 +195079,7 @@ CVE-2021-37599 (The exporter/Login.aspx login form in the Exporter in Nuance Win CVE-2021-3668 RESERVED CVE-2021-37600 (An integer overflow in util-linux through 2.37.1 can potentially cause ...) + {DLA-3782-1} - util-linux 2.36.1-8 (low; bug #991619) [stretch] -
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1842a9d7 by security tracker role at 2024-04-06T20:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,33 @@ +CVE-2024-3413 (A vulnerability has been found in SourceCodester Human Resource Inform ...) + TODO: check +CVE-2024-3378 (A vulnerability has been found in iboss Secure Web Gateway up to 10.1 ...) + TODO: check +CVE-2024-3377 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2024-3376 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-3369 (A vulnerability, which was classified as critical, has been found in c ...) + TODO: check +CVE-2024-3366 (A vulnerability classified as problematic was found in Xuxueli xxl-job ...) + TODO: check +CVE-2024-3365 (A vulnerability was found in SourceCodester Online Library System 1.0. ...) + TODO: check +CVE-2024-3364 (A vulnerability was found in SourceCodester Online Library System 1.0. ...) + TODO: check +CVE-2024-3363 (A vulnerability was found in SourceCodester Online Library System 1.0. ...) + TODO: check +CVE-2024-2296 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...) + TODO: check +CVE-2024-2132 (The Ultimate Bootstrap Elements for Elementor plugin for WordPress is ...) + TODO: check +CVE-2024-28741 (Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 a ...) + TODO: check +CVE-2024-27620 (An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to o ...) + TODO: check +CVE-2024-25029 (IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows s ...) + TODO: check +CVE-2024-22328 (IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attack ...) + TODO: check CVE-2024- [RUSTSEC-2024-0332: Degradation of service in h2 servers with CONTINUATION Flood] - rust-h2 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0332.html @@ -204,7 +234,7 @@ CVE-2024-26812 (In the Linux kernel, the following vulnerability has been resolv CVE-2024-26810 (In the Linux kernel, the following vulnerability has been resolved: v ...) - linux NOTE: https://git.kernel.org/linus/810cd4bb53456d0503cc4e7934e063835152c1b7 (6.9-rc1) -CVE-2024-24746 +CVE-2024-24746 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...) NOT-FOR-US: Apache NimBLE CVE-2024-3321 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester eLearning System @@ -1448,17 +1478,17 @@ CVE-2023-35764 (Insufficient verification of data authenticity issue in Survey M NOT-FOR-US: Survey Maker CVE-2023-34423 (Survey Maker prior to 3.6.4 contains a stored cross-site scripting vul ...) NOT-FOR-US: Survey Maker -CVE-2024-3159 +CVE-2024-3159 (Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312 ...) {DSA-5654-1} - chromium 123.0.6312.105-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-3158 +CVE-2024-3158 (Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 a ...) {DSA-5654-1} - chromium 123.0.6312.105-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-3156 +CVE-2024-3156 (Inappropriate implementation in V8 in Google Chrome prior to 123.0.631 ...) {DSA-5654-1} - chromium 123.0.6312.105-1 [bullseye] - chromium (see #1061268) @@ -16321,7 +16351,7 @@ CVE-2023-47355 (The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quic NOT-FOR-US: com.eypcnnapps.quickreboot application CVE-2021-4436 (The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any aut ...) NOT-FOR-US: WordPress plugin -CVE-2024-0406 +CVE-2024-0406 (A flaw was discovered in the mholt/archiver package. This flaw allows ...) NOT-FOR-US: mholt/archiver Go package CVE-2024-25089 (Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows r ...) NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1842a9d767012a4ffeaf4a1ecfd330af962a8624 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1842a9d767012a4ffeaf4a1ecfd330af962a8624 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 79cafbdf by security tracker role at 2024-04-06T08:11:48+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,63 @@ +CVE-2024-3362 (A vulnerability was found in SourceCodester Online Library System 1.0 ...) + TODO: check +CVE-2024-3361 (A vulnerability has been found in SourceCodester Online Library System ...) + TODO: check +CVE-2024-3360 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-3359 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-3358 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2024-3357 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2024-3356 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) + TODO: check +CVE-2024-3355 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) + TODO: check +CVE-2024-3245 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) + TODO: check +CVE-2024-3216 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...) + TODO: check +CVE-2024-30977 (An issue in Secnet Security Network Intelligent AC Management System v ...) + TODO: check +CVE-2024-2950 (The BoldGrid Easy SEO \u2013 Simple and Effective SEO plugin for WordP ...) + TODO: check +CVE-2024-2949 (The Carousel, Slider, Gallery by WP Carousel \u2013 Image Carousel & P ...) + TODO: check +CVE-2024-2656 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) + TODO: check +CVE-2024-2471 (The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-2458 (The Powerkit \u2013 Supercharge your WordPress Site plugin for WordPre ...) + TODO: check +CVE-2024-2444 (The Inline Related Posts WordPress plugin before 3.5.0 does not saniti ...) + TODO: check +CVE-2024-27912 (A denial of service vulnerability was reported in some Lenovo Printers ...) + TODO: check +CVE-2024-27911 (A vulnerability was reported in some Lenovo Printers that could allow ...) + TODO: check +CVE-2024-27910 (A vulnerability was reported in some Lenovo Printers that could allow ...) + TODO: check +CVE-2024-27909 (A denial of service vulnerability was reported in the HTTPS service of ...) + TODO: check +CVE-2024-27908 (A buffer overflow vulnerability was reported in the HTTPS service of s ...) + TODO: check +CVE-2024-23592 (An authentication bypass vulnerability was reported in Lenovo devices ...) + TODO: check +CVE-2024-21506 (Versions of the package pymongo before 4.6.3 are vulnerable to Out-of- ...) + TODO: check +CVE-2024-1994 (The Image Watermark plugin for WordPress is vulnerable to unauthorized ...) + TODO: check +CVE-2024-1428 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) + TODO: check +CVE-2024-1385 (The WP-Stateless \u2013 Google Cloud Storage plugin for WordPress is v ...) + TODO: check +CVE-2024-0837 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) + TODO: check +CVE-2023-5912 (A potential memory leakage vulnerability was reported in some Lenovo N ...) + TODO: check +CVE-2023-4605 (A valid authenticated Lenovo XClarity Administrator (LXCA) user can po ...) + TODO: check CVE-2024-3354 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3353 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) @@ -6827,6 +6887,7 @@ CVE-2024-24693 (Improper access control in the installer for Zoom Rooms Client f CVE-2024-24692 (Race condition in the installer for Zoom Rooms Client for Windows befo ...) NOT-FOR-US: Zoom CVE-2024-24549 (Denial of Service due to improper input validation vulnerability for H ...) + {DLA-3779-1} - tomcat10 (bug #1066878) - tomcat9 9.0.70-2 NOTE: https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg @@ -6834,6 +6895,7 @@ CVE-2024-24549 (Denial of Service due to improper input validation vulnerability NOTE: https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0 (9.0.86) NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version CVE-2024-23672 (Denial of Service via incomplete cleanup vulnerability in Apache Tomca ...) + {DLA-3779-1} - tomcat10 (bug #1066877) - tomcat9 9.0.70-2
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5467c830 by security tracker role at 2024-04-05T20:12:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,17 +1,135 @@ -CVE-2024-27437 [vfio/pci: Disable auto-enable of exclusive INTx IRQ] +CVE-2024-3354 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) + TODO: check +CVE-2024-3353 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) + TODO: check +CVE-2024-3352 (A vulnerability has been found in SourceCodester Aplaya Beach Resort O ...) + TODO: check +CVE-2024-3351 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-3350 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-3349 (A vulnerability classified as critical was found in SourceCodester Apl ...) + TODO: check +CVE-2024-3348 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-3347 (A vulnerability was found in SourceCodester Airline Ticket Reservation ...) + TODO: check +CVE-2024-3346 (A vulnerability was found in Byzro Smart S80 up to 20240328. It has be ...) + TODO: check +CVE-2024-31852 (LLVM before 18.1.3 generates code in which the LR register can be over ...) + TODO: check +CVE-2024-31851 (A path traversal vulnerability exists in the Java version of CData Syn ...) + TODO: check +CVE-2024-31850 (A path traversal vulnerability exists in the Java version of CData Arc ...) + TODO: check +CVE-2024-31849 (A path traversal vulnerability exists in the Java version of CData Con ...) + TODO: check +CVE-2024-31848 (A path traversal vulnerability exists in the Java version of CData API ...) + TODO: check +CVE-2024-31220 (Sunshine is a self-hosted game stream host for Moonlight. Starting in ...) + TODO: check +CVE-2024-31218 (Webhood is a self-hosted URL scanner used analyzing phishing and malic ...) + TODO: check +CVE-2024-31213 (InstantCMS is a free and open source content management system. An ope ...) + TODO: check +CVE-2024-2499 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vul ...) + TODO: check +CVE-2024-2447 (Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x bef ...) + TODO: check +CVE-2024-2380 (Stored XSS in graph rendering in Checkmk <2.3.0b4.) + TODO: check +CVE-2024-2312 (GRUB2 does not call the module fini functions on exit, leading to Debi ...) + TODO: check +CVE-2024-29783 (In tmu_get_tr_thresholds, there is a possible out of bounds read due t ...) + TODO: check +CVE-2024-29782 (In tmu_get_tr_num_thresholds of tmu.c, there is a possible out of boun ...) + TODO: check +CVE-2024-29757 (there is a possible permission bypass due to Debug certs being allowli ...) + TODO: check +CVE-2024-29756 (In afe_callback of q6afe.c, there is a possible out of bounds write du ...) + TODO: check +CVE-2024-29755 (In tmu_get_pi of tmu.c, there is a possible out of bounds read due to ...) + TODO: check +CVE-2024-29754 (In TMU_IPC_GET_TABLE, there is a possible out of bounds read due to a ...) + TODO: check +CVE-2024-29753 (In tmu_set_control_temp_step of tmu.c, there is a possible out of boun ...) + TODO: check +CVE-2024-29752 (In tmu_set_tr_num_thresholds of tmu.c, there is a possible out of boun ...) + TODO: check +CVE-2024-29751 (In asn1_ec_pkey_parse_p384 of asn1_common.c, there is a possible OOB R ...) + TODO: check +CVE-2024-29750 (In km_exp_did_inner of kmv.c, there is a possible out of bounds read d ...) + TODO: check +CVE-2024-29749 (In tmu_set_tr_thresholds of tmu.c, there is a possible out of bounds w ...) + TODO: check +CVE-2024-29748 (there is a possible way to bypass due to a logic error in the code. T ...) + TODO: check +CVE-2024-29747 (In _dvfs_get_lv of dvfs.c, there is a possible out of bounds read due ...) + TODO: check +CVE-2024-29746 (In lpm_req_handler of lpm.c, there is a possible out of bounds write d ...) + TODO: check +CVE-2024-29745 (there is a possible Information Disclosure due to uninitialized data. ...) + TODO: check +CVE-2024-29744 (In tmu_get_gov_time_windows, there is a possible out of bounds read du ...) + TODO: check +CVE-2024-29743 (In tmu_set_temp_lut of tmu.c, there is a possible out of bounds write ...) + TODO: check +CVE-2024-29742 (In apply_minlock_constraint of dvfs.c, there is a possible out of boun ...) + TODO: check +CVE-2024-29741 (In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass du ...) + TODO: check +CVE-2024-29740 (In tmu_set_table of tmu.c, there is a
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad12f23c by security tracker role at 2024-04-05T08:11:40+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,63 @@ +CVE-2024-3321 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2024-3320 (A vulnerability was found in SourceCodester eLearning System 1.0. It h ...) + TODO: check +CVE-2024-3316 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) + TODO: check +CVE-2024-3315 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) + TODO: check +CVE-2024-3314 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) + TODO: check +CVE-2024-3311 (A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been de ...) + TODO: check +CVE-2024-3217 (The WP Directory Kit plugin for WordPress is vulnerable to SQL Injecti ...) + TODO: check +CVE-2024-31498 (ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge ...) + TODO: check +CVE-2024-31212 (InstantCMS is a free and open source content management system. A SQL ...) + TODO: check +CVE-2024-31211 (WordPress is an open publishing platform for the Web. Unserialization ...) + TODO: check +CVE-2024-31210 (WordPress is an open publishing platform for the Web. It's possible fo ...) + TODO: check +CVE-2024-31206 (dectalk-tts is a Node package to interact with the aeiou Dectalk web A ...) + TODO: check +CVE-2024-31204 (mailcow: dockerized is an open source groupware/email suite based on d ...) + TODO: check +CVE-2024-30891 (A command injection vulnerability exists in /goform/exeCommand in Tend ...) + TODO: check +CVE-2024-30849 (Arbitrary file upload vulnerability in Sourcecodester Complete E-Comme ...) + TODO: check +CVE-2024-30270 (mailcow: dockerized is an open source groupware/email suite based on d ...) + TODO: check +CVE-2024-30264 (Typebot is an open-source chatbot builder. A reflected cross-site scri ...) + TODO: check +CVE-2024-2509 (The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 ...) + TODO: check +CVE-2024-2115 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-29981 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + TODO: check +CVE-2024-29863 (A race condition in the installer executable in Qlik Qlikview before v ...) + TODO: check +CVE-2024-29672 (Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 al ...) + TODO: check +CVE-2024-29049 (Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability) + TODO: check +CVE-2024-27981 (A Command Injection vulnerability found in a Self-Hosted UniFi Network ...) + TODO: check +CVE-2024-27448 (MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Con ...) + TODO: check +CVE-2024-26329 (Chilkat before v9.5.0.98, allows attackers to obtain sensitive informa ...) + TODO: check +CVE-2024-22363 (SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expre ...) + TODO: check +CVE-2024-21894 (A heap overflow vulnerability in IPSec component of Ivanti Connect Sec ...) + TODO: check +CVE-2023-5973 (Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 doe ...) + TODO: check +CVE-2023-52235 (SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish ...) + TODO: check CVE-2024-3299 (Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free ...) NOT-FOR-US: Solidworks CVE-2024-3298 (Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the fi ...) @@ -7,7 +67,7 @@ CVE-2024-3262 (Information exposure vulnerability in RT software affecting versi - request-tracker5 NOTE: https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a NOTE: https://github.com/bestpractical/rt/commit/468f86bd3e82c3b5b5ef7087d416a7509d4b1abe -CVE-2024-3250 (It was discovered that Pebble's read-file API and the associated pebbl ...) +CVE-2024-3250 (It was discovered that Canonical's Pebble service manager read-file AP ...) TODO: check CVE-2024-3116 (pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerabi ...) - pgadmin4 (bug #834129) @@ -374,7 +434,7 @@ CVE-2024-1418 (The CGC Maintenance Mode plugin for WordPress is vulnerable to Se NOT-FOR-US: WordPress plugin CVE-2023-52043 (An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home M ...) NOT-FOR-US: D-Link -CVE-2023-45288 +CVE-2023-45288 (An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of ...) - golang-1.22
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3224f85c by security tracker role at 2024-04-04T20:12:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,167 +1,277 @@ -CVE-2024-26809 [netfilter: nft_set_pipapo: release elements in clone only from destroy path] +CVE-2024-3299 (Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free ...) + TODO: check +CVE-2024-3298 (Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the fi ...) + TODO: check +CVE-2024-3262 (Information exposure vulnerability in RT software affecting version 4. ...) + TODO: check +CVE-2024-3250 (It was discovered that Pebble's read-file API and the associated pebbl ...) + TODO: check +CVE-2024-3116 (pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerabi ...) + TODO: check +CVE-2024-31215 (Mobile Security Framework (MobSF) is a security research platform for ...) + TODO: check +CVE-2024-31209 (oidcc is the OpenID Connect client library for Erlang. Denial of Servi ...) + TODO: check +CVE-2024-31207 (Vite (French word for "quick", pronounced /vit/, like "veet") is a fro ...) + TODO: check +CVE-2024-30565 (An issue was discovered in SeaCMS version 12.9, allows remote attacker ...) + TODO: check +CVE-2024-30266 (wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime ...) + TODO: check +CVE-2024-30263 (macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. ...) + TODO: check +CVE-2024-30261 (Undici is an HTTP/1.1 client, written from scratch for Node.js. An att ...) + TODO: check +CVE-2024-30260 (Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici ...) + TODO: check +CVE-2024-30254 (MesonLSP is an unofficial, unendorsed language server for meson writte ...) + TODO: check +CVE-2024-30252 (Livemarks is a browser extension that provides RSS feed bookmark folde ...) + TODO: check +CVE-2024-30250 (Astro-Shield is an integration to enhance website security with SubRes ...) + TODO: check +CVE-2024-30249 (Cloudburst Network provides network components used within Cloudburst ...) + TODO: check +CVE-2024-2759 (Improper access control vulnerability in Apaczka plugin for PrestaShop ...) + TODO: check +CVE-2024-2660 (Vault and Vault Enterprise TLS certificates auth method did not correc ...) + TODO: check +CVE-2024-2103 (Inclusion of undocumented features vulnerability accessible when logge ...) + TODO: check +CVE-2024-29387 (projeqtor up to 11.2.0 was discovered to contain a remote code executi ...) + TODO: check +CVE-2024-29386 (projeqtor up to 11.2.0 was discovered to contain a SQL injection vulne ...) + TODO: check +CVE-2024-29193 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...) + TODO: check +CVE-2024-29192 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...) + TODO: check +CVE-2024-29191 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...) + TODO: check +CVE-2024-29182 (Collabora Online is a collaborative online office suite based on Libre ...) + TODO: check +CVE-2024-28871 (LibHTP is a security-aware parser for the HTTP protocol and the relate ...) + TODO: check +CVE-2024-28787 (IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application G ...) + TODO: check +CVE-2024-27575 (Directory Traversal vulnerability in INOTEC Sicherheitstechnik GmbH IN ...) + TODO: check +CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is ...) + TODO: check +CVE-2024-25709 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) + TODO: check +CVE-2024-25708 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) + TODO: check +CVE-2024-25706 (There is an HTML injection vulnerability in Esri Portal for ArcGIS <=1 ...) + TODO: check +CVE-2024-25705 (There is a cross site scripting vulnerability in the Esri Portal for A ...) + TODO: check +CVE-2024-25704 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) + TODO: check +CVE-2024-25703 (There is a reflected cross site scripting vulnerability in the home ap ...) + TODO: check +CVE-2024-25700 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) + TODO: check +CVE-2024-25699 (There is a difficult to exploit improper authentication issue in the H ...) + TODO: check +CVE-2024-25698 (There is a reflected cross site scripting vulnerability in the home ap ...) + TODO: check +CVE-2024-25697 (There is a Cross-site Scripting vulnerabilityin Portal for ArcGIS in v ...) + TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a37013ee by security tracker role at 2024-04-04T08:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,65 @@ +CVE-2024-3274 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Li ...) + TODO: check +CVE-2024-3273 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + TODO: check +CVE-2024-3272 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + TODO: check +CVE-2024-3270 (A vulnerability classified as problematic was found in ThingsBoard up ...) + TODO: check +CVE-2024-3030 (The Announce from the Dashboard plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-3022 (The BookingPress plugin for WordPress is vulnerable to arbitrary file ...) + TODO: check +CVE-2024-31025 (SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain ...) + TODO: check +CVE-2024-30265 (Collabora Online is a collaborative online office suite based on Libre ...) + TODO: check +CVE-2024-2919 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) + TODO: check +CVE-2024-2868 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) + TODO: check +CVE-2024-2830 (The WordPress Tag and Category Manager \u2013 AI Autotagger plugin for ...) + TODO: check +CVE-2024-2803 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-2692 (SiYuan version 3.0.3 allows executing arbitrary commands on the server ...) + TODO: check +CVE-2024-2689 (Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, ...) + TODO: check +CVE-2024-2008 (The Modal Popup Box \u2013 Popup Builder, Show Offers And News in Popu ...) + TODO: check +CVE-2024-29413 (Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote ...) + TODO: check +CVE-2024-29375 (CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a re ...) + TODO: check +CVE-2024-29225 (WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier all ...) + TODO: check +CVE-2024-29167 (SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated ...) + TODO: check +CVE-2024-29008 (A problem has been identified in the CloudStack additional VM configur ...) + TODO: check +CVE-2024-29007 (The CloudStack management server and secondary storage VM could be tri ...) + TODO: check +CVE-2024-29006 (By default the CloudStack management server honours the x-forwarded-fo ...) + TODO: check +CVE-2024-28870 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) + TODO: check +CVE-2024-28520 (File Upload vulnerability in Byzoro Networks Smart multi-service secur ...) + TODO: check +CVE-2024-27706 (Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows a ...) + TODO: check +CVE-2024-27705 (Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers ...) + TODO: check +CVE-2024-26258 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlie ...) + TODO: check +CVE-2024-25568 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlie ...) + TODO: check +CVE-2024-25503 (Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17. ...) + TODO: check +CVE-2024-1418 (The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensiti ...) + TODO: check +CVE-2023-52043 (An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home M ...) + TODO: check CVE-2023-45288 - golang-1.22 1.22.2-1 - golang-1.21 1.21.9-1 @@ -1119,7 +1181,7 @@ CVE-2024-20850 (Use of Implicit Intent for Sensitive Communication in Samsung Pa NOT-FOR-US: Samsung CVE-2024-20849 (Out-of-bound Write vulnerability in chunk parsing implementation of li ...) NOT-FOR-US: Samsung -CVE-2024-20848 (Out-of-bound Write vulnerability in text parsing implementation of lib ...) +CVE-2024-20848 (Improper Input Validation vulnerability in text parsing implementation ...) NOT-FOR-US: Samsung CVE-2024-20847 (Improper Access Control vulnerability in StorageManagerService prior t ...) NOT-FOR-US: Samsung @@ -76513,10 +76575,10 @@ CVE-2023-25202 RESERVED CVE-2023-25201 (Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit A ...) NOT-FOR-US: MultiTech Conduit AP MTCAP2-L4E1 -CVE-2023-25200 - RESERVED -CVE-2023-25199 - RESERVED +CVE-2023-25200 (An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 ...) + TODO: check +CVE-2023-25199 (A reflected cross-site scripting (XSS) vulnerability
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3aac4063 by security tracker role at 2024-04-03T20:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,386 +1,584 @@ -CVE-2024-26779 [wifi: mac80211: fix race condition on enabling fast-xmit] +CVE-2024-3259 (A vulnerability was found in SourceCodester Internship Portal Manageme ...) + TODO: check +CVE-2024-3258 (A vulnerability was found in SourceCodester Internship Portal Manageme ...) + TODO: check +CVE-2024-3257 (A vulnerability was found in SourceCodester Internship Portal Manageme ...) + TODO: check +CVE-2024-3256 (A vulnerability has been found in SourceCodester Internship Portal Man ...) + TODO: check +CVE-2024-3255 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-3254 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-3253 (A vulnerability classified as critical was found in SourceCodester Int ...) + TODO: check +CVE-2024-3252 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-3251 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) + TODO: check +CVE-2024-3181 (Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8 ...) + TODO: check +CVE-2024-3180 (Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 ...) + TODO: check +CVE-2024-3179 (Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.1 ...) + TODO: check +CVE-2024-3178 (Concrete CMS versions 9 below 9.2.8 and versions below8.5.16 are vulne ...) + TODO: check +CVE-2024-31420 (A NULL pointer dereference flaw was found in KubeVirt. This flaw allow ...) + TODO: check +CVE-2024-31419 (An information disclosure flaw was found in OpenShift Virtualization. ...) + TODO: check +CVE-2024-31393 (Dragging Javascript URLs to the address bar could cause them to be loa ...) + TODO: check +CVE-2024-31392 (If an insecure element was added to a page after a delay, Firefox woul ...) + TODO: check +CVE-2024-31390 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-31380 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-30572 (Netgear R6850 1.1.0.88 was discovered to contain a command injection v ...) + TODO: check +CVE-2024-30571 (An information leak in the BRS_top.html component of Netgear R6850 v1. ...) + TODO: check +CVE-2024-30570 (An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows ...) + TODO: check +CVE-2024-30569 (An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 a ...) + TODO: check +CVE-2024-30568 (Netgear R6850 1.1.0.88 was discovered to contain a command injection v ...) + TODO: check +CVE-2024-30366 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30334 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) + TODO: check +CVE-2024-30333 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) + TODO: check +CVE-2024-30332 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) + TODO: check +CVE-2024-30331 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30330 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30329 (Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vuln ...) + TODO: check +CVE-2024-30328 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30327 (Foxit PDF Reader template Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30326 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) + TODO: check +CVE-2024-30325 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30324 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) + TODO: check +CVE-2024-30323 (Foxit PDF Reader template Out-Of-Bounds Read Remote Code Execution Vul ...) + TODO: check +CVE-2024-30322 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-2758 (Tempesta FW rate limits are not enabled by default. They are either se ...) + TODO: check +CVE-2024-2753 (Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5 ...) + TODO: check +CVE-2024-2653
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cbf589b9 by security tracker role at 2024-04-03T08:11:40+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,159 @@ +CVE-2024-3248 (In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads ...) + TODO: check +CVE-2024-3247 (In Xpdf 4.05 (and earlier), a PDF object loop in an object stream lead ...) + TODO: check +CVE-2024-3227 (A vulnerability was found in Panwei eoffice OA up to 9.5. It has been ...) + TODO: check +CVE-2024-3226 (A vulnerability was found in Campcodes Online Patient Record Managemen ...) + TODO: check +CVE-2024-3225 (A vulnerability was found in SourceCodester PHP Task Management System ...) + TODO: check +CVE-2024-3224 (A vulnerability has been found in SourceCodester PHP Task Management S ...) + TODO: check +CVE-2024-3223 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-3222 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-3221 (A vulnerability classified as critical was found in SourceCodester PHP ...) + TODO: check +CVE-2024-3218 (A vulnerability classified as critical has been found in Shibang Commu ...) + TODO: check +CVE-2024-3209 (A vulnerability was found in UPX up to 4.2.2. It has been rated as cri ...) + TODO: check +CVE-2024-3207 (A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been ...) + TODO: check +CVE-2024-3205 (A vulnerability was found in yaml libyaml up to 0.2.5 and classified a ...) + TODO: check +CVE-2024-3204 (A vulnerability has been found in c-blosc2 up to 2.13.2 and classified ...) + TODO: check +CVE-2024-3203 (A vulnerability, which was classified as critical, was found in c-blos ...) + TODO: check +CVE-2024-3202 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-3162 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-31013 (Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, all ...) + TODO: check +CVE-2024-31012 (An issue was discovered in SEMCMS v.4.8, allows remote attackers to ex ...) + TODO: check +CVE-2024-31011 (Arbitrary file write vulnerability in beescms v.4.0, allows a remote a ...) + TODO: check +CVE-2024-31010 (SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker ...) + TODO: check +CVE-2024-31009 (SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker ...) + TODO: check +CVE-2024-31008 (An issue was discovered in WUZHICMS version 4.1.0, allows an attacker ...) + TODO: check +CVE-2024-30998 (SQL Injection vulnerability in PHPGurukul Men Salon Management System ...) + TODO: check +CVE-2024-30371 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30370 (RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability ...) + TODO: check +CVE-2024-30367 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30365 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30364 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Discl ...) + TODO: check +CVE-2024-30363 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Discl ...) + TODO: check +CVE-2024-30362 (Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution ...) + TODO: check +CVE-2024-30361 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30360 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30359 (Foxit PDF Reader AcroForm 3D Out-Of-Bounds Read Remote Code Execution ...) + TODO: check +CVE-2024-30358 (Foxit PDF Reader AcroForm User-After-Free Remote Code Execution Vulner ...) + TODO: check +CVE-2024-30357 (Foxit PDF Reader AcroForm Annotation Type Confusion Remote Code Execut ...) + TODO: check +CVE-2024-30356 (Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vu ...) + TODO: check +CVE-2024-30355 (Foxit PDF Reader AcroForm Out-Of-Bounds Write Remote Code Execution Vu ...) + TODO: check +CVE-2024-30354 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30353 (Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vul ...) + TODO: check +CVE-2024-30352 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: edaa68cc by security tracker role at 2024-04-02T20:11:54+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,89 @@ +CVE-2024-3151 (A vulnerability, which was classified as problematic, was found in Bdt ...) + TODO: check +CVE-2024-31109 (Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Wooc ...) + TODO: check +CVE-2024-31105 (Cross-Site Request Forgery (CSRF) vulnerability in Adam Bowen Tax Rate ...) + TODO: check +CVE-2024-30965 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-30946 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-30809 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) + TODO: check +CVE-2024-30808 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) + TODO: check +CVE-2024-30807 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) + TODO: check +CVE-2024-30806 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) + TODO: check +CVE-2024-30621 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName par ...) + TODO: check +CVE-2024-30620 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName pa ...) + TODO: check +CVE-2024-30532 (Server-Side Request Forgery (SSRF) vulnerability in Builderall Team Bu ...) + TODO: check +CVE-2024-30531 (Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nel ...) + TODO: check +CVE-2024-30335 (Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Di ...) + TODO: check +CVE-2024-30248 (Piccolo Admin is an admin interface/content management system for Pyth ...) + TODO: check +CVE-2024-2931 (The WPFront User Role Editor plugin for WordPress is vulnerable to Sen ...) + TODO: check +CVE-2024-2745 (Rapid7's InsightVM maintenance mode login page suffers from a sensitiv ...) + TODO: check +CVE-2024-2435 (For an attacker with pre-existing access to send a signal to a workflo ...) + TODO: check +CVE-2024-2389 (In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system c ...) + TODO: check +CVE-2024-29949 (There is a command injection vulnerability in some Hikvision NVRs. Thi ...) + TODO: check +CVE-2024-29948 (There is an out-of-bounds read vulnerability in some Hikvision NVRs. A ...) + TODO: check +CVE-2024-29947 (There is a NULL dereference pointer vulnerability in some Hikvision NV ...) + TODO: check +CVE-2024-29834 (This vulnerability allows authenticated users with produce or consume ...) + TODO: check +CVE-2024-29514 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...) + TODO: check +CVE-2024-28287 (A DOM-based open redirection in the returnUrl parameter of INSTINCT UI ...) + TODO: check +CVE-2024-24888 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenbe ...) + TODO: check +CVE-2024-22780 (Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows a r ...) + TODO: check +CVE-2024-22248 (VMware SD-WAN Orchestrator contains an open redirect vulnerability. A ...) + TODO: check +CVE-2024-22247 (VMware SD-WAN Edge contains a missing authentication and protection me ...) + TODO: check +CVE-2024-22246 (VMware SD-WAN Edge contains an unauthenticated command injection vulne ...) + TODO: check +CVE-2024-1946 (The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross- ...) + TODO: check +CVE-2024-1807 (The Product Sort and Display for WooCommerce plugin for WordPress is v ...) + TODO: check +CVE-2024-1732 (The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for ...) + TODO: check +CVE-2023-6951 (A Use of Weak Credentials vulnerability affecting the Wi-Fi network ge ...) + TODO: check +CVE-2023-6950 (An Improper Input Validation vulnerability affecting the FTP service r ...) + TODO: check +CVE-2023-6949 (A Missing Authentication for Critical Function issue affecting the HTT ...) + TODO: check +CVE-2023-6948 (A Buffer Copy without Checking Size of Input issue affecting the v2_sd ...) + TODO: check +CVE-2023-51456 (A Improper Input Validation issue affecting the v2_sdk_service running ...) + TODO: check +CVE-2023-51455 (A Improper Validation of Array Index issue affecting the v2_sdk_servic ...) + TODO: check +CVE-2023-51454 (A Out-of-bounds Write issue affecting the v2_sdk_service running on a ...) + TODO: check +CVE-2023-51453 (A Improper Input Validation issue affecting the v2_sdk_service running ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 861da87f by security tracker role at 2024-04-02T08:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,227 @@ +CVE-2024-3165 (System->Maintenance-> Log Files in dotCMS dashboard is providing the u ...) + TODO: check +CVE-2024-3164 (In dotCMS dashboard, the Tools and Log Files tabs under System \u2192 ...) + TODO: check +CVE-2024-3160 (** DISPUTED ** A vulnerability, which was classified as problematic, w ...) + TODO: check +CVE-2024-3148 (A vulnerability, which was classified as critical, has been found in D ...) + TODO: check +CVE-2024-3147 (A vulnerability classified as problematic was found in DedeCMS 5.7. Th ...) + TODO: check +CVE-2024-3146 (A vulnerability classified as problematic has been found in DedeCMS 5. ...) + TODO: check +CVE-2024-3145 (A vulnerability was found in DedeCMS 5.7. It has been rated as problem ...) + TODO: check +CVE-2024-3144 (A vulnerability was found in DedeCMS 5.7. It has been declared as prob ...) + TODO: check +CVE-2024-3143 (A vulnerability was found in DedeCMS 5.7. It has been classified as pr ...) + TODO: check +CVE-2024-3142 (A vulnerability was found in Clavister E10 and E80 up to 20240323 and ...) + TODO: check +CVE-2024-3141 (A vulnerability has been found in Clavister E10 and E80 up to 20240323 ...) + TODO: check +CVE-2024-3140 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check +CVE-2024-3139 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-3138 (** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS ...) + TODO: check +CVE-2024-3137 (Improper Privilege Management in uvdesk/community-skeleton) + TODO: check +CVE-2024-31005 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...) + TODO: check +CVE-2024-31004 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...) + TODO: check +CVE-2024-31003 (Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a rem ...) + TODO: check +CVE-2024-31002 (Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a rem ...) + TODO: check +CVE-2024-2925 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) + TODO: check +CVE-2024-2924 (The Creative Addons for Elementor plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-2839 (The Colibri Page Builder plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-2791 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) + TODO: check +CVE-2024-2369 (The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does ...) + TODO: check +CVE-2024-29276 (An issue was discovered in seeyonOA version 8, allows remote attackers ...) + TODO: check +CVE-2024-29086 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause ...) + TODO: check +CVE-2024-29074 (in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitr ...) + TODO: check +CVE-2024-28951 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) + TODO: check +CVE-2024-28226 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause ...) + TODO: check +CVE-2024-27334 (Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclo ...) + TODO: check +CVE-2024-27333 (Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclo ...) + TODO: check +CVE-2024-27332 (PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27331 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27330 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27329 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27328 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27327 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Ex ...) + TODO: check +CVE-2024-27326 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27325 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27324 (PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27323 (PDF-XChange Editor Updater Improper Certificate Validation Remote Code ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7c23b22d by security tracker role at 2024-04-01T20:12:31+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,103 @@ -CVE-2024-26655 [Fix memory leak in posix_clock_open()] +CVE-2024-3135 (The web server lacked CSRF tokens allowing an attacker to host malicio ...) + TODO: check +CVE-2024-3131 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) + TODO: check +CVE-2024-3130 (Hard-coded Credentialsin CoolKit eWeLlink app are before 5.4.x on Andr ...) + TODO: check +CVE-2024-3129 (A vulnerability was found in SourceCodester Image Accordion Gallery Ap ...) + TODO: check +CVE-2024-3128 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + TODO: check +CVE-2024-3125 (A vulnerability classified as problematic was found in Zebra ZTC GK420 ...) + TODO: check +CVE-2024-3124 (A vulnerability classified as problematic has been found in fridgecow ...) + TODO: check +CVE-2024-31099 (Missing Authorization vulnerability in Averta Shortcodes and extra fea ...) + TODO: check +CVE-2024-30872 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /include/authr ...) + TODO: check +CVE-2024-30871 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/appl ...) + TODO: check +CVE-2024-30870 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/address ...) + TODO: check +CVE-2024-30868 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_get ...) + TODO: check +CVE-2024-30867 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_vi ...) + TODO: check +CVE-2024-30866 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/menu.php.) + TODO: check +CVE-2024-30865 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_us ...) + TODO: check +CVE-2024-30864 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ ...) + TODO: check +CVE-2024-30863 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/hist ...) + TODO: check +CVE-2024-30862 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/index.php.) + TODO: check +CVE-2024-30861 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configg ...) + TODO: check +CVE-2024-30860 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_ ...) + TODO: check +CVE-2024-30859 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ ...) + TODO: check +CVE-2024-30858 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fi ...) + TODO: check +CVE-2024-29435 (An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary ...) + TODO: check +CVE-2024-29433 (A deserialization vulnerability in the FASTJSON component of Alldata v ...) + TODO: check +CVE-2024-28232 (Go package IceWhaleTech/CasaOS-UserService provides user management fu ...) + TODO: check +CVE-2024-25574 (SQL injection vulnerability exists in GetDIAE_usListParameters.) + TODO: check +CVE-2024-25080 (WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attac ...) + TODO: check +CVE-2024-21473 (Memory corruption while redirecting log file to any file location with ...) + TODO: check +CVE-2024-21472 (Memory corruption in Kernel while handling GPU operations.) + TODO: check +CVE-2024-21470 (Memory corruption while allocating memory for graphics.) + TODO: check +CVE-2024-21468 (Memory corruption when there is failed unmap operation in GPU.) + TODO: check +CVE-2024-21463 (Memory corruption while processing Codec2 during v13k decoder pitch sy ...) + TODO: check +CVE-2024-21454 (Transient DOS while decoding the ToBeSignedMessage in Automotive Telem ...) + TODO: check +CVE-2024-21453 (Transient DOS while decoding message of size that exceeds the availabl ...) + TODO: check +CVE-2024-21452 (Transient DOS while decoding an ASN.1 OER message containing a SEQUENC ...) + TODO: check +CVE-2023-6154 (A configuration setting issue in seccenter.exe as used in Bitdefender ...) + TODO: check +CVE-2023-48906 (Stack Overflow vulnerability in Btstack 1.6 and earlier allows attacke ...) + TODO: check +CVE-2023-43515 (Memory corruption in HLOS while running kernel address sanitizers (syz ...) + TODO: check +CVE-2023-33115 (Memory corruption while processing buffer initialization, when trusted ...) + TODO: check +CVE-2023-33111 (Information disclosure when VI calibration state set by ADSP is greate ...) + TODO: check +CVE-2023-33101 (Transient DOS while processing DL NAS TRANSPORT message with payload l ...) + TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 48e029f9 by security tracker role at 2024-04-01T08:11:38+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,57 @@ +CVE-2024-31033 (JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus ...) + TODO: check +CVE-2024-2278 (Themify WordPress plugin before 1.4.4 does not sanitise and escape so ...) + TODO: check +CVE-2024-2263 (Themify WordPress plugin before 1.4.4 does not sanitise and escape a ...) + TODO: check +CVE-2024-2262 (Themify WordPress plugin before 1.4.4 does not have CSRF check in its ...) + TODO: check +CVE-2024-28895 ('Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' A ...) + TODO: check +CVE-2024-27609 (Bonita before 2023.2-u2 allows stored XSS via a UI screen in the admin ...) + TODO: check +CVE-2024-20055 (In imgsys, there is a possible information disclosure due to a missing ...) + TODO: check +CVE-2024-20054 (In gnss, there is a possible escalation of privilege due to a missing ...) + TODO: check +CVE-2024-20053 (In flashc, there is a possible out of bounds write due to an uncaught ...) + TODO: check +CVE-2024-20052 (In flashc, there is a possible information disclosure due to an uncaug ...) + TODO: check +CVE-2024-20051 (In flashc, there is a possible system crash due to an uncaught excepti ...) + TODO: check +CVE-2024-20050 (In flashc, there is a possible information disclosure due to an uncaug ...) + TODO: check +CVE-2024-20049 (In flashc, there is a possible information disclosure due to an uncaug ...) + TODO: check +CVE-2024-20048 (In flashc, there is a possible information disclosure due to an uncaug ...) + TODO: check +CVE-2024-20047 (In battery, there is a possible out of bounds read due to an integer o ...) + TODO: check +CVE-2024-20046 (In battery, there is a possible escalation of privilege due to an inte ...) + TODO: check +CVE-2024-20045 (In audio, there is a possible out of bounds read due to an incorrect c ...) + TODO: check +CVE-2024-20044 (In da, there is a possible out of bounds write due to a missing bounds ...) + TODO: check +CVE-2024-20043 (In da, there is a possible out of bounds write due to a missing bounds ...) + TODO: check +CVE-2024-20042 (In da, there is a possible out of bounds write due to a missing bounds ...) + TODO: check +CVE-2024-20041 (In da, there is a possible out of bounds read due to a missing bounds ...) + TODO: check +CVE-2024-20040 (In wlan firmware, there is a possible out of bounds write due to impro ...) + TODO: check +CVE-2024-20039 (In modem protocol, there is a possible out of bounds write due to a mi ...) + TODO: check +CVE-2024-1526 (The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that u ...) + TODO: check +CVE-2023-51803 (LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons tha ...) + TODO: check +CVE-2016-15038 (A vulnerability, which was classified as critical, was found in NUUO N ...) + TODO: check +CVE-2014-125110 (A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on ...) + TODO: check CVE-2024-31123 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31122 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -15796,7 +15850,7 @@ CVE-2022-48622 (In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Wi [bullseye] - gdk-pixbuf (Revisit once fixed upstream) [buster] - gdk-pixbuf (Minor issue, recheck when fixed upstream) NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202 -CVE-2024-24399 (An arbitrary file upload vulnerability in LeptonCMS v7.0.0 allows auth ...) +CVE-2024-24399 (An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authent ...) NOT-FOR-US: LeptonCMS CVE-2024-23630 (An arbitrary firmware upload vulnerability exists in the Motorola MR2 ...) NOT-FOR-US: Motorola View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48e029f998289f54754651f75175f22d56b9d2fa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48e029f998289f54754651f75175f22d56b9d2fa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: adf940b4 by security tracker role at 2024-03-31T20:12:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,119 @@ +CVE-2024-31123 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31122 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31121 (Contributor Cross Site Scripting (XSS) in HeartThis <= 0.1.0 versions.) + TODO: check +CVE-2024-31120 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31117 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31116 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-31115 (Unrestricted Upload of File with Dangerous Type vulnerability in Quant ...) + TODO: check +CVE-2024-31114 (Unrestricted Upload of File with Dangerous Type vulnerability in biplo ...) + TODO: check +CVE-2024-31112 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31110 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31108 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31107 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31106 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31104 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31103 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31101 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31100 (Cross-Site Request Forgery (CSRF) vulnerability in Festi-Team Popup Ca ...) + TODO: check +CVE-2024-31097 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31096 (Cross-Site Request Forgery (CSRF) vulnerability in kopatheme Nictitate ...) + TODO: check +CVE-2024-31095 (Authorization Bypass Through User-Controlled Key vulnerability in Rica ...) + TODO: check +CVE-2024-31094 (Deserialization of Untrusted Data vulnerability in Filter Custom Field ...) + TODO: check +CVE-2024-31092 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31091 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31090 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31089 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31087 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31085 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31084 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30561 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30559 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30558 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30556 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30555 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30553 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30552 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30551 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30550 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30549 (Improper Neutralization of Input During Web Page Generation ('Cross-si
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 080cff02 by security tracker role at 2024-03-31T08:12:08+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2024-3118 (A vulnerability, which was classified as critical, has been found in D ...) + TODO: check +CVE-2024-3117 (A vulnerability classified as critical was found in YouDianCMS up to 9 ...) + TODO: check +CVE-2023-46808 (An file upload vulnerability in Ivanti ITSM before 2023.4, allows an a ...) + TODO: check +CVE-2023-41724 (A command injection vulnerability in Ivanti Sentry prior to 9.19.0 all ...) + TODO: check +CVE-2015-10131 (A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on W ...) + TODO: check CVE-2024-3091 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3090 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/080cff02f8f8f2ccfa07ed4a79def530e6aaf4f9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/080cff02f8f8f2ccfa07ed4a79def530e6aaf4f9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eb7a0829 by security tracker role at 2024-03-30T20:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,23 @@ +CVE-2024-3091 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) + TODO: check +CVE-2024-3090 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) + TODO: check +CVE-2024-3089 (A vulnerability has been found in PHPGurukul Emergency Ambulance Hirin ...) + TODO: check +CVE-2024-3088 (A vulnerability, which was classified as critical, was found in PHPGur ...) + TODO: check +CVE-2024-3087 (A vulnerability, which was classified as critical, has been found in P ...) + TODO: check +CVE-2024-3086 (A vulnerability classified as problematic was found in PHPGurukul Emer ...) + TODO: check +CVE-2024-3085 (A vulnerability classified as critical has been found in PHPGurukul Em ...) + TODO: check +CVE-2024-3018 (The Essential Addons for Elementor plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-2491 (The PowerPack Addons for Elementor plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-1522 (I have activated the CORS because I had a development ui that uses ano ...) + TODO: check CVE-2024-3084 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-2948 (The Favorites plugin for WordPress is vulnerable to Stored Cross-Site ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb7a082949ae1cc6713e00730e0d2bed1e837f4b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb7a082949ae1cc6713e00730e0d2bed1e837f4b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ab34b9c7 by security tracker role at 2024-03-30T08:11:35+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,35 @@ +CVE-2024-3084 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) + TODO: check +CVE-2024-2948 (The Favorites plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-2794 (The Gutenberg Block Editor Toolkit \u2013 EditorsKit plugin for WordPr ...) + TODO: check +CVE-2024-2144 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) + TODO: check +CVE-2024-2143 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) + TODO: check +CVE-2024-2142 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) + TODO: check +CVE-2024-2141 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) + TODO: check +CVE-2024-2140 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) + TODO: check +CVE-2024-2086 (The Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Pla ...) + TODO: check +CVE-2024-2047 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-29278 (funboot v1.1 is vulnerable to Cross Site Scripting (XSS) via the title ...) + TODO: check +CVE-2024-28288 (Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when re ...) + TODO: check +CVE-2024-1692 (The BoldGrid Easy SEO \u2013 Simple and Effective SEO plugin for WordP ...) + TODO: check +CVE-2024-1238 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-1051 (The List category posts plugin for WordPress is vulnerable to Stored C ...) + TODO: check +CVE-2024-0367 (The Unlimited Elements For Elementor plugin for WordPress is vulnerabl ...) + TODO: check CVE-2024-3081 (A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has be ...) NOT-FOR-US: EasyCorp EasyAdmin CVE-2024-3078 (A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab34b9c706ad80293c730ec13a63efccaa40fae1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab34b9c706ad80293c730ec13a63efccaa40fae1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 097b175d by security tracker role at 2024-03-29T20:18:40+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,329 @@ -CVE-2024-3094 +CVE-2024-3081 (A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has be ...) + TODO: check +CVE-2024-3078 (A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classi ...) + TODO: check +CVE-2024-3077 (An malicious BLE device can crash BLE victim device by sending malform ...) + TODO: check +CVE-2024-3061 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...) + TODO: check +CVE-2024-31032 (An issue in Huashi Private Cloud CDN Live Streaming Acceleration Serve ...) + TODO: check +CVE-2024-30645 (Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability v ...) + TODO: check +CVE-2024-30639 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the p ...) + TODO: check +CVE-2024-30638 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the ...) + TODO: check +CVE-2024-30637 (Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in t ...) + TODO: check +CVE-2024-30636 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the ...) + TODO: check +CVE-2024-30635 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located ...) + TODO: check +CVE-2024-30634 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the ...) + TODO: check +CVE-2024-30633 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...) + TODO: check +CVE-2024-30632 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...) + TODO: check +CVE-2024-30631 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...) + TODO: check +CVE-2024-30630 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the t ...) + TODO: check +CVE-2024-30629 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the l ...) + TODO: check +CVE-2024-30628 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the p ...) + TODO: check +CVE-2024-30627 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the d ...) + TODO: check +CVE-2024-30626 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...) + TODO: check +CVE-2024-30625 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the e ...) + TODO: check +CVE-2024-30624 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the u ...) + TODO: check +CVE-2024-30623 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the p ...) + TODO: check +CVE-2024-30622 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the m ...) + TODO: check +CVE-2024-30613 (Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time ...) + TODO: check +CVE-2024-30521 (Cross-Site Request Forgery (CSRF) vulnerability in Landingi Landingi L ...) + TODO: check +CVE-2024-30520 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30519 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30518 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custo ...) + TODO: check +CVE-2024-30514 (Insertion of Sensitive Information into Log File vulnerability in Paid ...) + TODO: check +CVE-2024-30513 (Authorization Bypass Through User-Controlled Key vulnerability in Meta ...) + TODO: check +CVE-2024-30511 (Insertion of Sensitive Information into Log File vulnerability in Fr\x ...) + TODO: check +CVE-2024-30510 (Unrestricted Upload of File with Dangerous Type vulnerability in Salon ...) + TODO: check +CVE-2024-30508 (Missing Authorization vulnerability in ThimPress WP Hotel Booking.This ...) + TODO: check +CVE-2024-30507 (Authorization Bypass Through User-Controlled Key vulnerability in Molo ...) + TODO: check +CVE-2024-30506 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30505 (Missing Authorization vulnerability in Andy Moyle Church Admin.This is ...) + TODO: check +CVE-2024-30504 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30503 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30502 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30501 (Improper Neutralization of Special Elements used in an SQL
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5439ffb8 by security tracker role at 2024-03-28T20:12:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,169 @@ +CVE-2024-3042 (A vulnerability was found in SourceCodester Simple Subscription Websit ...) + TODO: check +CVE-2024-3041 (A vulnerability has been found in Netentsec NS-ASG Application Securit ...) + TODO: check +CVE-2024-3040 (A vulnerability, which was classified as critical, was found in Netent ...) + TODO: check +CVE-2024-3039 (A vulnerability classified as critical has been found in Shanghai Brad ...) + TODO: check +CVE-2024-3019 (A flaw was found in PCP. The default pmproxy configuration exposes the ...) + TODO: check +CVE-2024-31140 (In JetBrains TeamCity before 2024.03 server administrators could remov ...) + TODO: check +CVE-2024-31139 (In JetBrains TeamCity before 2024.03 xXE was possible in the Maven bui ...) + TODO: check +CVE-2024-31138 (In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distri ...) + TODO: check +CVE-2024-31137 (In JetBrains TeamCity before 2024.03 reflected XSS was possible via Sp ...) + TODO: check +CVE-2024-31136 (In JetBrains TeamCity before 2024.03 2FA could be bypassed by providin ...) + TODO: check +CVE-2024-31135 (In JetBrains TeamCity before 2024.03 open redirect was possible on the ...) + TODO: check +CVE-2024-31134 (In JetBrains TeamCity before 2024.03 authenticated users without admin ...) + TODO: check +CVE-2024-31065 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) + TODO: check +CVE-2024-31064 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) + TODO: check +CVE-2024-31063 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) + TODO: check +CVE-2024-31062 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) + TODO: check +CVE-2024-31061 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) + TODO: check +CVE-2024-30612 (Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the dev ...) + TODO: check +CVE-2024-30607 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the device ...) + TODO: check +CVE-2024-30606 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page p ...) + TODO: check +CVE-2024-30604 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 ...) + TODO: check +CVE-2024-30603 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls p ...) + TODO: check +CVE-2024-30602 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedS ...) + TODO: check +CVE-2024-30601 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time p ...) + TODO: check +CVE-2024-30600 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedE ...) + TODO: check +CVE-2024-30599 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the device ...) + TODO: check +CVE-2024-30598 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in t ...) + TODO: check +CVE-2024-30597 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in t ...) + TODO: check +CVE-2024-30596 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30595 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30594 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30593 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located ...) + TODO: check +CVE-2024-30592 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30591 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30590 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30589 (Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerabilit ...) + TODO: check +CVE-2024-30588 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30587 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30586 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30585 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30584 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6328760a by security tracker role at 2024-03-28T08:11:37+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,209 @@ +CVE-2024-3024 (A vulnerability was found in appneta tcpreplay up to 4.4.4. It has bee ...) + TODO: check +CVE-2024-3015 (A vulnerability classified as critical was found in SourceCodester Sim ...) + TODO: check +CVE-2024-3014 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-3013 (A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated ...) + TODO: check +CVE-2024-3012 (A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been de ...) + TODO: check +CVE-2024-3011 (A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been cl ...) + TODO: check +CVE-2024-3010 (A vulnerability was found in Tenda FH1205 2.0.0.7(775) and classified ...) + TODO: check +CVE-2024-3009 (A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classi ...) + TODO: check +CVE-2024-3008 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-3007 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-3006 (A vulnerability classified as critical was found in Tenda FH1205 2.0.0 ...) + TODO: check +CVE-2024-3004 (A vulnerability was found in code-projects Online Book System 1.0 and ...) + TODO: check +CVE-2024-3003 (A vulnerability has been found in code-projects Online Book System 1.0 ...) + TODO: check +CVE-2024-3002 (A vulnerability, which was classified as critical, was found in code-p ...) + TODO: check +CVE-2024-3001 (A vulnerability, which was classified as critical, has been found in c ...) + TODO: check +CVE-2024-3000 (A vulnerability classified as critical was found in code-projects Onli ...) + TODO: check +CVE-2024-30245 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30244 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30243 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30242 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30241 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30240 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30239 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30237 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30236 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30230 (Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoice ...) + TODO: check +CVE-2024-30229 (Deserialization of Untrusted Data vulnerability in GiveWP.This issue a ...) + TODO: check +CVE-2024-30228 (Deserialization of Untrusted Data vulnerability in Hercules Design Her ...) + TODO: check +CVE-2024-30227 (Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo ...) + TODO: check +CVE-2024-30226 (Deserialization of Untrusted Data vulnerability in WPDeveloper BetterD ...) + TODO: check +CVE-2024-30225 (Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP M ...) + TODO: check +CVE-2024-30224 (Deserialization of Untrusted Data vulnerability in Wholesale Team Whol ...) + TODO: check +CVE-2024-30223 (Deserialization of Untrusted Data vulnerability in Repute Infosystems ...) + TODO: check +CVE-2024-30222 (Deserialization of Untrusted Data vulnerability in Repute Infosystems ...) + TODO: check +CVE-2024-30221 (Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshin ...) + TODO: check +CVE-2024-30200 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-2999 (A vulnerability classified as critical has been found in Campcodes Onl ...) + TODO: check +CVE-2024-2998 (A vulnerability was found in Bdtask Multi-Store Inventory Management S ...) + TODO: check +CVE-2024-2997 (A vulnerability was found in Bdtask Multi-Store Inventory Management S ...) + TODO: check +CVE-2024-2890 (Unrestricted Upload of File with Dangerous Type vulnerability in Tumul ...) + TODO: check +CVE-2024-2818 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) + TODO: