[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 12c419fe by Moritz Muehlenhoff at 2024-05-14T11:22:54+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,117 +13,117 @@ CVE-2024-4854 (MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 CVE-2024-4853 (Memory handling issue in editcap could cause denial of service via cra ...) TODO: check CVE-2024-4840 (An flaw was found in the OpenStack Platform (RHOSP) director, a toolse ...) - TODO: check + NOT-FOR-US: Red Hat OpenStack Platform CVE-2024-4810 (In register_device, the return value of ida_simple_get is unchecked, i ...) TODO: check CVE-2024-4712 (An arbitrary file creation vulnerability exists in PaperCut NG/MF that ...) - TODO: check + NOT-FOR-US: PaperCut NG/MF CVE-2024-4445 (The WP Compress \u2013 Image Optimizer [All-In-One] plugin for WordPre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4144 (The Simple Basic Contact Form plugin for WordPress for WordPress is vu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4139 (Manage Bank Statement ReProcessing Rules does not perform necessary au ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-4138 (Manage Bank Statement ReProcessing Rules does not perform necessary au ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-3241 (The Ultimate Blocks WordPress plugin before 3.1.7 does not validate a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3037 (An arbitrary file deletion vulnerability exists in PaperCut NG/MF that ...) - TODO: check + NOT-FOR-US: PaperCut NG/MF CVE-2024-34687 (SAP NetWeaver Application Server for ABAP and ABAP Platform do not suf ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-33878 REJECTED CVE-2024-33009 (SAP Global Label Management is vulnerable to SQL injection. On exploit ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-33008 (SAP Replication Server allows an attacker to use gateway for executing ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-33007 (PDFViewer is a control delivered as part of SAPUI5 product which shows ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-33006 (An unauthenticated attacker can upload a malicious file to the server ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-33004 (SAP Business Objects Business Intelligence Platform is vulnerable to I ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-33002 (Document Service handler (obsolete) in Data Provisioning Service does ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-33000 (SAP Bank Account Management does not perform necessary authorization c ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-32733 (Due to missing input validation and output encoding of untrusted data, ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-32731 (SAP My Travel Requests does not perform necessary authorization checks ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-28165 (SAP Business Objects Business Intelligence Platform is vulnerable to s ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-27852 (A privacy issue was addressed with improved client ID handling for alt ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-27847 (This issue was addressed with improved checks This issue is fixed in i ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-27843 (A logic issue was addressed with improved checks. This issue is fixed ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-27842 (The issue was addressed with improved checks. This issue is fixed in m ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-27841 (The issue was addressed with improved memory handling. This issue is f ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-27839 (A privacy issue was addressed by moving sensitive data to a more secur ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-27837 (A downgrade issue was addressed with additional code-signing restricti ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-27835 (This issue was addressed through improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-27834 (The issue was addressed with improved checks. This issue is fixed in i ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-27829 (The issue was addressed with improved memory handling. This issue is f ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-27827 (This issue was addressed through improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-27825 (A downgrade issue affecting Intel-based Mac computers was
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9aa7ab4c by Moritz Muehlenhoff at 2024-05-13T12:15:15+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,21 +19,21 @@ CVE-2024-4801 (A vulnerability was found in Kashipara College Management System CVE-2024-4800 (A vulnerability has been found in Kashipara College Management System ...) NOT-FOR-US: Kashipara College Management System CVE-2024-3239 (The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress pl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-35205 (The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for ...) - TODO: check + NOT-FOR-US: WPS Office CVE-2024-35204 (Veritas System Recovery before 23.2_Hotfix has incorrect permissions f ...) - TODO: check + NOT-FOR-US: Veritas CVE-2024-32700 (Unrestricted Upload of File with Dangerous Type vulnerability in Kogne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2299 (A stored Cross-Site Scripting (XSS) vulnerability exists in the parisn ...) - TODO: check + NOT-FOR-US: lollms-webui CVE-2024-29212 (Due to an unsafe de-serialization method used by the Veeam Service Pr ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-26306 (iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server wi ...) TODO: check CVE-2023-5052 (vulnerability in Uniform Server Zero, version 10.2.5, consisting of an ...) - TODO: check + NOT-FOR-US: Uniform Zero Server CVE-2024-4799 (A vulnerability, which was classified as critical, was found in Kaship ...) NOT-FOR-US: Kashipara College Management System CVE-2024-4798 (A vulnerability, which was classified as critical, has been found in S ...) @@ -111,17 +111,17 @@ CVE-2024-28760 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1 CVE-2024-27460 (A privilege escalation exists in the updater for Plantronics Hub 3.25. ...) NOT-FOR-US: HP CVE-2023-5447 (Missing lock check in SynHsaService may create a use-after-free condit ...) - TODO: check + NOT-FOR-US: Synaptics CVE-2023-52721 (The WindowManager module has a vulnerability in permission control. Im ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52720 (Race condition vulnerability in the soundtrigger module Impact: Succes ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52719 (Privilege escalation vulnerability in the PMS module Impact: Successfu ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52384 (Double-free vulnerability in the RSMC module Impact: Successful exploi ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52383 (Double-free vulnerability in the RSMC module Impact: Successful exploi ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-47712 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local u ...) NOT-FOR-US: IBM CVE-2023-47711 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authen ...) @@ -171,7 +171,7 @@ CVE-2024-4714 (A vulnerability, which was classified as problematic, has been fo CVE-2024-4713 (A vulnerability classified as problematic was found in Campcodes Compl ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4701 (A path traversal issue potentially leading to remote code execution in ...) - TODO: check + NOT-FOR-US: Netflix CVE-2024-4699 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: D-Link CVE-2024-4689 (Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPix ...) @@ -211,7 +211,7 @@ CVE-2024-4231 (This vulnerability exists in Digisol Router (DG-GR1321: Hardware CVE-2024-4129 (Improper Authentication vulnerability in Snow Software AB Snow License ...) NOT-FOR-US: Snow Software AB Snow License Manager CVE-2024-4044 (A deserialization of untrusted data vulnerability exists in common cod ...) - TODO: check + NOT-FOR-US: National Instruments CVE-2024-4039 (The The Orders Tracking for WooCommerce plugin for WordPress for WordP ...) NOT-FOR-US: WordPress plugin CVE-2024-3956 (The Pods \u2013 Custom Content Types and Fields plugin for WordPress i ...) @@ -255,19 +255,19 @@ CVE-2024-34814 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFuse Uny CVE-2024-34695 (WOWS Karma is a reputation system for Wargaming's World of Warships. A ...) NOT-FOR-US: WOWS Karma CVE-2024-34360 (go-spacemesh is a Go implementation of the Spacemesh protocol full nod ...) - TODO: check + NOT-FOR-US: go-spacemesh CVE-2024-34359 (llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-pyth ...) - TODO: check + NOT-FOR-US:
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: e10774d2 by Moritz Muehlenhoff at 2024-05-10T14:25:33+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -456,7 +456,7 @@ CVE-2024-29157 (HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read CVE-2024-28075 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...) NOT-FOR-US: SolarWinds CVE-2024-24157 (Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea ...) - TODO: check + NOT-FOR-US: Gnuboard CVE-2024-23473 (The SolarWinds Access Rights Manager was found to contain a hard-coded ...) NOT-FOR-US: SolarWinds CVE-2024-22910 (Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10 ...) @@ -1209,7 +1209,7 @@ CVE-2024-3755 (The MF Gig Calendar WordPress plugin through 1.2.1 does not sanit CVE-2024-3752 (The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2024-3661 (DHCP can add routes to a client\u2019s routing table via the classless ...) - TODO: check + NOT-FOR-US: DHCP protocol issue CVE-2024-3576 (The NPort 5100A Series firmware version v1.6 and prior versions are af ...) NOT-FOR-US: Moxa CVE-2024-34538 (Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography.) @@ -1436,23 +1436,23 @@ CVE-2023-43530 (Memory corruption in HLOS while checking for the storage type.) CVE-2023-43529 (Transient DOS while processing IKEv2 Informational request messages, w ...) NOT-FOR-US: Qualcomm CVE-2023-43528 (Information disclosure when the ADSP payload size received in HLOS in ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43527 (Information disclosure while parsing dts header atom in Video.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43526 (Memory corruption while querying module parameters from Listen Sound m ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43525 (Memory corruption while copying the sound model data from user to kern ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43524 (Memory corruption when the bandpass filter order received from AHAL is ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43521 (Memory corruption when multiple listeners are being registered with th ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-33119 (Memory corruption while loading a VM from a signed VM image that is no ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-32873 (In keyInstall, there is a possible out of bounds write due to a missin ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-32871 (In DA, there is a possible permission bypass due to an incorrect statu ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-29857 (An issue was discovered in Bouncy Castle Java Cryptography APIs before ...) - bouncycastle (bug #1070655) [bookworm] - bouncycastle (Minor issue) @@ -2563,13 +2563,13 @@ CVE-2023-42125 (Avast Premium Security Sandbox Protection Link Following Privile CVE-2023-42124 (Avast Premium Security Sandbox Protection Incorrect Authorization Priv ...) NOT-FOR-US: Avast Premium Security Sandbox Protection CVE-2023-42123 (Control Web Panel mysql_manager Command Injection Remote Code Executio ...) - TODO: check + NOT-FOR-US: Control Web Panel CVE-2023-42122 (Control Web Panel wloggui Command Injection Local Privilege Escalation ...) - TODO: check + NOT-FOR-US: Control Web Panel CVE-2023-42121 (Control Web Panel Missing Authentication Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Control Web Panel CVE-2023-42120 (Control Web Panel dns_zone_editor Command Injection Remote Code Execut ...) - TODO: check + NOT-FOR-US: Control Web Panel CVE-2023-42113 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor EMF CVE-2023-42112 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) @@ -70814,7 +70814,7 @@ CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i CVE-2023-31235 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau ...) NOT-FOR-US: WordPress plugin CVE-2023-31234 (Missing Authorization vulnerability in Tilda Publishing.This issue aff ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoq ...) NOT-FOR-US: WordPress plugin CVE-2023-31232 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...) @@ -74831,7 +74831,7 @@ CVE-2023-29883 CVE-2023-29882 RESERVED CVE-2023-29881 (phpok 6.4.003 is
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c8dc491d by Moritz Muehlenhoff at 2024-05-10T10:18:56+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39,7 +39,7 @@ CVE-2024-4571 CVE-2024-4567 (The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-4545 (All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 ...) - TODO: check + NOT-FOR-US: EnterpriseDB CVE-2024-4542 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-4463 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vul ...) @@ -138,9 +138,9 @@ CVE-2024-3068 (The Custom Field Suite plugin for WordPress is vulnerable to Stor CVE-2024-34559 (Insertion of Sensitive Information into Log File vulnerability in Ghos ...) NOT-FOR-US: WordPress plugin CVE-2024-34557 (Cross-Site Request Forgery (CSRF) vulnerability in UkrSolution Barcode ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34556 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34550 (Insertion of Sensitive Information into Log File vulnerability in Alex ...) NOT-FOR-US: WordPress plugin CVE-2024-34549 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) @@ -192,15 +192,15 @@ CVE-2024-34417 (Improper Neutralization of Input During Web Page Generation ('Cr CVE-2024-34415 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34354 (CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tai ...) - TODO: check + NOT-FOR-US: CMSaaSStarter CVE-2024-34352 (1Panel is an open source Linux server operation and maintenance manage ...) - TODO: check + NOT-FOR-US: 1Panel CVE-2024-34351 (Next.js is a React framework that can provide building blocks to creat ...) - TODO: check + NOT-FOR-US: Next.js CVE-2024-34350 (Next.js is a React framework that can provide building blocks to creat ...) - TODO: check + NOT-FOR-US: Next.js CVE-2024-34345 (The CycloneDX JavaScript library contains the core functionality of OW ...) - TODO: check + NOT-FOR-US: CycloneDX CVE-2024-34338 (A Blind command injection vulnerability in Tenda O3V2 V1.0.0.12 and ea ...) NOT-FOR-US: Tenda CVE-2024-34220 (Sourcecodester Human Resource Management System 1.0 is vulnerable to S ...) @@ -214,7 +214,7 @@ CVE-2024-34217 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain CVE-2024-34215 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2024-34213 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-34212 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2024-34211 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hard ...) @@ -252,27 +252,27 @@ CVE-2024-33874 (HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__m CVE-2024-33873 (HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__s ...) TODO: check CVE-2024-33454 (Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacke ...) - TODO: check + NOT-FOR-US: esp-idf CVE-2024-32874 (Frigate is a network video recorder (NVR) with realtime local object d ...) - TODO: check + NOT-FOR-US: Frigate CVE-2024-32739 (A sql injection vulnerability exists in CyberPower PowerPanel Enterpri ...) - TODO: check + NOT-FOR-US: CyberPower PowerPanel CVE-2024-32738 (A sql injection vulnerability exists in CyberPower PowerPanel Enterpri ...) - TODO: check + NOT-FOR-US: CyberPower PowerPanel CVE-2024-32737 (A sql injection vulnerability exists in CyberPower PowerPanel Enterpri ...) - TODO: check + NOT-FOR-US: CyberPower PowerPanel CVE-2024-32736 (A sql injection vulnerability exists in CyberPower PowerPanel Enterpri ...) - TODO: check + NOT-FOR-US: CyberPower PowerPanel CVE-2024-32735 (An issue regarding missing authentication for certain utilities exists ...) - TODO: check + NOT-FOR-US: CyberPower PowerPanel CVE-2024-32724 (Missing Authorization vulnerability in Woo product importer Sharkdrops ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32719 (Missing Authorization vulnerability in WP Club Manager.This issue affe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32717 (Missing Authorization vulnerability in
[Git][security-tracker-team/security-tracker][master] NFUS
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 41e49df1 by Moritz Muehlenhoff at 2024-05-09T13:26:56+02:00 NFUS also track xpdf issues as NFU, poppler forked from xpdf almost 20 years ago and is regularly fuzzed by oss-fuzz, no real point to assume that new xpdf issues still affect it and if no PoC is available we cant reliably track this down anyway and these end up causing spam - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,7 +29,7 @@ CVE-2024-2454 (An issue has been discovered in GitLab CE/EE affecting all versio CVE-2024-28759 (A crafted network packet may cause a buffer overrun in Wind River VxWo ...) NOT-FOR-US: Wind River CVE-2024-27793 (The issue was addressed with improved checks. This issue is fixed in i ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-26517 (SQL Injection vulnerability in School Task Manager v.1.0 allows a remo ...) NOT-FOR-US: School Task Manager CVE-2023-6688 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) @@ -37,7 +37,7 @@ CVE-2023-6688 (An issue has been discovered in GitLab CE/EE affecting all versio CVE-2023-6682 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2023-5971 (The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29510 - ghostscript NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html @@ -529,7 +529,7 @@ CVE-2024-29150 (An issue was discovered in Alcatel-Lucent ALE NOE deskphones thr CVE-2024-29149 (An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 8 ...) NOT-FOR-US: Alcatel-Lucent ALE NOE deskphones CVE-2024-28148 (An authenticated user could potentially access metadata for a datasour ...) - TODO: check + NOT-FOR-US: Apache Superset CVE-2024-25514 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25513 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) @@ -547,13 +547,13 @@ CVE-2024-25508 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL inject CVE-2024-25507 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2023-7240 (An improper authorization level has been detected in the login panel. ...) - TODO: check + NOT-FOR-US: NetIQ Identity Console CVE-2023-6810 (The ClickCease Click Fraud Protection plugin for WordPress is vulnerab ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46012 (Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a rem ...) - TODO: check + NOT-FOR-US: LINKSYS CVE-2023-42757 (Process Explorer before 17.04 allows attackers to make it functionally ...) - TODO: check + NOT-FOR-US: Buffer Overflow CVE-2024-4559 (Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367. ...) {DSA-5683-1} - chromium 124.0.6367.155-1 @@ -647,7 +647,7 @@ CVE-2024-1695 (A potential security vulnerability has been identified in the HP CVE-2023-33548 (Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with firmwar ...) NOT-FOR-US: ASUS CVE-2024-4568 (In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources lea ...) - TODO: check + NOT-FOR-US: xpdf (Debian uses poppler, which forked a long time ago) CVE-2024-4549 (A denial of service vulnerability exists in Delta Electronics DIAEnerg ...) NOT-FOR-US: Delta Electronics CVE-2024-4548 (An SQLi vulnerability exists inDelta Electronics DIAEnergie v1.10.1.86 ...) @@ -731,7 +731,7 @@ CVE-2024-34524 (In XLANG OpenAgents through fe73ac4, the allowed_file protection CVE-2024-34519 (Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles ...) NOT-FOR-US: Avantra Server CVE-2024-34515 (image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the ph ...) - TODO: check + NOT-FOR-US: PHP image-optimizer CVE-2024-34472 (An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18 ...) NOT-FOR-US: HSC Mailinspector CVE-2024-34471 (An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversa ...) @@ -868,7 +868,7 @@ CVE-2024-33121 (Roothub v2.6 was discovered to contain a SQL injection vulnerabi CVE-2024-33118 (LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulne ...) NOT-FOR-US: LuckyFrameWeb CVE-2024-33117 (crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forg ...) - TODO: check + NOT-FOR-US: crmeb_java CVE-2024-33113 (D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey ...) NOT-FOR-US: D-LINK CVE-2024-33112
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 44945c52 by Moritz Muehlenhoff at 2024-05-09T13:12:40+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -132,7 +132,7 @@ CVE-2024-34546 (Improper Neutralization of Input During Web Page Generation ('Cr CVE-2024-34414 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34347 (@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environm ...) - TODO: check + NOT-FOR-US: @hoppscotch/cli CVE-2024-34257 (TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the ap ...) NOT-FOR-US: TOTOLINK CVE-2024-34255 (jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in ...) @@ -147,13 +147,13 @@ CVE-2024-33608 (When IPsec is configured on a virtual server, undisclosed traffi CVE-2024-33604 (A reflected cross-site scripting (XSS) vulnerability exist in undisclo ...) NOT-FOR-US: F5 BIG-IP CVE-2024-33574 (Missing Authorization vulnerability in appsbd Vitepos.This issue affec ...) - TODO: check + NOT-FOR-US: appsbd Vitepos CVE-2024-33573 (Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This ...) NOT-FOR-US: WordPress plugin CVE-2024-33382 (An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of se ...) NOT-FOR-US: Open5GS CVE-2024-32980 (Spin is the developer tool for building and running serverless applica ...) - TODO: check + NOT-FOR-US: Spin CVE-2024-32886 (Vitess is a database clustering system for horizontal scaling of MySQL ...) NOT-FOR-US: Vitess CVE-2024-32761 (Under certain conditions, a potential data leak may occur in the Traff ...) @@ -181,7 +181,7 @@ CVE-2024-28132 (Exposure of Sensitive Information vulnerability exists in the GS CVE-2024-27202 (A DOM-based cross-site scripting (XSS) vulnerability exists in an undi ...) NOT-FOR-US: F5 BIG-IP CVE-2024-26579 (Deserialization of Untrusted Data vulnerability in Apache InLong.This ...) - TODO: check + NOT-FOR-US: Apache InLong CVE-2024-26026 (An SQL injection vulnerability exists in the BIG-IP Next Central Manag ...) NOT-FOR-US: F5 BIG-IP CVE-2024-25560 (When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic c ...) @@ -225,15 +225,15 @@ CVE-2024-25515 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL inject CVE-2024-24908 (Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitra ...) NOT-FOR-US: Dell CVE-2024-24833 (Missing Authorization vulnerability in Leevio Happy Addons for Element ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-22460 (Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecu ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-21793 (An OData injection vulnerability exists in the BIG-IP Next Central Man ...) - TODO: check + NOT-FOR-US: BIG-IP CVE-2024-1438 (Missing Authorization vulnerability in PressFore Rolo Slider.This issu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-41651 (Missing Authorization vulnerability in Multi-column Tag Map.This issue ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27397 [netfilter: nf_tables: use timestamp to check for set element timeout] - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/7395dfacfff65e9938ac0889dafa1ab01e987d15 (6.8-rc4) @@ -407,7 +407,7 @@ CVE-2024-4538 (IDOR vulnerability in Janto Ticketing Software affecting version CVE-2024-4537 (IDOR vulnerability in Janto Ticketing Software affecting version 4.3r1 ...) NOT-FOR-US: Janto Ticketing Software CVE-2024-4536 (In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the ED ...) - TODO: check + NOT-FOR-US: Eclipse Dataspace Components CVE-2024-4346 (The Startklar Elementor Addons plugin for WordPress is vulnerable to a ...) NOT-FOR-US: WordPress plugin CVE-2024-4345 (The Startklar Elementor Addons plugin for WordPress is vulnerable to a ...) @@ -415,11 +415,11 @@ CVE-2024-4345 (The Startklar Elementor Addons plugin for WordPress is vulnerable CVE-2024-34523 (AChecker 1.5 allows remote attackers to read the contents of arbitrary ...) NOT-FOR-US: AChecker CVE-2024-34517 (The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE privi ...) - TODO: check + NOT-FOR-US: Neo4j Cypher CVE-2024-34342 (react-pdf displays PDFs in React apps. If PDF.js is used to load a mal ...) - TODO: check + NOT-FOR-US: react-pdf CVE-2024-34341 (Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, ...) - TODO: check + NOT-FOR-US: Trix CVE-2024-34315 (CmsEasy v7.7.7.9 was discovered to contain a
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f7ea131 by Moritz Muehlenhoff at 2024-05-08T10:30:45+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,73 +1,73 @@ CVE-2024-4456 (In affected versions of Octopus Server with certain access levels it w ...) - TODO: check + NOT-FOR-US: Octopus Server CVE-2024-4393 (The Social Connect plugin for WordPress is vulnerable to authenticatio ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4162 (A buffer error in Panasonic KW Watcher versions 1.00 through 2.83 may ...) - TODO: check + NOT-FOR-US: Panasonic CVE-2024-4030 (On Windows a directory returned by tempfile.mkdtemp() would not always ...) TODO: check CVE-2024-3494 (The Mesmerize Companion plugin for WordPress is vulnerable to Stored C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34346 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure ...) - TODO: check + NOT-FOR-US: Deno CVE-2024-32674 (Heateor Social Login WordPress prior to 1.1.32 contains a cross-site s ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2860 (The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a ...) - TODO: check + NOT-FOR-US: Brocade CVE-2024-27273 (IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram ...) - TODO: check + NOT-FOR-US: AIX CVE-2024-23713 (In migrateNotificationFilter of NotificationManagerService.java, there ...) - TODO: check + NOT-FOR-US: Android CVE-2024-23712 (In multiple functions of AppOpsService.java, there is a possible way t ...) - TODO: check + NOT-FOR-US: Android CVE-2024-23710 (In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.j ...) - TODO: check + NOT-FOR-US: Android CVE-2024-23709 (In multiple locations, there is a possible out of bounds write due to ...) - TODO: check + NOT-FOR-US: Android CVE-2024-23708 (In multiple functions of NotificationManagerService.java, there is a p ...) - TODO: check + NOT-FOR-US: Android CVE-2024-23707 (In multiple locations, there is a possible permissions bypass due to i ...) - TODO: check + NOT-FOR-US: Android CVE-2024-23706 (In multiple locations, there is a possible bypass of health data permi ...) - TODO: check + NOT-FOR-US: Android CVE-2024-23705 (In multiple locations, there is a possible failure to persist or enfor ...) - TODO: check + NOT-FOR-US: Android CVE-2024-23704 (In onCreate of WifiDialogActivity.java, there is a possible way to byp ...) - TODO: check + NOT-FOR-US: Android CVE-2024-23551 (Database scanning using username and password stores the credentials i ...) - TODO: check + NOT-FOR-US: HCL CVE-2024-22266 (VMware Avi Load Balancer contains an information disclosure vulnerabil ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-22264 (VMware Avi Load Balancer contains a privilege escalation vulnerability ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-1076 (The SSL Zen WordPress plugin before 4.6.0 only relies on the use of . ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0043 (In multiple locations, there is a possible notification listener grant ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0042 (In TBD of TBD, there is a possible confusion of OEM and DRM certificat ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0027 (In multiple functions of SnoozeHelper.java, there is a possible way to ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0026 (In multiple functions of SnoozeHelper.java, there is a possible persis ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0025 (In sendIntentSender of ActivityManagerService.java, there is a possibl ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0024 (In multiple methods of UserManagerService.java, there is a possible fa ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0022 (In multiple functions of CompanionDeviceManagerService.java, there is ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40694 (IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sen ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-40490 (Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution ...) - TODO: check + NOT-FOR-US: Maxon CVE-2023-37325 (D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-35757 (D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overfl ...) - TODO: check + NOT-FOR-US:
[Git][security-tracker-team/security-tracker][master] NFUs (concludes external check)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4b041cb5 by Moritz Muehlenhoff at 2024-05-08T10:05:52+02:00 NFUs (concludes external check) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2024-4438 + NOT-FOR-US: Incomplete backport in Red Hat OpenStack platform +CVE-2024-4437 + NOT-FOR-US: Incomplete backport in Red Hat OpenStack platform +CVE-2024-4436 + NOT-FOR-US: Incomplete backport in Red Hat OpenStack platform CVE-2024-4601 (An incorrect authentication vulnerability has been found in Socomec Ne ...) NOT-FOR-US: Socomec Net Vision CVE-2024-4600 (Cross-Site Request Forgery vulnerability in Socomec Net Vision, versio ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b041cb5de91e92c4d224a10a2e2fc5d6d5bc784 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b041cb5de91e92c4d224a10a2e2fc5d6d5bc784 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 82abd7e1 by Moritz Muehlenhoff at 2024-05-07T12:18:13+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,63 +17,63 @@ CVE-2024-34532 (A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Del CVE-2024-34413 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31078 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...) - TODO: check + NOT-FOR-US: OpenHarmony CVE-2024-30973 (An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-2 ...) - TODO: check + NOT-FOR-US: V-SOL CVE-2024-2913 (A race condition vulnerability exists in the mintplex-labs/anything-ll ...) - TODO: check + NOT-FOR-US: anything-llm CVE-2024-29941 (Insecure storage of the ICT MIFARE and DESFire encryption keys in the ...) - TODO: check + NOT-FOR-US: anything-llm CVE-2024-28725 (Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attacker ...) - TODO: check + NOT-FOR-US: YzmCMS CVE-2024-27217 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) - TODO: check + NOT-FOR-US: OpenHarmony CVE-2024-23808 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) - TODO: check + NOT-FOR-US: OpenHarmony CVE-2024-22472 (A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devi ...) - TODO: check + NOT-FOR-US: Silicon Labs CVE-2024-20872 (Improper handling of insufficient privileges vulnerability in Talkback ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20871 (Improper authorization vulnerability in Samsung Keyboard prior to vers ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20870 (Improper verification of intent by broadcast receiver vulnerability in ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20869 (Improper privilege management vulnerability in Samsung Internet prior ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20868 (Improper input validation in Samsung Notes prior to version 4.4.15 all ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20867 (Improper privilege management vulnerability in Samsung Email prior to ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20866 (Authentication bypass vulnerability in Setupwizard prior to SMR May-20 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20865 (Authentication bypass in bootloader prior to SMR May-2024 Release 1 al ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20864 (Improper access control vulnerability in DarManagerService prior to SM ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20863 (Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20862 (Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allo ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20861 (Use after free vulnerability in SveService prior to SMR May-2024 Relea ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20860 (Improper export of android application components vulnerability in Tel ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20859 (Improper access control vulnerability in FactoryCamera prior to SMR Ma ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20858 (Improper access control vulnerability in setCocktailHostCallbacks of C ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20857 (Improper access control vulnerability in startListening of CocktailBar ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20856 (Improper Authentication vulnerability in Secure Folder prior to SMR Ma ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20855 (Improper access control vulnerability in multitasking framework prior ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-20821 (A vulnerability possible to reconfigure OTP allows local attackers to ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-1695 (A potential security vulnerability has been identified in the HP Appli ...) - TODO: check + NOT-FOR-US: HP CVE-2023-33548 (Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with firmwar ...) - TODO: check + NOT-FOR-US: ASUS CVE-2024-4568 (In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources lea ...) TODO: check CVE-2024-4549 (A denial of service vulnerability exists in Delta Electronics DIAEnerg ...) View it on GitLab:
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a0b8c54 by Moritz Muehlenhoff at 2024-05-06T12:15:37+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2024-34505 + NOT-FOR-US: MediaWiki extension CheckUser +CVE-2024-34501 + NOT-FOR-US: MediaWiki extension CheckUser +CVE-2024-34503 + NOT-FOR-US: MediaWiki extension ReportIncident +CVE-2024-34504 + NOT-FOR-US: MediaWiki extension IPInfo CVE-2024-4501 (A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-4500 (A vulnerability was found in SourceCodester Prison Management System 1 ...) @@ -19,9 +27,9 @@ CVE-2024-34507 (An issue was discovered in includes/CommentFormatter/CommentPars CVE-2024-34506 (An issue was discovered in includes/specials/SpecialMovePage.php in Me ...) TODO: check CVE-2024-34502 (An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, ...) - TODO: check + NOT-FOR-US: MediaWiki extension WikibaseLexeme CVE-2024-34500 (An issue was discovered in the UnlinkedWikibase extension in MediaWiki ...) - TODO: check + NOT-FOR-US: MediaWiki extension UnlinkedWikibase CVE-2024-34474 (Clario through 2024-04-11 for Desktop has weak permissions for %PROGRA ...) NOT-FOR-US: Clario CVE-2024-4497 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been dec ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a0b8c544dc6afd31ce066e0bd69657937c700fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a0b8c544dc6afd31ce066e0bd69657937c700fc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4dfe70e2 by Moritz Muehlenhoff at 2024-05-05T16:47:53+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -28,13 +28,13 @@ CVE-2024-34484 (OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers t CVE-2024-34483 (OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows attackers ...) NOT-FOR-US: Faucet SDN Ryu CVE-2024-34478 (btcd before 0.24.0 does not correctly implement the consensus rules ou ...) - TODO: check + NOT-FOR-US: btcd CVE-2024-34476 (Open5GS before 2.7.1 is vulnerable to a reachable assertion that can c ...) NOT-FOR-US: Open5GS CVE-2024-34475 (Open5GS before 2.7.1 is vulnerable to a reachable assertion that can c ...) NOT-FOR-US: Open5GS CVE-2024-34473 (An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An a ...) - TODO: check + NOT-FOR-US: O-RAN Near-RT CVE-2024-34469 (Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module ...) NOT-FOR-US: Rukovoditel CVE-2024-34468 (Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.) @@ -45,7 +45,7 @@ CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during attachment preview. - sogo NOTE: https://github.com/Alinto/sogo/commit/2e37e59ed140d4aee0ff2fba579ca5f83f2c5920 CVE-2023-52729 (TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error ...) - TODO: check + NOT-FOR-US: SimpleNetwork CVE-2024-3868 (The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2024-3240 (The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injec ...) @@ -87,7 +87,7 @@ CVE-2024-4156 (The Essential Addons for Elementor \u2013 Best Elementor Template CVE-2024-4133 (The ARMember \u2013 Membership Plugin, Content Restriction, Member Lev ...) NOT-FOR-US: WordPress plugin CVE-2024-4128 (This vulnerability was a potential CSRF attack.When running the Fireba ...) - TODO: check + NOT-FOR-US: Firebase emulator CVE-2024-4097 (The Cost Calculator Builder plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-4092 (The Slider Revolution plugin for WordPress is vulnerable to Stored Cro ...) @@ -295,19 +295,19 @@ CVE-2024-34402 (An issue was discovered in uriparser through 0.9.7. ComposeQuery CVE-2024-34401 (Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insert_quiz/ ...) NOT-FOR-US: Savsoft Quiz CVE-2024-34394 (libxmljs2 is vulnerable to a type confusion vulnerability when parsing ...) - TODO: check + NOT-FOR-US: libxmljs2 CVE-2024-34393 (libxmljs2 is vulnerable to a type confusion vulnerability when parsing ...) - TODO: check + NOT-FOR-US: libxmljs2 CVE-2024-34392 (libxmljs is vulnerable to a type confusion vulnerability when parsing ...) - TODO: check + NOT-FOR-US: libxmljs2 CVE-2024-34391 (libxmljs is vulnerable to a type confusion vulnerability when parsing ...) - TODO: check + NOT-FOR-US: libxmljs2 CVE-2024-34075 (kurwov is a fast, dependency-free library for creating Markov Chains. ...) NOT-FOR-US: kurwov CVE-2024-34073 (sagemaker-python-sdk is a library for training and deploying machine l ...) - TODO: check + NOT-FOR-US: sagemaker-python-sdk CVE-2024-34072 (sagemaker-python-sdk is a library for training and deploying machine l ...) - TODO: check + NOT-FOR-US: sagemaker-python-sdk CVE-2024-34068 (Pterodactyl wings is the server control plane for Pterodactyl Panel. A ...) NOT-FOR-US: Pterodactyl wings CVE-2024-34067 (Pterodactyl is a free, open-source game server management panel built ...) @@ -315,7 +315,7 @@ CVE-2024-34067 (Pterodactyl is a free, open-source game server management panel CVE-2024-34066 (Pterodactyl wings is the server control plane for Pterodactyl Panel. I ...) NOT-FOR-US: Pterodactyl wings CVE-2024-34063 (vodozemac is an implementation of Olm and Megolm in pure Rust. Version ...) - TODO: check + NOT-FOR-US: vodozemac CVE-2024-34062 (tqdm is an open source progress bar for Python and CLI. Any optional n ...) - tqdm 4.66.4-1 (bug #1070372) NOTE: https://github.com/tqdm/tqdm/security/advisories/GHSA-g7vv-2v7x-gj9p @@ -429,11 +429,11 @@ CVE-2024-33786 (An arbitrary file upload vulnerability in Zhongcheng Kexin Ticke CVE-2024-33530 (In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi me ...) - jitsi-meet (bug #760485) CVE-2024-33398 (There is a ClusterRole in piraeus-operator v2.5.0 and earlier which ha ...) - TODO: check + NOT-FOR-US: piraeus-operator CVE-2024-33396 (An issue in karmada-io karmada v1.9.0 and before allows a local
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a9b4c8c by Moritz Muehlenhoff at 2024-05-02T16:17:45+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2024-34148 + NOT-FOR-US: Jenkins plugin +CVE-2024-34147 + NOT-FOR-US: Jenkins plugin +CVE-2024-34146 + NOT-FOR-US: Jenkins plugin +CVE-2024-34145 + NOT-FOR-US: Jenkins plugin +CVE-2024-34144 + NOT-FOR-US: Jenkins plugin CVE-2024-4142 (An Improper input validation vulnerability that could potentially lead ...) NOT-FOR-US: JFrog Artifactory CVE-2024-3490 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a9b4c8c78ac14dcfd5ae006d9dc0f4cd1fca0d8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a9b4c8c78ac14dcfd5ae006d9dc0f4cd1fca0d8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6487071b by Moritz Muehlenhoff at 2024-05-02T12:18:32+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -81,7 +81,7 @@ CVE-2024-33292 (SQL Injection vulnerability in Realisation MGSD v.1.0 allows a r CVE-2024-33078 (Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send ...) NOT-FOR-US: libpag CVE-2024-32984 (Yamux is a stream multiplexer over reliable, ordered connections such ...) - TODO: check + NOT-FOR-US: rust-yamux CVE-2024-32979 (Nautobot is a Network Source of Truth and Network Automation Platform ...) NOT-FOR-US: Nautobot CVE-2024-32973 (Pluto is a superset of Lua 5.4 with a focus on general-purpose program ...) @@ -158,7 +158,7 @@ CVE-2023-49606 (A use-after-free vulnerability exists in the HTTP Connection Hea CVE-2023-47212 (A heap-based buffer overflow vulnerability exists in the comment funct ...) TODO: check CVE-2023-47166 (A firmware update vulnerability exists in the luci2-io file-import fun ...) - TODO: check + NOT-FOR-US: Milesight UR32L CVE-2023-46295 (An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated ...) NOT-FOR-US: Teledyne FLIR M300 CVE-2023-46294 (An issue was discovered in Teledyne FLIR M300 2.00-19. User account pa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6487071b8384d0a3822db4aade37de004cc3f791 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6487071b8384d0a3822db4aade37de004cc3f791 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f72cfcbb by Moritz Muehlenhoff at 2024-05-02T11:37:27+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-4142 (An Improper input validation vulnerability that could potentially lead ...) - TODO: check + NOT-FOR-US: JFrog Artifactory CVE-2024-3490 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2024-3481 (The Counter Box WordPress plugin before 1.2.4 does not have CSRF chec ...) @@ -21,15 +21,15 @@ CVE-2024-3471 (The Button Generator WordPress plugin before 3.0 does not have C CVE-2024-3280 (The Follow Us Badges plugin for WordPress is vulnerable to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2024-32971 (Apollo Router is a configurable, graph router written in Rust to run a ...) - TODO: check + NOT-FOR-US: Apollo Router CVE-2024-32962 (xml-crypto is an xml digital signature and encryption library for Node ...) - TODO: check + NOT-FOR-US: Node xml-crypto CVE-2024-32882 (Wagtail is an open source content management system built on Django. I ...) - TODO: check + NOT-FOR-US: Wagtail CVE-2024-2405 (The Float menu WordPress plugin before 6.0.1 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2023-51631 (D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-33835 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remo ...) NOT-FOR-US: Tenda CVE-2024-33820 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V ...) @@ -67,7 +67,7 @@ CVE-2024-33424 (A cross-site scripting (XSS) vulnerability in the Settings menu CVE-2024-33423 (Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSim ...) NOT-FOR-US: CMSimple CVE-2024-33393 (An issue in spidernet-io spiderpool v.0.9.3 and before allows a local ...) - TODO: check + NOT-FOR-US: spiderpool CVE-2024-33307 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...) NOT-FOR-US: SourceCodester Laboratory Management System CVE-2024-33306 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...) @@ -79,13 +79,13 @@ CVE-2024-33300 (Typora v1.0.0 through v1.7 version (below) Markdown editor has a CVE-2024-33292 (SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote ...) NOT-FOR-US: Realisation MGSD CVE-2024-33078 (Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send ...) - TODO: check + NOT-FOR-US: libpag CVE-2024-32984 (Yamux is a stream multiplexer over reliable, ordered connections such ...) TODO: check CVE-2024-32979 (Nautobot is a Network Source of Truth and Network Automation Platform ...) - TODO: check + NOT-FOR-US: Nautobot CVE-2024-32973 (Pluto is a superset of Lua 5.4 with a focus on general-purpose program ...) - TODO: check + NOT-FOR-US: Pluto CVE-2024-32213 (The LoMag WareHouse Management application version 1.0.20.120 and olde ...) NOT-FOR-US: LoMag WareHouse Management application CVE-2024-32212 (SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0. ...) @@ -95,15 +95,15 @@ CVE-2024-32211 (An issue in LOGINT LoMag Inventory Management v1.0.20.120 and be CVE-2024-32210 (The LoMag WareHouse Management application version 1.0.20.120 and olde ...) NOT-FOR-US: LoMag WareHouse Management application CVE-2024-31413 (Free of pointer not at start of buffer vulnerability exists in CX-One ...) - TODO: check + NOT-FOR-US: CX-One CVE-2024-31412 (Out-of-bounds read vulnerability exists in CX-Programmer included in C ...) - TODO: check + NOT-FOR-US: CX-One CVE-2024-30176 (In Logpoint before 7.4.0, an attacker can enumerate a valid list of us ...) - TODO: check + NOT-FOR-US: Logpoint CVE-2024-29011 (Use of hard-coded password in the GMS ECM endpoint leading to authenti ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2024-29010 (The XML document processed in the GMS ECM URL endpoint is vulnerable t ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2024-28893 (Certain HP software packages (SoftPaqs) are potentially vulnerable to ...) NOT-FOR-US: HP CVE-2024-28775 (IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. ...) @@ -111,17 +111,17 @@ CVE-2024-28775 (IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scrip CVE-2024-28764 (IBM WebSphere Automation 1.7.0 could allow an attacker with privileged ...) NOT-FOR-US: IBM CVE-2024-26504 (An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute ...) -
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 57086a86 by Moritz Muehlenhoff at 2024-05-01T16:23:57+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35,9 +35,9 @@ CVE-2024-32967 (Zitadel is an open source identity management system. In case ZI CVE-2024-32966 (Static Web Server (SWS) is a tiny and fast production-ready web server ...) NOT-FOR-US: Static Web Server CVE-2024-32963 (Navidrome is an open source web-based music collection server and stre ...) - TODO: check + NOT-FOR-US: Navidrome CVE-2024-32890 (librespeed/speedtest is an open source, self-hosted speed test for HTM ...) - TODO: check + NOT-FOR-US: Navidrome CVE-2024-32018 (RIOT is a real-time multi-threading operating system that supports a r ...) NOT-FOR-US: RIOT CVE-2024-32017 (RIOT is a real-time multi-threading operating system that supports a r ...) @@ -45,7 +45,7 @@ CVE-2024-32017 (RIOT is a real-time multi-threading operating system that suppor CVE-2024-31225 (RIOT is a real-time multi-threading operating system that supports a r ...) NOT-FOR-US: RIOT CVE-2024-29466 (Directory Traversal vulnerability in lsgwr spring boot online exam v.0 ...) - TODO: check + NOT-FOR-US: lsgwr spring boot online exam CVE-2024-28979 (Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS i ...) NOT-FOR-US: Dell CVE-2024-28978 (Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Imprope ...) @@ -495,7 +495,7 @@ CVE-2024-4185 (The Customer Email Verification for WooCommerce plugin for WordPr CVE-2024-3746 (The entire parent directory - C:\ScadaPro and its sub-directories and ...) NOT-FOR-US: Measuresoft CVE-2024-3411 (Implementations of IPMI Authenticated sessions does not provide enough ...) - TODO: check + NOT-FOR-US: IPMI implementations CVE-2024-3072 (The ACF Front End Editor plugin for WordPress is vulnerable to unautho ...) NOT-FOR-US: WordPress plugin CVE-2024-34088 (In FRRouting (FRR) through 9.1, it is possible for the get_edge() func ...) @@ -505,7 +505,7 @@ CVE-2024-34088 (In FRRouting (FRR) through 9.1, it is possible for the get_edge( CVE-2024-33832 (OneNav v0.9.35-20240318 was discovered to contain a Server-Side Reques ...) NOT-FOR-US: OneNav CVE-2024-33831 (A stored cross-site scripting (XSS) vulnerability in the Advanced Expe ...) - TODO: check + NOT-FOR-US: yapi CVE-2024-33465 (Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allow ...) NOT-FOR-US: MajorDoMo (aka Major Domestic Module) CVE-2024-33437 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) @@ -554,9 +554,9 @@ CVE-2024-2377 (A vulnerability exists in the too permissive HTTP response header CVE-2024-29384 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) NOT-FOR-US: CSS Exfil Protection CVE-2024-29320 (Wallos before 1.15.3 is vulnerable to SQL Injection via the category a ...) - TODO: check + NOT-FOR-US: Wallos CVE-2024-28716 (An issue in OpenStack Storlets yoga-eom allows a remote attacker to ex ...) - TODO: check + NOT-FOR-US: OpenStack Storlets yoga-eom CVE-2024-28269 (ReCrystallize Server 5.10.0.0 allows administrators to upload files to ...) NOT-FOR-US: ReCrystallize Server CVE-2024-26331 (ReCrystallize Server 5.10.0.0 uses a authorization mechanism that reli ...) @@ -578,7 +578,7 @@ CVE-2024-23463 (Anti-tampering protection of the Zscaler Client Connector can be CVE-2024-22546 (TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the ...) NOT-FOR-US: TRENDnet TEW-815DAP CVE-2024-22405 (XADMaster is an objective-C library for archive and file unarchiving a ...) - TODO: check + NOT-FOR-US: XADMaster CVE-2024-1895 (The Event Monster \u2013 Event Management, Tickets Booking, Upcoming E ...) NOT-FOR-US: WordPress plugin CVE-2023-50915 (An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67 ...) @@ -594,7 +594,7 @@ CVE-2023-49473 (Shenzhen JF6000 Cloud Media Collaboration Processing Platform fi CVE-2023-46304 (modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote au ...) NOT-FOR-US: Vtiger CRM CVE-2023-45385 (ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Dire ...) - TODO: check + NOT-FOR-US: ProQuality pqprintshippinglabels CVE-2023-38002 (IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated ...) NOT-FOR-US: IBM CVE-2023-36268 (An issue in The Document Foundation Libreoffice v.7.4.7 allows a remot ...) @@ -666,7 +666,7 @@ CVE-2023-50433 (marshall in dhcp_packet.c in simple-dhcp-server through ec976d2 CVE-2023-50432 (simple-dhcp-server through ec976d2 allows
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: cc8f9c9c by Moritz Muehlenhoff at 2024-05-01T13:16:08+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,51 +1,51 @@ CVE-2024-4369 (An information disclosure flaw was found in OpenShift's internal image ...) - TODO: check + NOT-FOR-US: OpenShift CVE-2024-4349 (A vulnerability has been found in SourceCodester Pisay Online E-Learni ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-4348 (A vulnerability, which was classified as problematic, was found in osC ...) - TODO: check + NOT-FOR-US: osCommerce CVE-2024-4192 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of ...) - TODO: check + NOT-FOR-US: Delta Electronics CVE-2024-3591 (The Geo Controller WordPress plugin before 8.6.5 unserializes user inp ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34149 (In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots202311 ...) - TODO: check + - bitcoin CVE-2024-33768 (lunasvg v2.3.9 was discovered to contain a segmentation violation via ...) - TODO: check + NOT-FOR-US: lunasvg CVE-2024-33767 (lunasvg v2.3.9 was discovered to contain a segmentation violation via ...) - TODO: check + NOT-FOR-US: lunasvg CVE-2024-33766 (lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Except ...) - TODO: check + NOT-FOR-US: lunasvg CVE-2024-33764 (lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/s ...) - TODO: check + NOT-FOR-US: lunasvg CVE-2024-33763 (lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at l ...) - TODO: check + NOT-FOR-US: lunasvg CVE-2024-32970 (Phlex is a framework for building object-oriented views in Ruby. In af ...) - TODO: check + NOT-FOR-US: Phlex CVE-2024-32967 (Zitadel is an open source identity management system. In case ZITADEL ...) - TODO: check + NOT-FOR-US: Zitadel CVE-2024-32966 (Static Web Server (SWS) is a tiny and fast production-ready web server ...) - TODO: check + NOT-FOR-US: Static Web Server CVE-2024-32963 (Navidrome is an open source web-based music collection server and stre ...) TODO: check CVE-2024-32890 (librespeed/speedtest is an open source, self-hosted speed test for HTM ...) TODO: check CVE-2024-32018 (RIOT is a real-time multi-threading operating system that supports a r ...) - TODO: check + NOT-FOR-US: RIOT CVE-2024-32017 (RIOT is a real-time multi-threading operating system that supports a r ...) - TODO: check + NOT-FOR-US: RIOT CVE-2024-31225 (RIOT is a real-time multi-threading operating system that supports a r ...) - TODO: check + NOT-FOR-US: RIOT CVE-2024-29466 (Directory Traversal vulnerability in lsgwr spring boot online exam v.0 ...) TODO: check CVE-2024-28979 (Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS i ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-28978 (Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Imprope ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-23336 (MyBB is a free and open source forum software. The default list of dis ...) - TODO: check + NOT-FOR-US: MyBB CVE-2024-23335 (MyBB is a free and open source forum software. The backup management m ...) - TODO: check + NOT-FOR-US: MyBB CVE-2024-27022 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux [bullseye] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc8f9c9c1911feb00ab85d93b709c9cb7dcb777d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc8f9c9c1911feb00ab85d93b709c9cb7dcb777d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: e21e522e by Moritz Muehlenhoff at 2024-04-30T10:43:40+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,59 +5,59 @@ CVE-2024-4226 (It was identified that in certain versions of Octopus Server, tha CVE-2024-4225 (Multiple security vulnerabilities has been discovered in web interface ...) NOT-FOR-US: NetGuardian DIN Remote Telemetry Unit (RTU) CVE-2024-34050 (Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice b ...) - TODO: check + NOT-FOR-US: Open Networking Foundation SD-RAN Rimedo rimedo-ts CVE-2024-34049 (Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice b ...) - TODO: check + NOT-FOR-US: Open Networking Foundation SD-RAN Rimedo rimedo-ts CVE-2024-34048 (O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdat ...) NOT-FOR-US: O-RAN RIC I-Release e2mgr CVE-2024-34047 (O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateH ...) NOT-FOR-US: O-RAN RIC I-Release e2mgr CVE-2024-34046 (The O-RAN E2T I-Release Prometheus metric Increment function can crash ...) - TODO: check + NOT-FOR-US: O-RAN CVE-2024-34045 (The O-RAN E2T I-Release Prometheus metric Increment function can crash ...) - TODO: check + NOT-FOR-US: O-RAN CVE-2024-34044 (The O-RAN E2T I-Release buildPrometheusList function can have a NULL p ...) - TODO: check + NOT-FOR-US: O-RAN CVE-2024-34043 (O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a ce ...) - TODO: check + NOT-FOR-US: O-RAN CVE-2024-33522 (In vulnerable versions of Calico (v3.27.2 and below), Calico Enterpris ...) TODO: check CVE-2024-33401 (Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remot ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-33350 (Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote at ...) - TODO: check + NOT-FOR-US: TaoCMS CVE-2024-31837 (DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string ...) TODO: check CVE-2024-28294 (Limbas up to v5.2.14 was discovered to contain a SQL injection vulnera ...) - TODO: check + NOT-FOR-US: Limbas CVE-2024-27518 (An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 all ...) - TODO: check + NOT-FOR-US: SUPERAntiSyware Professional X CVE-2024-1371 (The LeadConnector plugin for WordPress is vulnerable to unauthorized m ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0216 (The Google Doc Embedder plugin for WordPress is vulnerable to Server S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52728 (Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an i ...) - TODO: check + NOT-FOR-US: onos-lib-go CVE-2023-52727 (Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an i ...) - TODO: check + NOT-FOR-US: onos-lib-go CVE-2023-52726 (Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows i ...) - TODO: check + NOT-FOR-US: onos-ric-sdk-go CVE-2023-52725 (Open Networking Foundation SD-RAN ONOS onos-kpimon 0.4.7 allows blocki ...) - TODO: check + NOT-FOR-US: onos-kpimon CVE-2023-52724 (Open Networking Foundation SD-RAN onos-kpimon 0.4.7 allows out-of-boun ...) - TODO: check + NOT-FOR-US: onos-kpimon CVE-2023-50434 (emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen wit ...) - TODO: check + NOT-FOR-US: emdns CVE-2023-50433 (marshall in dhcp_packet.c in simple-dhcp-server through ec976d2 allows ...) - TODO: check + NOT-FOR-US: simple-dhcp-server CVE-2023-50432 (simple-dhcp-server through ec976d2 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: simple-dhcp-server CVE-2023-46960 (Buffer Overflow vulnerability in PyPXE v.1.8.4 allows a remote attacke ...) TODO: check CVE-2023-46566 (Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e3 ...) TODO: check CVE-2023-31889 (An issue discovered in httpd in ASUS RT-AC51U with firmware version up ...) - TODO: check + NOT-FOR-US: ASUS CVE-2024-4310 (Cross-site Scripting (XSS) vulnerability in HubBank affecting version ...) NOT-FOR-US: HubBank CVE-2024-4309 (SQL injection vulnerability in HubBank affecting version 1.0.2. This v ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e21e522e802fe281b76ffd02aec9554b9339bba4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e21e522e802fe281b76ffd02aec9554b9339bba4 You're receiving this email because of your account on
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9bf1d023 by Moritz Muehlenhoff at 2024-04-27T20:34:16+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,113 +1,113 @@ CVE-2024-4245 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4244 (A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4243 (A vulnerability classified as critical has been found in Tenda W9 1.0. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4242 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4241 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been decla ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4240 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been class ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4239 (A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as cr ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3052 (Malformed S2 Nonce Get command classes can be sent to crash the gatewa ...) - TODO: check + NOT-FOR-US: silabs CVE-2024-3051 (Malformed Device Reset Locally command classes can be sent to temporar ...) - TODO: check + NOT-FOR-US: silabs CVE-2024-3034 (The BackUpWordPress plugin for WordPress is vulnerable to Directory Tr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32887 (Sidekiq is simple, efficient background processing for Ruby. Sidekiq i ...) TODO: check CVE-2024-32883 (MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot u ...) - TODO: check + NOT-FOR-US: mcuboot CVE-2024-32881 (Danswer is the AI Assistant connected to company's docs, apps, and peo ...) - TODO: check + NOT-FOR-US: Danswer CVE-2024-32878 (Llama.cpp is LLM inference in C/C++. There is a use of uninitialized h ...) - TODO: check + NOT-FOR-US: llama.cpp CVE-2024-31828 (Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows att ...) - TODO: check + NOT-FOR-US: Lavalite CMS CVE-2024-31741 (Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote a ...) - TODO: check + NOT-FOR-US: MiniCMS CVE-2024-31601 (An issue in Beijing Panabit Network Software Co., Ltd Panalog big data ...) - TODO: check + NOT-FOR-US: Panabit CVE-2024-31551 (Directory Traversal vulnerability in lib/admin/image.admin.php in cmse ...) - TODO: check + NOT-FOR-US: cmseasy CVE-2024-31502 (An issue in Insurance Management System v.1.0.0 and before allows a re ...) - TODO: check + NOT-FOR-US: Insurance Management System CVE-2024-30804 (An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert ...) - TODO: check + NOT-FOR-US: ASUS CVE-2024-2859 (By default, SANnav OVA is shipped with root user login enabled. While ...) - TODO: check + NOT-FOR-US: Brocade CVE-2024-2838 (The WPC Composite Products for WooCommerce plugin for WordPress is vul ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2258 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact For ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28322 (SQL Injection vulnerability in /event-management-master/backend/regist ...) - TODO: check + NOT-FOR-US: PuneethReddyHC Event Management CVE-2024-4238 (A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4237 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4236 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4235 (A vulnerability classified as problematic was found in Netgear DG834Gv ...) - TODO: check + NOT-FOR-US: Netgear CVE-2024-4234 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: Sayful Islam Filterable Portfolio CVE-2024-4198 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-4195 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-4183 (Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x bef ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-4182 (Mattermost versions 9.6.0,
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1409aa55 by Moritz Muehlenhoff at 2024-04-25T11:17:39+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,25 +1,25 @@ CVE-2024-4173 (A vulnerability in Brocade SANnav ova versions before Brocade SANnav v ...) - TODO: check + NOT-FOR-US: Brocade CVE-2024-4161 (In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic receiv ...) - TODO: check + NOT-FOR-US: Brocade CVE-2024-4159 (Brocade SANnav before Brocade SANnav v2.3.1 lacks protection mechanism ...) - TODO: check + NOT-FOR-US: Brocade CVE-2024-3988 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3929 (The Content Views \u2013 Post Grid & Filter, Recent Posts, Category Po ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3893 (The Classified Listing \u2013 Classified ads & Business Directory Plug ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2907 (The AGCA WordPress plugin before 7.2.2 does not sanitise and escape s ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29205 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-23527 (An out-of-bounds read vulnerability in WLAvalancheService component of ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-20313 (A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-51478 (Improper Authentication vulnerability in Abdul Hakeem Build App Online ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-26926 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux [buster] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1409aa55264f4ca7c48e248816fb9cf588ecd2e4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1409aa55264f4ca7c48e248816fb9cf588ecd2e4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 410bf268 by Moritz Muehlenhoff at 2024-04-25T09:40:17+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -81,11 +81,11 @@ CVE-2024-4069 (A vulnerability, which was classified as critical, was found in K CVE-2024-4066 (A vulnerability classified as critical has been found in Tenda AC8 16. ...) NOT-FOR-US: Tenda CVE-2024-3371 (MongoDB Compass may accept and use insufficiently validated input from ...) - TODO: check + NOT-FOR-US: MongoDB Compass CVE-2024-3261 (The Strong Testimonials WordPress plugin before 3.1.12 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2024-33531 (cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsi ...) - TODO: check + NOT-FOR-US: lua-resty-jwt CVE-2024-32958 (Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannid ...) NOT-FOR-US: WordPress plugin CVE-2024-32956 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -121,7 +121,7 @@ CVE-2024-32872 (Umbraco workflow provides workflows for the Umbraco content mana CVE-2024-32869 (Hono is a Web application framework that provides support for any Java ...) NOT-FOR-US: Hono CVE-2024-32866 (Conform, a type-safe form validation library, allows the parsing of ne ...) - TODO: check + NOT-FOR-US: Conform CVE-2024-32836 (Unrestricted Upload of File with Dangerous Type vulnerability in WP La ...) NOT-FOR-US: WordPress plugin CVE-2024-32835 (Deserialization of Untrusted Data vulnerability in WebToffee Import Ex ...) @@ -226,17 +226,17 @@ CVE-2024-32078 (URL Redirection to Untrusted Site ('Open Redirect') vulnerabilit CVE-2024-32051 (Insertion of sensitive information into log file issue exists in RoamW ...) NOT-FOR-US: RoamWiFi CVE-2024-31616 (An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S ro ...) - TODO: check + NOT-FOR-US: RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers CVE-2024-31406 (Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45 ...) NOT-FOR-US: RoamWiFi CVE-2024-30886 (A stored cross-site scripting (XSS) vulnerability in the remotelink fu ...) NOT-FOR-US: HadSky CVE-2024-2972 (The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2404 (The Better Comments WordPress plugin before 1.5.6 does not sanitise an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2402 (The Better Comments WordPress plugin before 1.5.6 does not sanitise an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28977 (Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path ...) NOT-FOR-US: Dell CVE-2024-28976 (Dell Repository Manager, versions prior to 3.4.5, contains a Path Trav ...) @@ -244,61 +244,61 @@ CVE-2024-28976 (Dell Repository Manager, versions prior to 3.4.5, contains a Pat CVE-2024-28963 (Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive ...) NOT-FOR-US: Dell CVE-2024-28825 (Improper restriction of excessive authentication attempts on some auth ...) - TODO: check + - check-mk CVE-2024-28613 (SQL Injection vulnerability in PHP Task Management System v.1.0 allows ...) NOT-FOR-US: PHP Task Management System CVE-2024-27791 (The issue was addressed with improved checks. This issue is fixed in i ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-27537 REJECTED CVE-2024-27536 REJECTED CVE-2024-23271 (A logic issue was addressed with improved checks. This issue is fixed ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-23228 (This issue was addressed through improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-20359 (A vulnerability in a legacy capability that allowed for the preloading ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20358 (A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20356 (A vulnerability in the web-based management interface of Cisco Integra ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20353 (A vulnerability in the management and VPN web servers for Cisco Adapti ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20295 (A vulnerability in the CLI of the Cisco Integrated Management Controll ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-1756 (The WooCommerce Customers Manager WordPress plugin before 29.8 does no ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1743 (The WooCommerce Customers Manager WordPress plugin
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c5fad303 by Moritz Muehlenhoff at 2024-04-24T10:00:08+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20,7 +20,7 @@ CVE-2024-3665 (The Rank Math SEO with AI SEO Tools plugin for WordPress is vulne CVE-2024-3491 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2024-3185 (A key used in logging.json does not follow the least privilege princip ...) - TODO: check + NOT-FOR-US: Rapid7 CVE-2024-33217 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) NOT-FOR-US: Tenda CVE-2024-33215 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) @@ -56,11 +56,11 @@ CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop Protocol. NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bf (3.5.1) CVE-2024-32482 (The Tillitis TKey signer device application is an ed25519 signing tool ...) - TODO: check + NOT-FOR-US: Tillitis TKey CVE-2024-32258 (The network server of fceux 2.7.0 has a path traversal vulnerability, ...) TODO: check CVE-2024-31804 (An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.2 ...) - TODO: check + NOT-FOR-US: Terratec CVE-2024-31208 (Synapse is an open-source Matrix homeserver. A remote Matrix user with ...) TODO: check CVE-2024-30800 (PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly z ...) @@ -72,9 +72,9 @@ CVE-2024-28627 (An issue in Flipsnack v.18/03/2024 allows a local attacker to ob CVE-2024-28130 (An incorrect type conversion vulnerability exists in the DVPSSoftcopyV ...) TODO: check CVE-2024-21979 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) - TODO: check + NOT-FOR-US: AMD Radeon Windows driver CVE-2024-21972 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) - TODO: check + NOT-FOR-US: AMD Radeon Windows driver CVE-2024-0900 (The Elespare \u2013 Build Your Blog, News & Magazine Websites with Exp ...) NOT-FOR-US: WordPress plugin CVE-2023-47731 (IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5fad30314e892f1bb374ad9c1e8441185c47208 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5fad30314e892f1bb374ad9c1e8441185c47208 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7b770f25 by Moritz Muehlenhoff at 2024-04-23T11:15:32+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,51 +1,51 @@ CVE-2024-4031 (Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM ...) - TODO: check + NOT-FOR-US: Logitech CVE-2024-3889 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3664 (The Quick Featured Images plugin for WordPress is vulnerable to unauth ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3293 (The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32657 (Hydra is a Continuous Integration service for Nix based projects. Atta ...) - TODO: check + NOT-FOR-US: Hydra CVE-2024-32656 (Ant Media Server is live streaming engine software. A local privilege ...) - TODO: check + NOT-FOR-US: Ant Media Server CVE-2024-32653 (jadx is a Dex to Java decompiler. Prior to version 1.5.0, the packag ...) - TODO: check + NOT-FOR-US: jadx CVE-2024-32480 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...) - TODO: check + NOT-FOR-US: LibreNMS CVE-2024-32479 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...) - TODO: check + NOT-FOR-US: LibreNMS CVE-2024-32461 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...) - TODO: check + NOT-FOR-US: LibreNMS CVE-2024-32394 (An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01 ...) - TODO: check + NOT-FOR-US: ruijie.com/cn CVE-2024-31857 (Forminator prior to 1.15.4 contains a cross-site scripting vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31077 (Forminator prior to 1.29.3 contains a SQL injection vulnerability. If ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31036 (A heap-buffer-overflow vulnerability in the read_byte function in Nano ...) - TODO: check + NOT-FOR-US: NanoMQ CVE-2024-2799 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2798 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2760 (Bkav Home v7816, build 2403161130 is vulnerable to a Memory Informatio ...) - TODO: check + NOT-FOR-US: Bkac CVE-2024-2493 (Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This is ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2024-29368 (An issue discovered in moziloCMS v2.0 allows attackers to bypass file ...) - TODO: check + NOT-FOR-US: moziloCMS CVE-2024-28890 (Forminator prior to 1.29.0 contains an unrestricted upload of file wit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27574 (SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 a ...) - TODO: check + NOT-FOR-US: Trainme Academy CVE-2024-21511 (Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrar ...) - TODO: check + NOT-FOR-US: Node mysql2 CVE-2024-1241 (Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulne ...) - TODO: check + NOT-FOR-US: Watchdog Antivirus CVE-2023-6833 (Insertion of Sensitive Information into Log File vulnerability in Hita ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2023-48184 (QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free b ...) TODO: check CVE-2023-48183 (QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer derefe ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b770f259ccabac896d8718b266fa14b3b6d1815 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b770f259ccabac896d8718b266fa14b3b6d1815 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 31bf8786 by Moritz Muehlenhoff at 2024-04-22T23:27:47+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,87 +1,87 @@ CVE-2024-4040 (VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1. ...) - TODO: check + NOT-FOR-US: CrushFTP CVE-2024-4026 (Cross-Site Scripting (XSS) vulnerability in the Holded application. Th ...) - TODO: check + NOT-FOR-US: Holded CVE-2024-3645 (The Essential Addons for Elementor Pro plugin for WordPress is vulnera ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32691 (Missing Authorization vulnerability in realmag777 Active Products Tabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32688 (Missing Authorization vulnerability in Long Watch Studio MyRewards.Thi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32687 (Missing Authorization vulnerability in WPClever WPC Frequently Bought ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32684 (Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32682 (Missing Authorization vulnerability in BdThemes Prime Slider \u2013 Ad ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32681 (Missing Authorization vulnerability in BdThemes Prime Slider \u2013 Ad ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32407 (An issue in inducer relate before v.2024.1 allows a remote attacker to ...) - TODO: check + NOT-FOR-US: inducer relate CVE-2024-32405 (Cross Site Scripting vulnerability in inducer relate before v.2024.1 a ...) - TODO: check + NOT-FOR-US: inducer relate CVE-2024-32399 (Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 a ...) - TODO: check + NOT-FOR-US: RaidenMAILD Mail Server CVE-2024-32368 (Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-L ...) - TODO: check + NOT-FOR-US: Agasta Sanketlife CVE-2024-32238 (H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password ...) - TODO: check + NOT-FOR-US: H3C ER8300G2-X CVE-2024-32205 REJECTED CVE-2024-31666 (An issue in flusity-CMS v.2.33 allows a remote attacker to execute arb ...) - TODO: check + NOT-FOR-US: flusity-CMS CVE-2024-31545 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...) - TODO: check + NOT-FOR-US: Computer Laboratory Management System CVE-2024-29661 (A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-29376 (Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Pr ...) - TODO: check + NOT-FOR-US: Sylius CVE-2024-28717 (An issue in OpenStack Storlets yoga-eom allows a remote attacker to ex ...) - TODO: check + NOT-FOR-US: OpenStack Storlets yoga-eom CVE-2024-28699 (A buffer overflow vulnerability in pdf2json v0.70 allows a local attac ...) TODO: check CVE-2024-28436 (Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DA ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-22856 (A SQL injection vulnerability via the Save Favorite Search function in ...) - TODO: check + NOT-FOR-US: Axefinance Axe Credit Portal CVE-2024-22815 (An issue in the communication protocol of Tormach xsTECH CNC Router, P ...) - TODO: check + NOT-FOR-US: Tormach xsTECH CVE-2024-22813 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) - TODO: check + NOT-FOR-US: Tormach xsTECH CVE-2024-22811 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) - TODO: check + NOT-FOR-US: Tormach xsTECH CVE-2024-22809 (Incorrect access control in Tormach xsTECH CNC Router, PathPilot Contr ...) - TODO: check + NOT-FOR-US: Tormach xsTECH CVE-2024-22808 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) - TODO: check + NOT-FOR-US: Tormach xsTECH CVE-2024-22807 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) - TODO: check + NOT-FOR-US: Tormach xsTECH CVE-2023-38302 (A certain software build for the Sharp Rouvo V device (SHARP/VZW_STTM2 ...) - TODO: check + NOT-FOR-US: Sharp CVE-2023-38301 (An issue was discovered in a third-party component related to vendor.g ...) - TODO: check + NOT-FOR-US: vendor.gsm.serial, CVE-2023-38300 (A certain software build for the Orbic Maui device (Orbic/RC545L/RC545 ...) - TODO: check + NOT-FOR-US: Orbic Maui CVE-2023-38299
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: a7a1fda4 by Moritz Muehlenhoff at 2024-04-22T15:51:46+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2024-27349 + NOT-FOR-US: Apache HugeGraph-Hubble +CVE-2024-27348 + NOT-FOR-US: Apache HugeGraph-Hubble +CVE-2024-27347 + NOT-FOR-US: Apache HugeGraph-Hubble CVE-2024-4022 (A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-18 ...) NOT-FOR-US: Keenetic router CVE-2024-4021 (A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-18 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7a1fda4da097e201f51b2b705e0b67a02144825 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7a1fda4da097e201f51b2b705e0b67a02144825 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 868ccb12 by Moritz Muehlenhoff at 2024-04-22T12:48:59+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,17 +17,17 @@ CVE-2024-32693 (Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Au CVE-2024-32690 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32418 (An issue in flusity CMS v2.33 allows a remote attacker to execute arbi ...) - TODO: check + NOT-FOR-US: flusity CMS CVE-2024-30799 (An issue in PX4 Autopilot v1.14 and before allows a remote attacker to ...) - TODO: check + NOT-FOR-US: PX4 Autopilot CVE-2024-28722 (Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3 ...) - TODO: check + NOT-FOR-US: Innovaphone CVE-2023-7252 (The Tickera WordPress plugin before 3.5.2.5 does not prevent users fr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2018-25101 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Koha Library Management System CVE-2015-10132 (A vulnerability classified as problematic was found in Thimo Grauerhol ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32041 [OutOfBound Read in zgfx_decompress_segment] - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 @@ -89,7 +89,7 @@ CVE-2024-31991 (Mealie is a self hosted recipe manager and meal planner. Prior t CVE-2024-31584 (Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the ...) TODO: check CVE-2024-30974 (SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to ...) - TODO: check + NOT-FOR-US: autoexpress CVE-2024-22905 (Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote ...) NOT-FOR-US: ARM mbed-os CVE-2024-1730 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) @@ -127,7 +127,7 @@ CVE-2024-3470 (An Improper Privilege Management vulnerability was identified in CVE-2024-32683 (Authorization Bypass Through User-Controlled Key vulnerability in Wpme ...) NOT-FOR-US: WordPress plugin CVE-2024-32652 (The adapter @hono/node-server allows you to run your Hono application ...) - TODO: check + NOT-FOR-US: @hono/node-server CVE-2024-32650 (Rustls is a modern TLS library written in Rust. `rustls::ConnectionCom ...) TODO: check CVE-2024-32644 (Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain tha ...) @@ -144,7 +144,7 @@ CVE-2024-32409 (An issue in SEMCMS v.4.8 allows a remote attacker to execute arb CVE-2024-32206 (A stored cross-site scripting (XSS) vulnerability in the component \af ...) NOT-FOR-US: WUZHICMS CVE-2024-32166 (Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - ...) - TODO: check + NOT-FOR-US: Webid CVE-2024-32038 (Wazuh is a free and open source platform used for threat prevention, d ...) NOT-FOR-US: Wazuh CVE-2024-31846 (An issue was discovered in Italtel Embrace 1.6.4. The web application ...) @@ -235,13 +235,13 @@ CVE-2024-29957 (When Brocade SANnav before v2.3.1 and v2.3.0a servers are config CVE-2024-29204 (A Heap Overflow vulnerability in WLAvalancheService component of Ivant ...) NOT-FOR-US: Ivanti CVE-2024-29183 (OpenRASP is a RASP solution that directly integrates its protection en ...) - TODO: check + NOT-FOR-US: OpenRASP CVE-2024-29030 (memos is a privacy-first, lightweight note-taking service. In memos 0. ...) - TODO: check + NOT-FOR-US: memos CVE-2024-29029 (memos is a privacy-first, lightweight note-taking service. In memos 0. ...) - TODO: check + NOT-FOR-US: memos CVE-2024-29028 (memos is a privacy-first, lightweight note-taking service. In memos 0. ...) - TODO: check + NOT-FOR-US: memos CVE-2024-27984 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...) NOT-FOR-US: Ivanti CVE-2024-27978 (A Null Pointer Dereference vulnerability in WLAvalancheService compone ...) @@ -307,9 +307,9 @@ CVE-2024-1681 (corydolphin/flask-cors is vulnerable to log injection when the lo CVE-2024-1491 (The devices allow access to an unprotected endpoint that allows MPFS ...) NOT-FOR-US: Electrolink CVE-2024-1065 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...) - TODO: check + NOT-FOR-US: Arm CVE-2024-0671 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm ...) - TODO: check + NOT-FOR-US: Arm CVE-2023-51798 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...) TODO: check CVE-2023-51797 (Buffer
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b181450 by Moritz Muehlenhoff at 2024-04-19T15:23:58+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1270,7 +1270,7 @@ CVE-2024-21100 (Vulnerability in the Oracle Commerce Platform product of Oracle CVE-2024-21099 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2024-21098 (Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise ...) - TODO: check + NOT-FOR-US: Oracle CVE-2024-21097 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2024-21096 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) @@ -1501,7 +1501,7 @@ CVE-2024-20990 (Vulnerability in the Oracle Applications Technology product of O CVE-2024-20989 (Vulnerability in the Oracle Hospitality Simphony product of Oracle Foo ...) NOT-FOR-US: Oracle CVE-2024-20954 (Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise ...) - TODO: check + NOT-FOR-US: Oracle CVE-2024-1357 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-1219 (The Easy Social Feed WordPress plugin before 6.5.6 does not validate ...) @@ -6188,7 +6188,7 @@ CVE-2024-2322 (The WooCommerce Cart Abandonment Recovery WordPress plugin before CVE-2024-29734 (Uncontrolled search path element issue exists in SonicDICOM Media View ...) NOT-FOR-US: SonicDICOM Media Viewer CVE-2024-29733 - - airflow (bug #819700) + NOT-FOR-US: Airflow FTP provider CVE-2024-29434 (An issue in the system image upload interface of Alldata v0.4.6 allows ...) NOT-FOR-US: Alldata CVE-2024-29432 (Alldata v0.4.6 was discovered to contain a SQL injection vulnerability ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b181450d83981c79e9b143b89b4ebd2ed749df9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b181450d83981c79e9b143b89b4ebd2ed749df9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 45fd8b11 by Moritz Muehlenhoff at 2024-04-19T10:22:16+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -107,15 +107,15 @@ CVE-2024-32552 (Improper Neutralization of Input During Web Page Generation ('Cr CVE-2024-32551 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32477 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure ...) - TODO: check + NOT-FOR-US: Deno CVE-2024-32475 (Envoy is a cloud-native, open source edge and service proxy. When an u ...) - envoyproxy (bug #987544) CVE-2024-32474 (Sentry is an error tracking and performance monitoring platform. Prior ...) NOT-FOR-US: Sentry CVE-2024-32470 (Tolgee is an open-source localization platform. When API key created b ...) - TODO: check + NOT-FOR-US: Tolgee CVE-2024-32466 (Tolgee is an open-source localization platform. For the `/v2/projects/ ...) - TODO: check + NOT-FOR-US: Tolgee CVE-2024-32462 (Flatpak is a system for building, distributing, and running sandboxed ...) - flatpak 1.14.6-1 NOTE: https://www.openwall.com/lists/oss-security/2024/04/18/5 @@ -145,55 +145,55 @@ CVE-2024-32126 (Improper Neutralization of Input During Web Page Generation ('Cr CVE-2024-31229 (Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plug ...) NOT-FOR-US: WordPress plugin CVE-2024-30564 (An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1. ...) - TODO: check + NOT-FOR-US: nora-firebase-common CVE-2024-30257 (1Panel is an open source Linux server operation and maintenance manage ...) - TODO: check + NOT-FOR-US: 1Panel CVE-2024-2833 (The Jobs for WordPress plugin for WordPress is vulnerable to Reflected ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2796 (A server-side request forgery (SSRF) was discovered in the Akana Commu ...) - TODO: check + NOT-FOR-US: Akana Community Manager Developer Portal CVE-2024-29987 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-29986 (Microsoft Edge for Android (Chromium-based) Information Disclosure Vul ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-29021 (Judge0 is an open-source online code execution system. The default con ...) - TODO: check + NOT-FOR-US: Judge0 CVE-2024-29003 (The SolarWinds Platform was susceptible to a XSS vulnerability that af ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2024-29001 (A SolarWinds Platform SWQL Injection Vulnerability was identified in t ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2024-28189 (Judge0 is an open-source online code execution system. The application ...) - TODO: check + NOT-FOR-US: Judge0 CVE-2024-28185 (Judge0 is an open-source online code execution system. The application ...) - TODO: check + NOT-FOR-US: Judge0 CVE-2024-28076 (The SolarWinds Platform was susceptible to a Arbitrary Open Redirectio ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2024-27306 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) TODO: check CVE-2024-24910 (A local attacker can escalate privileges on affected Check Point ZoneA ...) - TODO: check + NOT-FOR-US: Check Point CVE-2024-23557 (HCL Connections contains a user enumeration vulnerability. Certain act ...) - TODO: check + NOT-FOR-US: HCL CVE-2024-20380 (A vulnerability in the HTML parser of ClamAV could allow an unauthenti ...) TODO: check CVE-2023-6897 (The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6892 (The EAN for WooCommerce plugin for WordPress is vulnerable to Stored C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-50885 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49768 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49742 (Missing Authorization vulnerability in Support Genix.This issue affect ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47843 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-41864 (Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Group Pe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-3758 (A
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: a876ec28 by Moritz Muehlenhoff at 2024-04-18T11:33:26+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,55 +3,55 @@ CVE-2024-3177 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here CVE-2024-3932 (A vulnerability classified as problematic has been found in Totara LMS ...) - TODO: check + NOT-FOR-US: Totara LMS CVE-2024-3931 (A vulnerability was found in Totara LMS 18.0.1 Build 20231128.01. It h ...) - TODO: check + NOT-FOR-US: Totara LMS CVE-2024-3928 (A vulnerability was found in Dromara open-capacity-platform 2.0.1. It ...) - TODO: check + NOT-FOR-US: Dromara open-capacity-platform CVE-2024-32746 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) - TODO: check + NOT-FOR-US: WonderCMS CVE-2024-32745 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) - TODO: check + NOT-FOR-US: WonderCMS CVE-2024-32744 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) - TODO: check + NOT-FOR-US: WonderCMS CVE-2024-32743 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) - TODO: check + NOT-FOR-US: WonderCMS CVE-2024-32472 (excalidraw is an open source virtual hand-drawn style whiteboard. A st ...) - TODO: check + NOT-FOR-US: excalidraw CVE-2024-32345 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...) - TODO: check + NOT-FOR-US: CMSimple CVE-2024-32344 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...) - TODO: check + NOT-FOR-US: CMSimple CVE-2024-32343 (A cross-site scripting (XSS) vulnerability in the Create Page of Boid ...) - TODO: check + NOT-FOR-US: Boid CMS CVE-2024-32342 (A cross-site scripting (XSS) vulnerability in the Create Page of Boid ...) - TODO: check + NOT-FOR-US: Boid CMS CVE-2024-32341 (Multiple cross-site scripting (XSS) vulnerabilities in the Home page o ...) - TODO: check + NOT-FOR-US: WonderCMS CVE-2024-32340 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) - TODO: check + NOT-FOR-US: WonderCMS CVE-2024-32339 (Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page ...) - TODO: check + NOT-FOR-US: WonderCMS CVE-2024-32338 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) - TODO: check + NOT-FOR-US: WonderCMS CVE-2024-32337 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) - TODO: check + NOT-FOR-US: WonderCMS CVE-2024-31869 (Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows ...) - TODO: check + - airflow (bug #819700) CVE-2024-2729 (The Otter Blocks WordPress plugin before 2.6.6 does not properly esca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29956 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the ...) - TODO: check + NOT-FOR-US: Brocade CVE-2024-29955 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allo ...) - TODO: check + NOT-FOR-US: Brocade CVE-2024-29952 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allo ...) - TODO: check + NOT-FOR-US: Brocade CVE-2024-1429 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1426 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4509 (It is possible for an API key to be logged in clear text in the audit ...) - TODO: check + NOT-FOR-US: Octopus Deploy CVE-2023-4235 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) TODO: check CVE-2023-4234 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) @@ -79,7 +79,7 @@ CVE-2024-3905 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has be CVE-2024-3900 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long ...) TODO: check CVE-2024-3825 (Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw ...) - TODO: check + NOT-FOR-US: Jenkins plugin CVE-2024-3817 (HashiCorp\u2019s go-getter library is vulnerable to argument injection ...) - golang-github-hashicorp-go-getter NOTE:
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 409e87f7 by Moritz Muehlenhoff at 2024-04-17T13:47:47+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,7 +29,7 @@ CVE-2024-3867 (The archive-tainacan-collection theme for WordPress is vulnerable CVE-2024-3672 (The BA Book Everything plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-3660 (A arbitrary code injection vulnerability in TensorFlow's Keras framewo ...) - TODO: check + - tensorflow (bug #804612) CVE-2024-3367 (Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1. ...) - check-mk CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) @@ -37,15 +37,15 @@ CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is vuln CVE-2024-3067 (The WooCommerce Google Feed Manager plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-32634 (In huge memory get unmapped area check, code can never be reached beca ...) - TODO: check + NOT-FOR-US: ASR Falcon CVE-2024-32633 (An unsigned value can never be negative, so eMMC full disk test will a ...) - TODO: check + NOT-FOR-US: ASR Falcon CVE-2024-32632 (A value in ATCMD will be misinterpreted by printf, causing incorrect o ...) - TODO: check + NOT-FOR-US: ASR Falcon CVE-2024-32631 (Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect compu ...) - TODO: check + NOT-FOR-US: ASR Falcon CVE-2024-32625 (In OffloadAMRWriter, a scalar field is not initialized so will contain ...) - TODO: check + NOT-FOR-US: ASR Falcon CVE-2024-32532 (Missing Authorization vulnerability in SiteGround Speed Optimizer.This ...) NOT-FOR-US: WordPress plugin CVE-2024-32525 (Missing Authorization vulnerability in Theme My Login.This issue affec ...) @@ -113,7 +113,7 @@ CVE-2024-30380 (An Improper Handling of Exceptional Conditions vulnerability in CVE-2024-30378 (A Use After Free vulnerability in command processing of Juniper Networ ...) NOT-FOR-US: Juniper CVE-2024-30256 (Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable ...) - TODO: check + NOT-FOR-US: Open WebUI CVE-2024-2309 (The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, ...) NOT-FOR-US: WordPress plugin CVE-2024-2118 (The Social Media Share Buttons & Social Sharing Icons WordPress plugin ...) @@ -127,7 +127,7 @@ CVE-2024-29402 (cskefu v7 suffers from Insufficient Session Expiration, which al CVE-2024-29291 (An issue in Laravel Framework 8 through 11 might allow a remote attack ...) TODO: check CVE-2024-27086 (The MSAL library enabled acquisition of security tokens to call protec ...) - TODO: check + NOT-FOR-US: microsoft-authentication-library-for-dotnet CVE-2024-25911 (Missing Authorization vulnerability in Skymoon Labs MoveTo.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-22440 (A potential security vulnerability has been identified in HPE Compute ...) @@ -179,7 +179,7 @@ CVE-2024-21103 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt CVE-2024-21102 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 CVE-2024-21101 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - TODO: check + NOT-FOR-US: MySQL Cluster CVE-2024-21100 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) NOT-FOR-US: Oracle CVE-2024-21099 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) @@ -423,13 +423,13 @@ CVE-2024-1219 (The Easy Social Feed WordPress plugin before 6.5.6 does not vali CVE-2024-0868 (The coreActivity: Activity Logging plugin for WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2023-51391 (A bug in Micrium OS Network HTTP Server permits an invalid pointer der ...) - TODO: check + NOT-FOR-US: Micrium OS Network HTTP Server CVE-2023-50872 (The API in Accredible Credential.net December 6th, 2023 allows an Inse ...) - TODO: check + NOT-FOR-US: Accredible Credential.net API CVE-2023-45000 (Missing Authorization vulnerability in LiteSpeed Technologies LiteSpee ...) - TODO: check + NOT-FOR-US: LiteSpeed Technologies CVE-2023-4 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: LiteSpeed Technologies CVE-2024- [gix-transport indirect code execution via malicious username] - rust-gix-transport 0.42.0-1 NOTE: https://github.com/advisories/GHSA-98p4-xjmm-8mfh View it on GitLab:
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 13471cfc by Moritz Muehlenhoff at 2024-04-17T13:11:58+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,7 +17,7 @@ CVE-2024-3875 (A vulnerability was found in Tenda F1202 1.2.0.20(408). It has be CVE-2024-3874 (A vulnerability was found in Tenda W20E 15.11.0.6. It has been declare ...) NOT-FOR-US: Tenda CVE-2024-3873 (A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It has bee ...) - TODO: check + NOT-FOR-US: SMI-EX-5414W CVE-2024-3872 (Mattermost Mobile app versions 2.13.0 and earlier use a regular expres ...) NOT-FOR-US: Mattermost Mobile app CVE-2024-3871 (The Delta Electronics DVW-W02W2-E2 devices expose a web administration ...) @@ -81,17 +81,17 @@ CVE-2024-32254 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unres CVE-2024-32086 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-32027 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22. ...) - TODO: check + NOT-FOR-US: Kohya_ss CVE-2024-32026 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...) - TODO: check + NOT-FOR-US: Kohya_ss CVE-2024-32025 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...) - TODO: check + NOT-FOR-US: Kohya_ss CVE-2024-32024 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...) - TODO: check + NOT-FOR-US: Kohya_ss CVE-2024-32023 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...) - TODO: check + NOT-FOR-US: Kohya_ss CVE-2024-32022 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is ...) - TODO: check + NOT-FOR-US: Kohya_ss CVE-2024-31887 (IBM Security Verify Privilege 11.6.25 could allow an unauthenticated a ...) NOT-FOR-US: IBM CVE-2024-31760 (An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attac ...) @@ -107,7 +107,7 @@ CVE-2024-31452 (OpenFGA is a high-performance and flexible authorization/permiss CVE-2024-31451 (DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable ...) NOT-FOR-US: DocsGPT CVE-2024-31446 (OpenComputers is a Minecraft mod that adds programmable computers and ...) - TODO: check + NOT-FOR-US: OpenComputers Minecraft mod CVE-2024-30380 (An Improper Handling of Exceptional Conditions vulnerability in Junipe ...) NOT-FOR-US: Juniper CVE-2024-30378 (A Use After Free vulnerability in command processing of Juniper Networ ...) @@ -119,9 +119,9 @@ CVE-2024-2309 (The WP STAGING WordPress Backup Plugin WordPress plugin before 3 CVE-2024-2118 (The Social Media Share Buttons & Social Sharing Icons WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2024-2102 (The Salon booking system WordPress plugin before 9.6.3 does not proper ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2101 (The Salon booking system WordPress plugin before 9.6.3 does not proper ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29402 (cskefu v7 suffers from Insufficient Session Expiration, which allows a ...) NOT-FOR-US: cskefu CVE-2024-29291 (An issue in Laravel Framework 8 through 11 might allow a remote attack ...) @@ -141,13 +141,13 @@ CVE-2024-21676 (This High severity Injection vulnerability was introduced in ver CVE-2024-21121 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.16-dfsg-1 CVE-2024-21120 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) - TODO: check + NOT-FOR-US: Oracle CVE-2024-21119 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) - TODO: check + NOT-FOR-US: Oracle CVE-2024-21118 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) - TODO: check + NOT-FOR-US: Oracle CVE-2024-21117 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) - TODO: check + NOT-FOR-US: Oracle CVE-2024-21116 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.16-dfsg-1 CVE-2024-21115 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) @@ -171,9 +171,9 @@ CVE-2024-21107 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt CVE-2024-21106 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.16-dfsg-1 CVE-2024-21105 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) - TODO: check + NOT-FOR-US: Oracle CVE-2024-21104 (Vulnerability in the Oracle
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1061b75c by Moritz Muehlenhoff at 2024-04-16T10:57:45+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb) - TODO: check + NOT-FOR-US: mindsdb CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the Authorizat ...) - python-scrapy 2.11.1-1 NOTE: https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv @@ -15,7 +15,7 @@ CVE-2024-3572 (The scrapy/scrapy project is vulnerable to XML External Entity (X CVE-2024-3571 (langchain-ai/langchain is vulnerable to path traversal due to improper ...) NOT-FOR-US: langchain CVE-2024-3493 (A specific malformed fragmented packet type (fragmented packets may be ...) - TODO: check + NOT-FOR-US: Rockwell CVE-2024-3271 (A command injection vulnerability exists in the run-llama/llama_index ...) NOT-FOR-US: llama_index CVE-2024-3029 (In mintplex-labs/anything-llm, an attacker can exploit improper input ...) @@ -25,7 +25,7 @@ CVE-2024-3028 (mintplex-labs/anything-llm is vulnerable to improper input valida CVE-2024-32557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32036 (ImageSharp is a 2D graphics API. A heap-use-after-free flaw was found ...) - TODO: check + NOT-FOR-US: ImageSharp CVE-2024-31784 (An issue in Typora v.1.8.10 and before, allows a local attacker to obt ...) NOT-FOR-US: Typora CVE-2024-31783 (Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, ...) @@ -63,29 +63,29 @@ CVE-2024-23558 (HCL DevOps Deploy / HCL Launch does not invalidate session after CVE-2024-22262 (Applications that use UriComponentsBuilderto parse an externally provi ...) TODO: check CVE-2024-1961 (vertaai/modeldb is vulnerable to a path traversal attack due to improp ...) - TODO: check + NOT-FOR-US: vertaai/modeldb CVE-2024-1739 (lunary-ai/lunary is vulnerable to an authentication issue due to impro ...) - TODO: check + NOT-FOR-US: lunary-ai/lunary CVE-2024-1738 (An incorrect authorization vulnerability exists in the lunary-ai/lunar ...) - TODO: check + NOT-FOR-US: lunary-ai/lunary CVE-2024-1666 (In lunary-ai/lunary version 1.0.0, an authorization flaw exists that a ...) - TODO: check + NOT-FOR-US: lunary-ai/lunary CVE-2024-1665 (lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluatio ...) - TODO: check + NOT-FOR-US: lunary-ai/lunary CVE-2024-1646 (parisneo/lollms-webui is vulnerable to authentication bypass due to in ...) - TODO: check + NOT-FOR-US: lollms-webui CVE-2024-1626 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...) - TODO: check + NOT-FOR-US: lunary-ai/lunary CVE-2024-1601 (An SQL injection vulnerability exists in the `delete_discussion()` fun ...) - TODO: check + NOT-FOR-US: lollms-webui CVE-2024-1594 (A path traversal vulnerability exists in the mlflow/mlflow repository, ...) NOT-FOR-US: mlflow CVE-2024-1593 (A path traversal vulnerability exists in the mlflow/mlflow repository ...) NOT-FOR-US: mlflow CVE-2024-1569 (parisneo/lollms-webui is vulnerable to a denial of service (DoS) attac ...) - TODO: check + NOT-FOR-US: lollms-webui CVE-2024-1561 (An issue was discovered in gradio-app/gradio, where the `/component_se ...) - TODO: check + NOT-FOR-US: Gradio CVE-2024-1560 (A path traversal vulnerability exists in the mlflow/mlflow repository, ...) NOT-FOR-US: mlflow CVE-2024-1558 (A path traversal vulnerability exists in the `_create_model_version()` ...) @@ -93,17 +93,17 @@ CVE-2024-1558 (A path traversal vulnerability exists in the `_create_model_versi CVE-2024-1483 (A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, ...) NOT-FOR-US: mlflow CVE-2024-1456 (An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 ...) - TODO: check + NOT-FOR-US: h2oai/h2o-3 CVE-2024-1183 (An SSRF (Server-Side Request Forgery) vulnerability exists in the grad ...) - TODO: check + NOT-FOR-US: Gradio CVE-2024-1135 (Gunicorn fails to properly validate Transfer-Encoding headers, leading ...) TODO: check CVE-2024-0549 (mintplex-labs/anything-llm is vulnerable to a relative path traversal ...) - TODO: check + NOT-FOR-US: mintplex-labs/anything-llm CVE-2024-0404 (A mass assignment vulnerability exists in the `/api/invite/:code` endp ...) - TODO: check + NOT-FOR-US: mintplex-labs/anything-llm CVE-2023-33806 (Insecure default configurations in Hikvision
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: feb30c84 by Moritz Muehlenhoff at 2024-04-16T10:45:26+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,57 +3,57 @@ CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb) CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the Authorizat ...) TODO: check CVE-2024-3573 (mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to impro ...) - TODO: check + NOT-FOR-US: mlflow CVE-2024-3572 (The scrapy/scrapy project is vulnerable to XML External Entity (XXE) a ...) TODO: check CVE-2024-3571 (langchain-ai/langchain is vulnerable to path traversal due to improper ...) - TODO: check + NOT-FOR-US: langchain CVE-2024-3493 (A specific malformed fragmented packet type (fragmented packets may be ...) TODO: check CVE-2024-3271 (A command injection vulnerability exists in the run-llama/llama_index ...) - TODO: check + NOT-FOR-US: llama_index CVE-2024-3029 (In mintplex-labs/anything-llm, an attacker can exploit improper input ...) - TODO: check + NOT-FOR-US: anything-llm CVE-2024-3028 (mintplex-labs/anything-llm is vulnerable to improper input validation, ...) - TODO: check + NOT-FOR-US: anything-llm CVE-2024-32557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32036 (ImageSharp is a 2D graphics API. A heap-use-after-free flaw was found ...) TODO: check CVE-2024-31784 (An issue in Typora v.1.8.10 and before, allows a local attacker to obt ...) - TODO: check + NOT-FOR-US: Typora CVE-2024-31783 (Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, ...) - TODO: check + NOT-FOR-US: Typora CVE-2024-31652 (A cross-site scripting (XSS) in Cosmetics and Beauty Product Online St ...) - TODO: check + NOT-FOR-US: Cosmetics and Beauty Product Online Store CVE-2024-31651 (A cross-site scripting (XSS) in Cosmetics and Beauty Product Online St ...) - TODO: check + NOT-FOR-US: Cosmetics and Beauty Product Online Store CVE-2024-31650 (A cross-site scripting (XSS) in Cosmetics and Beauty Product Online St ...) - TODO: check + NOT-FOR-US: Cosmetics and Beauty Product Online Store CVE-2024-31649 (A cross-site scripting (XSS) in Cosmetics and Beauty Product Online St ...) - TODO: check + NOT-FOR-US: Cosmetics and Beauty Product Online Store CVE-2024-31648 (Cross Site Scripting (XSS) in Insurance Management System v1.0, allows ...) - TODO: check + NOT-FOR-US: Insurance Management System CVE-2024-31634 (Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 a ...) - TODO: check + NOT-FOR-US: Xunruicms CVE-2024-30656 (An issue in Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-202 ...) - TODO: check + NOT-FOR-US: ireboltt Dream Wristphone CVE-2024-30567 (An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allow ...) - TODO: check + NOT-FOR-US: JNT Telecom JNT Liftcom UMS CVE-2024-2912 (An insecure deserialization vulnerability exists in the BentoML framew ...) - TODO: check + NOT-FOR-US: BentoML CVE-2024-2424 (An input validation vulnerability exists in the Rockwell Automation501 ...) - TODO: check + NOT-FOR-US: Rockwell CVE-2024-2260 (A session fixation vulnerability exists in the zenml-io/zenml applicat ...) - TODO: check + NOT-FOR-US: zenml CVE-2024-2083 (A directory traversal vulnerability exists in the zenml-io/zenml repos ...) - TODO: check + NOT-FOR-US: zenml CVE-2024-27794 (Claris FileMaker Server before version 20.3.2 was susceptible to a ref ...) - TODO: check + NOT-FOR-US: CLaris CVE-2024-23561 (HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information ...) - TODO: check + NOT-FOR-US: HCL CVE-2024-23558 (HCL DevOps Deploy / HCL Launch does not invalidate session after logou ...) - TODO: check + NOT-FOR-US: HCL CVE-2024-22262 (Applications that use UriComponentsBuilderto parse an externally provi ...) TODO: check CVE-2024-1961 (vertaai/modeldb is vulnerable to a path traversal attack due to improp ...) @@ -73,19 +73,19 @@ CVE-2024-1626 (An Insecure Direct Object Reference (IDOR) vulnerability exists i CVE-2024-1601 (An SQL injection vulnerability exists in the `delete_discussion()` fun ...) TODO: check CVE-2024-1594 (A path traversal vulnerability exists in the mlflow/mlflow repository, ...) - TODO: check + NOT-FOR-US: mlflow CVE-2024-1593 (A path traversal vulnerability exists in the mlflow/mlflow repository ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 210e00e9 by Moritz Muehlenhoff at 2024-04-16T09:51:41+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -173,89 +173,89 @@ CVE-2024-30840 (A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows CVE-2024-30546 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Login With ...) NOT-FOR-US: WordPress plugin CVE-2024-30220 (Command injection vulnerability in MZK-MF300N all firmware versions al ...) - TODO: check + NOT-FOR-US: MZK-MF300N CVE-2024-30219 (Active debug code vulnerability exists in MZK-MF300N all firmware vers ...) - TODO: check + NOT-FOR-US: MZK-MF300N CVE-2024-2659 (A command injection vulnerability was identified in SMM/SMM2 and FPC t ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2024-29219 (Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and ear ...) - TODO: check + NOT-FOR-US: KEYENCE KV STUDIO CVE-2024-29218 (Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and ea ...) - TODO: check + NOT-FOR-US: KEYENCE KV STUDIO CVE-2024-28957 (Generation of predictable identifiers issue exists in Cente middleware ...) - TODO: check + NOT-FOR-US: Cente CVE-2024-28894 (Out-of-bounds read vulnerability caused by improper checking of the op ...) - TODO: check + NOT-FOR-US: Cente CVE-2024-28558 (SQL Injection vulnerability in sourcecodester Petrol pump management s ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2024-28557 (SQL Injection vulnerability in Sourcecodester php task management syst ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2024-28556 (SQL Injection vulnerability in Sourcecodester php task management syst ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2024-28099 (VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search p ...) - TODO: check + NOT-FOR-US: VT Studio CVE-2024-28056 (Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role ...) - TODO: check + NOT-FOR-US: Amazon AWS Amplify CLI CVE-2024-26023 (OS command injection vulnerability in BUFFALO wireless LAN routers all ...) - TODO: check + NOT-FOR-US: BUFFALO CVE-2024-24898 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) TODO: check CVE-2024-24891 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) TODO: check CVE-2024-24487 (An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows ...) - TODO: check + NOT-FOR-US: silex CVE-2024-24486 (An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows ...) - TODO: check + NOT-FOR-US: silex CVE-2024-24485 (An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows ...) - TODO: check + NOT-FOR-US: silex CVE-2024-23911 (Out-of-bounds read vulnerability caused by improper checking of the op ...) - TODO: check + NOT-FOR-US: Cente CVE-2024-23594 (A buffer overflow vulnerability was reported in a system recovery boo ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2024-23593 (A vulnerability was reported in a system recovery bootloader that was ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2024-23560 (HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revoc ...) - TODO: check + NOT-FOR-US: HCL CVE-2024-23559 (HCL DevOps Deploy / Launch is generating an obsolete HTTP header.) - TODO: check + NOT-FOR-US: HCL CVE-2024-23486 (Plaintext storage of a password issue exists in BUFFALO wireless LAN r ...) - TODO: check + NOT-FOR-US: BUFFALO CVE-2024-22439 (A potential security vulnerability has been identified in HPE FlexFabr ...) - TODO: check + NOT-FOR-US: HPE CVE-2024-22438 (A potential security vulnerability has been identified in Hewlett Pack ...) - TODO: check + NOT-FOR-US: HPE CVE-2024-22437 (A potential security vulnerability has been identified in VSS Provider ...) - TODO: check + NOT-FOR-US: HPE CVE-2024-22435 (A potential security vulnerability has been identified in Web ViewPoin ...) - TODO: check + NOT-FOR-US: HPE CVE-2024-22014 (An issue discovered in 360 Total Security Antivirus through 11.0.0.106 ...) - TODO: check + NOT-FOR-US: 360 Total Security Antivirus CVE-2023-4857 (An authentication bypass vulnerability was identified in SMM/SMM2 and ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2023-4856 (A format string vulnerability was identified in SMM/SMM2 and FPC that ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2023-4855 (A command injection vulnerability was identified in
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 303fe9d9 by Moritz Muehlenhoff at 2024-04-15T09:20:25+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-3508 + NOT-FOR-US: Bombastic's use of bzip2 CVE-2024-3651 [potential DoS via resource consumption via specially crafted inputs to idna.encode()] - python-idna NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274779 @@ -398,7 +400,7 @@ CVE-2024-30272 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an CVE-2024-30271 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...) NOT-FOR-US: Adobe CVE-2024-29454 (An issue discovered in packages or nodes in ROS2 Humble Hawksbill with ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-25852 (Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution v ...) NOT-FOR-US: Linksys CVE-2024-22722 (Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/303fe9d99d81d71444304d7afb4ed417aad64438 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/303fe9d99d81d71444304d7afb4ed417aad64438 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs from Red Hat
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4e39482e by Moritz Muehlenhoff at 2024-04-12T11:34:53+02:00 NFUs from Red Hat - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2024-3625 + NOT-FOR-US: mirror-registry for Quay +CVE-2024-3624 + NOT-FOR-US: mirror-registry for Quay +CVE-2024-3623 + NOT-FOR-US: mirror-registry for Quay +CVE-2024-3622 + NOT-FOR-US: mirror-registry for Quay CVE-2024-3400 (A command injection vulnerability in the GlobalProtect feature of Palo ...) TODO: check CVE-2024-30850 (An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to exe ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e39482ece86c8e7cb723b7530606969b75bdd26 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e39482ece86c8e7cb723b7530606969b75bdd26 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 609f5e65 by Moritz Muehlenhoff at 2024-04-11T16:42:45+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -50,7 +50,7 @@ CVE-2024-30916 (An issue was discovered in eProsima FastDDS v.2.14.0 and before, [bullseye] - fastdds (Minor issue) NOTE: https://github.com/eProsima/Fast-DDS/issues/4609 CVE-2024-30915 (An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de ...) - TODO: check + NOT-FOR-US: OpenDDS CVE-2024-30885 (Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, a ...) NOT-FOR-US: HadSky CVE-2024-30884 (Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version ...) @@ -304,9 +304,9 @@ CVE-2024-23735 (Cross Site Scripting (XSS) vulnerability in in the S/MIME certif CVE-2024-23734 (Cross Site Request Forgery vulnerability in in the upload functionalit ...) NOT-FOR-US: savignano S/Notify CVE-2024-23083 (Time4J Base v5.9.3 was discovered to contain a NullPointerException vi ...) - TODO: check + NOT-FOR-US: Time4J Base CVE-2024-23080 (Joda Time v2.12.5 was discovered to contain a NullPointerException via ...) - TODO: check + NOT-FOR-US: Joda Time CVE-2024-23077 (JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBo ...) - libjfreechart-java CVE-2024-23076 (FreeChart v1.5.4 was discovered to contain a NullPointerException via ...) @@ -338,19 +338,19 @@ CVE-2024-1740 (In lunary-ai/lunary version 1.0.1, a vulnerability exists where a CVE-2024-1728 (gradio-app/gradio is vulnerable to a local file inclusion vulnerabilit ...) NOT-FOR-US: Gradio CVE-2024-1643 (By knowing an organization's ID, an attacker can join the organization ...) - TODO: check + NOT-FOR-US: lunary-ai/lunary CVE-2024-1625 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...) - TODO: check + NOT-FOR-US: lunary-ai/lunary CVE-2024-1602 (parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XS ...) - TODO: check + NOT-FOR-US: parisneo/lollms-webui CVE-2024-1600 (A Local File Inclusion (LFI) vulnerability exists in the parisneo/loll ...) - TODO: check + NOT-FOR-US: parisneo/lollms-webui CVE-2024-1599 (lunary-ai/lunary version 0.3.0 is vulnerable to unauthorized project c ...) NOT-FOR-US: lunary-ai/lunary CVE-2024-1520 (An OS Command Injection vulnerability exists in the '/open_code_folder ...) - TODO: check + NOT-FOR-US: parisneo/lollms-webui CVE-2024-1511 (The parisneo/lollms-webui repository is susceptible to a path traversa ...) - TODO: check + NOT-FOR-US: parisneo/lollms-webui CVE-2024-0218 (A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, c ...) NOT-FOR-US: Nozomi Networks Guardian CVE-2023-6916 (Audit records for OpenAPI requests may include sensitive information. ...) @@ -1532,7 +1532,7 @@ CVE-2024-23584 (The NMAP Importer service may expose data store credentials to a CVE-2024-23084 (Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsExce ...) - libapfloat-java CVE-2024-23081 (ThreeTen Backport v1.6.8 was discovered to contain a NullPointerExcept ...) - TODO: check + NOT-FOR-US: ThreeTen Backport CVE-2024-23079 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...) - jgrapht CVE-2024-22949 (JFreeChart v1.5.4 was discovered to contain a NullPointerException via ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/609f5e65ca7929de8337764f58d4a44ce3cf7b8f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/609f5e65ca7929de8337764f58d4a44ce3cf7b8f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f8f5eb9 by Moritz Muehlenhoff at 2024-04-11T13:38:21+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22,15 +22,15 @@ CVE-2024-3612 (A vulnerability was found in SourceCodester Warehouse Management CVE-2024-3285 (The Slider, Gallery, and Carousel by MetaSlider \u2013 Responsive Word ...) NOT-FOR-US: WordPress plugin CVE-2024-32001 (SpiceDB is a graph database purpose-built for storing and evaluating a ...) - TODO: check + NOT-FOR-US: SpiceDB CVE-2024-31999 (@festify/secure-session creates a secure stateless cookie session for ...) - TODO: check + NOT-FOR-US: @festify/secure-session CVE-2024-31997 (XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, ...) NOT-FOR-US: XWiki CVE-2024-31996 (XWiki Platform is a generic wiki platform. Starting in version 3.0.1 a ...) NOT-FOR-US: XWiki CVE-2024-31995 (`@digitalbazaar/zcap` provides JavaScript reference implementation for ...) - TODO: check + NOT-FOR-US: @digitalbazaar/zcap CVE-2024-31988 (XWiki Platform is a generic wiki platform. Starting in version 13.9-rc ...) NOT-FOR-US: XWiki CVE-2024-31987 (XWiki Platform is a generic wiki platform. Starting in version 6.4-mil ...) @@ -46,73 +46,73 @@ CVE-2024-30916 (An issue was discovered in eProsima FastDDS v.2.14.0 and before, CVE-2024-30915 (An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de ...) TODO: check CVE-2024-30885 (Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, a ...) - TODO: check + NOT-FOR-US: HadSky CVE-2024-30884 (Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version ...) - TODO: check + NOT-FOR-US: Discuz! CVE-2024-30883 (Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6. ...) - TODO: check + NOT-FOR-US: RageFrame2 CVE-2024-30880 (Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6. ...) - TODO: check + NOT-FOR-US: RageFrame2 CVE-2024-30879 (Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6. ...) - TODO: check + NOT-FOR-US: RageFrame2 CVE-2024-30878 (A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allo ...) - TODO: check + NOT-FOR-US: RageFrame2 CVE-2024-30728 (An issue was discovered in the default configurations of ROS (Robot Op ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-2966 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29903 (Cosign provides code signing and transparency for containers and binar ...) - TODO: check + NOT-FOR-US: Cosign CVE-2024-29902 (Cosign provides code signing and transparency for containers and binar ...) - TODO: check + NOT-FOR-US: Cosign CVE-2024-29504 (Cross Site Scripting vulnerability in Summernote v.0.8.18 and before a ...) - TODO: check + NOT-FOR-US: Summernote CVE-2024-29460 (An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate th ...) - TODO: check + NOT-FOR-US: PX4 Autopilot CVE-2024-29455 (An arbitrary file upload vulnerability has been discovered in ROS2 Hum ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29452 (An insecure deserialization vulnerability has been identified in ROS2 ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29450 (An issue has been discovered in the permission and access control comp ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29449 (An issue was discovered in ROS2 Humble Hawksbill in ROS_VERSION 2 and ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29448 (A buffer overflow vulnerability has been discovered in the C++ compone ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29447 (An issue was discovered in the default configurations of ROS2 Humble H ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29445 (An issue was discovered in ROS2 (Robot Operating System 2) Humble Hawk ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29444 (An OS command injection vulnerability has been discovered in ROS2 (Rob ...) -
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 79711349 by Moritz Muehlenhoff at 2024-04-10T16:03:25+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -134,9 +134,9 @@ CVE-2024-22450 (Dell Alienware Command Center, versions prior to 6.2.7.0, contai CVE-2024-22448 (Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authe ...) NOT-FOR-US: Dell CVE-2024-21509 (Versions of the package mysql2 before 3.9.4 are vulnerable to Prototyp ...) - TODO: check + NOT-FOR-US: Node mysql2 CVE-2024-21507 (Versions of the package mysql2 before 3.9.3 are vulnerable to Improper ...) - TODO: check + NOT-FOR-US: Node mysql2 CVE-2024-1780 (The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-1042 (The WP Radio \u2013 Worldwide Online Radio Stations Directory for Word ...) @@ -234,13 +234,13 @@ CVE-2024-31368 (Missing Authorization vulnerability in PenciDesign Soledad.This CVE-2024-31367 (Missing Authorization vulnerability in PenciDesign Soledad.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-30706 (An issue was discovered in ROS2 Dashing Diademata versions ROS_VERSION ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30704 (An insecure deserialization vulnerability has been identified in ROS2 ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30703 (An arbitrary file upload vulnerability has been discovered in ROS2 (Ro ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30702 (An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 a ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30262 (Contao is an open source content management system. Prior to version 4 ...) NOT-FOR-US: Contao CMS CVE-2024-30191 (A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1 ...) @@ -926,43 +926,43 @@ CVE-2024-31047 (An issue in Academy Software Foundation openexr v.3.2.3 and befo NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1681 NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/7aa89e1d09b09d9f5dbb96976ee083a331ab9d71 CVE-2024-30701 (An insecure logging vulnerability in ROS2 Galactic Geochelone ROS_VERS ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30699 (A buffer overflow vulnerability has been discovered in the C++ compone ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30697 (An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 a ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30696 (OS command injection vulnerability in ROS2 Galactic Geochelone in ROS_ ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30695 (An issue was discovered in the default configurations of ROS2 Galactic ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30694 (A shell injection vulnerability was discovered in ROS2 (Robot Operatin ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30692 (A issue was discovered in ROS2 Galactic Geochelone versions ROS_VERSIO ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30691 (An issue was discovered in ROS2 Galactic Geochelone in version ROS_VER ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30690 (An unauthorized node injection vulnerability has been identified in RO ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30688 (An arbitrary file upload vulnerability has been discovered in ROS2 Iro ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30687 (An insecure deserialization vulnerability has been identified in ROS2 ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30686 (An issue was discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ...) - TODO:
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 610e323d by Moritz Muehlenhoff at 2024-04-10T15:48:31+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -62,51 +62,51 @@ CVE-2024-3120 (A stack-buffer overflow vulnerability exists in all versions of s CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of sngrep since ...) TODO: check CVE-2024-3020 (The plugin is vulnerable to PHP Object Injection in versions up to and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30737 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30736 (An insecure deserialization vulnerability has been identified in ROS K ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30735 (An arbitrary file upload vulnerability has been discovered in ROS Kine ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30733 (A buffer overflow vulnerability has been discovered in the C++ compone ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30730 (An insecure logging vulnerability has been identified within ROS Kinet ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30729 (An OS command injection vulnerability has been discovered in ROS Kinet ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30727 (An issue was discovered in ROS Kinetic Kame in Kinetic Kame ROS_VERSIO ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30726 (A shell injection vulnerability was discovered in ROS (Robot Operating ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30724 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30723 (An unauthorized node injection vulnerability has been identified in RO ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30722 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30721 (An arbitrary file upload vulnerability has been discovered in ROS2 Das ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30719 (An insecure deserialization vulnerability has been identified in ROS2 ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30718 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION=2 and ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30716 (An insecure logging vulnerability in ROS2 Dashing Diademata ROS_VERSIO ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30715 (A buffer overflow vulnerability has been discovered in the C++ compone ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30713 (An OS command injection vulnerability has been discovered in ROS2 Dash ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30712 (A shell injection vulnerability was discovered in ROS2 (Robot Operatin ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30711 (An issue was discovered in the default configurations of ROS2 Dashing ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30710 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30708 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either
[Git][security-tracker-team/security-tracker][master] NFUs from Red Hat
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 604d35a9 by Moritz Muehlenhoff at 2024-04-10T14:11:31+02:00 NFUs from Red Hat - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-2905 + NOT-FOR-US: rpm-ostree +CVE-2024-2243 + NOT-FOR-US: csmock CVE-2024-3556 REJECTED CVE-2024-3542 (A vulnerability classified as problematic was found in Campcodes Churc ...) @@ -137,7 +141,7 @@ CVE-2024-0159 (Dell Alienware Command Center, versions 5.5.52.0 and prior, conta CVE-2023-6385 (The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does ...) NOT-FOR-US: WordPress plugin CVE-2023-6236 (A flaw was found in JBoss EAP. When an OIDC app that serves multiple t ...) - TODO: check + NOT-FOR-US: JBoss EAP CVE-2023-50347 (HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnera ...) NOT-FOR-US: HCL CVE-2023-40148 (Server-side request forgery (SSRF) in PingFederate allows unauthentica ...) @@ -702,7 +706,7 @@ CVE-2024-21447 (Windows Authentication Elevation of Privilege Vulnerability) CVE-2024-21424 (Azure Compute Gallery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21409 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...) - NOT-FOR-US: Microsoft + NOT-FOR-US: Microsoft .NET CVE-2024-21324 (Microsoft Defender for IoT Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21323 (Microsoft Defender for IoT Remote Code Execution Vulnerability) @@ -993,7 +997,7 @@ CVE-2024-22949 (JFreeChart v1.5.4 was discovered to contain a NullPointerExcepti CVE-2024-1664 (The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2024-1233 (A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, wher ...) - TODO: check + NOT-FOR-US: JBoss EAP CVE-2024-0083 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where a ...) NOT-FOR-US: NVIDIA ChatRTX CVE-2024-0082 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/604d35a9213ce2c8c2243a91182f6841b6a09fd6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/604d35a9213ce2c8c2243a91182f6841b6a09fd6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1951277c by Moritz Muehlenhoff at 2024-04-10T10:30:57+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,53 +1,53 @@ CVE-2024-3556 REJECTED CVE-2024-3542 (A vulnerability classified as problematic was found in Campcodes Churc ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3541 (A vulnerability classified as problematic has been found in Campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3540 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3539 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3538 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3537 (A vulnerability was found in Campcodes Church Management System 1.0 an ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3536 (A vulnerability has been found in Campcodes Church Management System 1 ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3535 (A vulnerability, which was classified as critical, was found in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3534 (A vulnerability, which was classified as critical, has been found in C ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3533 (A vulnerability classified as problematic was found in Campcodes Compl ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3532 (A vulnerability classified as problematic has been found in Campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3531 (A vulnerability was found in Campcodes Complete Online Student Managem ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3530 (A vulnerability was found in Campcodes Complete Online Student Managem ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3529 (A vulnerability was found in Campcodes Complete Online Student Managem ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3528 (A vulnerability was found in Campcodes Complete Online Student Managem ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3526 (A vulnerability has been found in Campcodes Online Event Management Sy ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3525 (A vulnerability, which was classified as problematic, was found in Cam ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3524 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3523 (A vulnerability classified as critical was found in Campcodes Online E ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3522 (A vulnerability classified as critical has been found in Campcodes Onl ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3521 (A vulnerability was found in Byzoro Smart S80 Management Platform up t ...) - TODO: check + NOT-FOR-US: Byzoro CVE-2024-3313 (SUBNET Solutions Inc. has identified vulnerabilities in third-party c ...) - TODO: check + NOT-FOR-US: PowerSYSTEM Server CVE-2024-3235 (The Essential Grid Gallery WordPress Plugin plugin for WordPress is vu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3210 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3120 (A stack-buffer overflow vulnerability exists in all versions of sngrep ...) TODO: check CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of sngrep since ...) @@ -99,49 +99,49 @@ CVE-2024-30708 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION CVE-2024-30707 (Unauthorized node injection vulnerability in ROS2 Dashing Diademata in ...) TODO: check CVE-2024-2736 (The Bold Page Builder plugin for WordPress is vulnerable to
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1fe4375b by Moritz Muehlenhoff at 2024-04-08T14:49:28+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,7 @@ CVE-2024-3437 (A vulnerability was found in SourceCodester Prison Management Sys CVE-2024-3436 (A vulnerability was found in SourceCodester Prison Management System 1 ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2024-3434 (A vulnerability classified as critical was found in CP Plus Wi-Fi Came ...) - TODO: check + NOT-FOR-US: CP Plus Wi-Fi Camera CVE-2024-3433 (A vulnerability classified as problematic has been found in PuneethRed ...) NOT-FOR-US: PuneethReddyHC Event Management CVE-2024-3432 (A vulnerability was found in PuneethReddyHC Event Management 1.0. It h ...) @@ -23,27 +23,27 @@ CVE-2024-31948 (In FRRouting (FRR) through 9.1, an attacker using a malformed Pr CVE-2024-31022 (An issue was discovered in CandyCMS version 1.0.0, allows remote attac ...) NOT-FOR-US: CandyCMS CVE-2024-30675 (Unauthorized node injection vulnerability in ROS2 Iron Irwini in ROS_V ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30674 (Unauthorized access vulnerability in ROS2 Iron Irwini in ROS_VERSION i ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30672 (Arbitrary file upload vulnerability in ROS (Robot Operating System) Me ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30667 (Insecure deserialization vulnerability in ROS (Robot Operating System) ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30666 (A buffer overflow vulnerability has been discovered in the C++ compone ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30665 (An OS command injection vulnerability has been discovered in ROS (Robo ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30663 (An issue was discovered in the default configurations of ROS (Robot Op ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30662 (An issue was discovered in ROS (Robot Operating System) Melodic Moreni ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30661 (An unauthorized access vulnerability has been discovered in ROS Melodi ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30659 (Shell Injection vulnerability in ROS (Robot Operating System) Melodic ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-28744 (The password is empty in the initial configuration of ACERA 9010-08 fi ...) - TODO: check + NOT-FOR-US: ACERA CVE-2024-27488 (Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 thro ...) NOT-FOR-US: ZLMediaKit CVE-2024-23658 (In camera driver, there is a possible use after free due to a logic er ...) @@ -189,7 +189,7 @@ CVE-2023-52713 (Vulnerability of improper permission control in the window manag CVE-2023-52382 (Vulnerability of improper control over foreground service notification ...) NOT-FOR-US: Huawei CVE-2021-4438 (A vulnerability, which was classified as critical, has been found in k ...) - TODO: check + NOT-FOR-US: react-native-sms-user-consent CVE-2024-3417 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3416 (A vulnerability classified as critical was found in SourceCodester Onl ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fe4375b445b033ded11185882d7f2336299db3f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fe4375b445b033ded11185882d7f2336299db3f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: e2b6b534 by Moritz Muehlenhoff at 2024-04-05T15:07:19+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-24746 + NOT-FOR-US: Apache NimBLE CVE-2024-3321 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester eLearning System CVE-2024-3320 (A vulnerability was found in SourceCodester eLearning System 1.0. It h ...) @@ -75344,7 +75346,7 @@ CVE-2023-25701 CVE-2023-25700 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-25699 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25698 (Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shopp ...) NOT-FOR-US: WordPress plugin CVE-2023-25697 @@ -76981,9 +76983,9 @@ CVE-2023-25202 CVE-2023-25201 (Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit A ...) NOT-FOR-US: MultiTech Conduit AP MTCAP2-L4E1 CVE-2023-25200 (An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 ...) - TODO: check + NOT-FOR-US: MT Safeline X-Ray CVE-2023-25199 (A reflected cross-site scripting (XSS) vulnerability exists in the MT ...) - TODO: check + NOT-FOR-US: MT Safeline X-Ray CVE-2023-0687 (A vulnerability was found in GNU C Library 2.38. It has been declared ...) NOTE: Not considered a security issue NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29444 @@ -221082,7 +221084,7 @@ CVE-2021-27314 (SQL injection in admin.php in doctor appointment system 1.0 allo CVE-2021-27313 RESERVED CVE-2021-27312 (Server Side Request Forgery (SSRF) vulnerability in Gleez Cms 1.2.0, a ...) - TODO: check + NOT-FOR-US: Gleez Cms CVE-2021-27311 RESERVED CVE-2021-27310 (Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "langua ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2b6b5341d0aef09423ad75303b9bb2fd8c5f53c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2b6b5341d0aef09423ad75303b9bb2fd8c5f53c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 8c2f14b1 by Moritz Muehlenhoff at 2024-04-05T14:39:03+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -110,57 +110,57 @@ CVE-2024-2660 (Vault and Vault Enterprise TLS certificates auth method did not c CVE-2024-2103 (Inclusion of undocumented features vulnerability accessible when logge ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2024-29387 (projeqtor up to 11.2.0 was discovered to contain a remote code executi ...) - TODO: check + NOT-FOR-US: projeqtor CVE-2024-29386 (projeqtor up to 11.2.0 was discovered to contain a SQL injection vulne ...) - TODO: check + NOT-FOR-US: projeqtor CVE-2024-29193 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...) - TODO: check + NOT-FOR-US: gotortc CVE-2024-29192 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...) - TODO: check + NOT-FOR-US: gotortc CVE-2024-29191 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...) - TODO: check + NOT-FOR-US: gotortc CVE-2024-29182 (Collabora Online is a collaborative online office suite based on Libre ...) - TODO: check + NOT-FOR-US: Collabora Online CVE-2024-28871 (LibHTP is a security-aware parser for the HTTP protocol and the relate ...) TODO: check CVE-2024-28787 (IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application G ...) NOT-FOR-US: IBM CVE-2024-27575 (Directory Traversal vulnerability in INOTEC Sicherheitstechnik GmbH IN ...) - TODO: check + NOT-FOR-US: INOTEC CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is ...) NOT-FOR-US: IBM CVE-2024-25709 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) - TODO: check + NOT-FOR-US: Esri Portal CVE-2024-25708 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) - TODO: check + NOT-FOR-US: Esri Portal CVE-2024-25706 (There is an HTML injection vulnerability in Esri Portal for ArcGIS <=1 ...) - TODO: check + NOT-FOR-US: Esri Portal CVE-2024-25705 (There is a cross site scripting vulnerability in the Esri Portal for A ...) - TODO: check + NOT-FOR-US: Esri Portal CVE-2024-25704 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) - TODO: check + NOT-FOR-US: Esri Portal CVE-2024-25703 (There is a reflected cross site scripting vulnerability in the home ap ...) - TODO: check + NOT-FOR-US: Esri Portal CVE-2024-25700 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) - TODO: check + NOT-FOR-US: Esri Portal CVE-2024-25699 (There is a difficult to exploit improper authentication issue in the H ...) - TODO: check + NOT-FOR-US: Esri Portal CVE-2024-25698 (There is a reflected cross site scripting vulnerability in the home ap ...) - TODO: check + NOT-FOR-US: Esri Portal CVE-2024-25697 (There is a Cross-site Scripting vulnerabilityin Portal for ArcGIS in v ...) - TODO: check + NOT-FOR-US: Esri Portal CVE-2024-25696 (There is a Cross-site Scripting vulnerability in Portal for ArcGIS in ...) - TODO: check + NOT-FOR-US: Esri Portal CVE-2024-25695 (There is a Cross-site Scripting vulnerability in Portal for ArcGIS in ...) - TODO: check + NOT-FOR-US: Esri Portal CVE-2024-25693 (There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. ...) - TODO: check + NOT-FOR-US: Esri Portal CVE-2024-25692 (There is a cross-site-request forgery vulnerability in Esri Portal for ...) - TODO: check + NOT-FOR-US: Esri Portal CVE-2024-25690 (There is an HTML injection vulnerability in Esri Portal for ArcGIS ver ...) - TODO: check + NOT-FOR-US: Esri Portal CVE-2024-25007 (Ericsson Network Manager (ENM), versions prior to 23.1, contains a vul ...) - TODO: check + NOT-FOR-US: Ericsson Network Manager CVE-2024-22189 (quic-go is an implementation of the QUIC protocol in Go. Prior to vers ...) - golang-github-lucas-clemente-quic-go 0.38.2-1 [bookworm] - golang-github-lucas-clemente-quic-go (Minor issue) @@ -169,21 +169,21 @@ CVE-2024-22189 (quic-go is an implementation of the QUIC protocol in Go. Prior t NOTE: https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c85ed47a (v0.42.0) NOTE: https://seemann.io/posts/2024-03-19-exploiting-quics-connection-id-management CVE-2024-22053 (A heap overflow vulnerability in IPSec component of Ivanti Connect Sec ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-22052 (A null pointer dereference
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: bc6c1ce0 by Moritz Muehlenhoff at 2024-04-05T13:52:22+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,7 +13,7 @@ CVE-2024-3311 (A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has be CVE-2024-3217 (The WP Directory Kit plugin for WordPress is vulnerable to SQL Injecti ...) NOT-FOR-US: WordPress plugin CVE-2024-31498 (ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge ...) - TODO: check + NOT-FOR-US: ykman-gui CVE-2024-31212 (InstantCMS is a free and open source content management system. A SQL ...) NOT-FOR-US: InstantCMS CVE-2024-31210 (WordPress is an open publishing platform for the Web. It's possible fo ...) @@ -22,43 +22,43 @@ CVE-2024-31210 (WordPress is an open publishing platform for the Web. It's possi NOTE: https://wordpress.org/news/2024/01/wordpress-6-4-3-maintenance-and-security-release/ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x79f-xrjv-jx5r CVE-2024-31206 (dectalk-tts is a Node package to interact with the aeiou Dectalk web A ...) - TODO: check + NOT-FOR-US: Node dectalk-tts CVE-2024-31204 (mailcow: dockerized is an open source groupware/email suite based on d ...) - TODO: check + NOT-FOR-US: mailcow CVE-2024-30891 (A command injection vulnerability exists in /goform/exeCommand in Tend ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30849 (Arbitrary file upload vulnerability in Sourcecodester Complete E-Comme ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2024-30270 (mailcow: dockerized is an open source groupware/email suite based on d ...) - TODO: check + NOT-FOR-US: mailcow CVE-2024-30264 (Typebot is an open-source chatbot builder. A reflected cross-site scri ...) - TODO: check + NOT-FOR-US: Typebot CVE-2024-2509 (The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2115 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29981 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-29863 (A race condition in the installer executable in Qlik Qlikview before v ...) - TODO: check + NOT-FOR-US: Qlikview CVE-2024-29672 (Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 al ...) - TODO: check + NOT-FOR-US: zly2006 Reden CVE-2024-29049 (Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-27981 (A Command Injection vulnerability found in a Self-Hosted UniFi Network ...) - TODO: check + NOT-FOR-US: Unifi CVE-2024-27448 (MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Con ...) - TODO: check + NOT-FOR-US: MailDev 2 CVE-2024-26329 (Chilkat before v9.5.0.98, allows attackers to obtain sensitive informa ...) - TODO: check + NOT-FOR-US: Chilkat CVE-2024-22363 (SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expre ...) - TODO: check + NOT-FOR-US: SheetJS CVE-2024-21894 (A heap overflow vulnerability in IPSec component of Ivanti Connect Sec ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-5973 (Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 doe ...) - TODO: check + NOT-FOR-US: Brocade CVE-2023-52235 (SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish ...) - TODO: check + NOT-FOR-US: SpaceX CVE-2024-3299 (Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free ...) NOT-FOR-US: Solidworks CVE-2024-3298 (Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the fi ...) @@ -69,15 +69,15 @@ CVE-2024-3262 (Information exposure vulnerability in RT software affecting versi NOTE: https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a NOTE: https://github.com/bestpractical/rt/commit/468f86bd3e82c3b5b5ef7087d416a7509d4b1abe CVE-2024-3250 (It was discovered that Canonical's Pebble service manager read-file AP ...) - TODO: check + NOT-FOR-US: Canonical pebble CVE-2024-3116 (pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerabi ...) - pgadmin4 (bug #834129) CVE-2024-31215 (Mobile Security Framework (MobSF) is a security research platform for ...) NOT-FOR-US: Mobile Security Framework (MobSF) CVE-2024-31209 (oidcc is the OpenID Connect client library for Erlang. Denial of Servi ...) - TODO: check + NOT-FOR-US: oidcc
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b9cda3f by Moritz Muehlenhoff at 2024-04-04T13:27:04+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-30255 + - envoyproxy (bug #987544) CVE-2024-28182 - nghttp2 NOTE: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q @@ -851,9 +853,9 @@ CVE-2024-24506 (Cross Site Scripting (XSS) vulnerability in Lime Survey Communit CVE-2024-1327 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2023-35764 (Insufficient verification of data authenticity issue in Survey Maker p ...) - TODO: check + NOT-FOR-US: Survey Maker CVE-2023-34423 (Survey Maker prior to 3.6.4 contains a stored cross-site scripting vul ...) - TODO: check + NOT-FOR-US: Survey Maker CVE-2024-3159 {DSA-5654-1} - chromium 123.0.6312.105-1 @@ -898,13 +900,13 @@ CVE-2024-30531 (Server-Side Request Forgery (SSRF) vulnerability in Nelio Softwa CVE-2024-30335 (Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Di ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30248 (Piccolo Admin is an admin interface/content management system for Pyth ...) - TODO: check + NOT-FOR-US: Piccolo Admin CVE-2024-2931 (The WPFront User Role Editor plugin for WordPress is vulnerable to Sen ...) NOT-FOR-US: WordPress plugin CVE-2024-2745 (Rapid7's InsightVM maintenance mode login page suffers from a sensitiv ...) NOT-FOR-US: Rapid7 CVE-2024-2435 (For an attacker with pre-existing access to send a signal to a workflo ...) - TODO: check + NOT-FOR-US: Temporal ui-server CVE-2024-2389 (In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system c ...) NOT-FOR-US: Flowmon CVE-2024-29949 (There is a command injection vulnerability in some Hikvision NVRs. Thi ...) @@ -936,23 +938,23 @@ CVE-2024-1807 (The Product Sort and Display for WooCommerce plugin for WordPress CVE-2024-1732 (The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for ...) NOT-FOR-US: WordPress plugin CVE-2023-6951 (A Use of Weak Credentials vulnerability affecting the Wi-Fi network ge ...) - TODO: check + NOT-FOR-US: DJI CVE-2023-6950 (An Improper Input Validation vulnerability affecting the FTP service r ...) - TODO: check + NOT-FOR-US: DJI CVE-2023-6949 (A Missing Authentication for Critical Function issue affecting the HTT ...) - TODO: check + NOT-FOR-US: DJI CVE-2023-6948 (A Buffer Copy without Checking Size of Input issue affecting the v2_sd ...) - TODO: check + NOT-FOR-US: DJI CVE-2023-51456 (A Improper Input Validation issue affecting the v2_sdk_service running ...) - TODO: check + NOT-FOR-US: DJI CVE-2023-51455 (A Improper Validation of Array Index issue affecting the v2_sdk_servic ...) - TODO: check + NOT-FOR-US: DJI CVE-2023-51454 (A Out-of-bounds Write issue affecting the v2_sdk_service running on a ...) - TODO: check + NOT-FOR-US: DJI CVE-2023-51453 (A Improper Input Validation issue affecting the v2_sdk_service running ...) - TODO: check + NOT-FOR-US: DJI CVE-2023-51452 (A Improper Input Validation issue affecting the v2_sdk_service running ...) - TODO: check + NOT-FOR-US: DJI CVE-2023-50313 (IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than ...) NOT-FOR-US: IBM CVE-2024-3165 (System->Maintenance-> Log Files in dotCMS dashboard is providing the u ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b9cda3ff33c33839793849c4f3cade8187a1bb9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b9cda3ff33c33839793849c4f3cade8187a1bb9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 59f6d742 by Moritz Muehlenhoff at 2024-04-04T11:43:45+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2024-27919 + - envoyproxy (bug #987544) +CVE-2024-2700 + NOT-FOR-US: Quarkus +CVE-2024-1139 + NOT-FOR-US: Red Hat OpenShift Container Platform CVE-2024-3274 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Li ...) NOT-FOR-US: D-Link CVE-2024-3273 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59f6d742312249ccb1a48f7fdd9b67f65a67545d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59f6d742312249ccb1a48f7fdd9b67f65a67545d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: fd02ce70 by Moritz Muehlenhoff at 2024-04-04T11:36:04+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37,18 +37,18 @@ CVE-2024-29225 (WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earli CVE-2024-29167 (SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated ...) NOT-FOR-US: SEEnergy Corp SVR-116 CVE-2024-29008 (A problem has been identified in the CloudStack additional VM configur ...) - TODO: check + NOT-FOR-US: Apache CloudStack CVE-2024-29007 (The CloudStack management server and secondary storage VM could be tri ...) - TODO: check + NOT-FOR-US: Apache CloudStack CVE-2024-29006 (By default the CloudStack management server honours the x-forwarded-fo ...) - TODO: check + NOT-FOR-US: Apache CloudStack CVE-2024-28870 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) - suricata 1:7.0.4-1 NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-mhhx-xw7r-r5c8 NOTE: https://redmine.openinfosecfoundation.org/issues/6800 NOTE: https://redmine.openinfosecfoundation.org/issues/6801 CVE-2024-28520 (File Upload vulnerability in Byzoro Networks Smart multi-service secur ...) - TODO: check + NOT-FOR-US: Byzoro CVE-2024-27706 (Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows a ...) NOT-FOR-US: Huily Platform CVE-2024-27705 (Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers ...) @@ -58,7 +58,7 @@ CVE-2024-26258 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 and CVE-2024-25568 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlie ...) NOT-FOR-US: WRC-X3200GST3-B CVE-2024-25503 (Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17. ...) - TODO: check + NOT-FOR-US: Advanced REST Client CVE-2024-1418 (The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensiti ...) NOT-FOR-US: WordPress plugin CVE-2023-52043 (An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home M ...) @@ -100,13 +100,13 @@ CVE-2024-3179 (Concrete CMS version 9 before 9.2.8 and previous versions before CVE-2024-3178 (Concrete CMS versions 9 below 9.2.8 and versions below8.5.16 are vulne ...) NOT-FOR-US: Concrete CMS CVE-2024-31420 (A NULL pointer dereference flaw was found in KubeVirt. This flaw allow ...) - TODO: check + NOT-FOR-US: KubeVirt CVE-2024-31419 (An information disclosure flaw was found in OpenShift Virtualization. ...) NOT-FOR-US: Red Hat OpenShift Virtualization CVE-2024-31393 (Dragging Javascript URLs to the address bar could cause them to be loa ...) - TODO: check + - firefox (Only affects Firefox for iOS) CVE-2024-31392 (If an insecure element was added to a page after a delay, Firefox woul ...) - TODO: check + - firefox (Only affects Firefox for iOS) CVE-2024-31390 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2024-31380 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) @@ -154,9 +154,9 @@ CVE-2024-2758 (Tempesta FW rate limits are not enabled by default. They are eith CVE-2024-2753 (Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5 ...) NOT-FOR-US: Concrete CMS CVE-2024-2653 (amphp/http will collect CONTINUATION frames in an unbounded buffer and ...) - TODO: check + NOT-FOR-US: amphp/http CVE-2024-29477 (Lack of sanitization during Installation Process in Dolibarr ERP CRM u ...) - TODO: check + - dolibarr CVE-2024-28782 (IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pa ...) NOT-FOR-US: IBM CVE-2024-28275 (Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovere ...) @@ -252,7 +252,7 @@ CVE-2024-1180 (TP-Link Omada ER605 Access Control Command Injection Remote Code CVE-2024-0394 (Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege esca ...) NOT-FOR-US: Rapid7 Minerva Armor CVE-2024-0335 (ABB has internally identified a vulnerability in the ABB VPNI feature ...) - TODO: check + NOT-FOR-US: ABB CVE-2024-0172 (Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an imp ...) NOT-FOR-US: Dell CVE-2023-5755 @@ -260,17 +260,17 @@ CVE-2023-5755 CVE-2023-52296 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2023-45552 (In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulner ...) - TODO: check + NOT-FOR-US: VeridiumID CVE-2023-44040 (In VeridiumID before 3.5.0, the identity provider page is
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: bf6e6638 by Moritz Muehlenhoff at 2024-04-04T11:20:58+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15,27 +15,27 @@ CVE-2024-31025 (SQL Injection vulnerability in ECshop 4.x allows an attacker to CVE-2024-30265 (Collabora Online is a collaborative online office suite based on Libre ...) NOT-FOR-US: Collabora Online CVE-2024-2919 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2868 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) - TODO: check + NOT-FOR-US: WooCommerce plugin CVE-2024-2830 (The WordPress Tag and Category Manager \u2013 AI Autotagger plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2803 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2692 (SiYuan version 3.0.3 allows executing arbitrary commands on the server ...) - TODO: check + NOT-FOR-US: SiYuan CVE-2024-2689 (Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, ...) - TODO: check + NOT-FOR-US: Temporal Server CVE-2024-2008 (The Modal Popup Box \u2013 Popup Builder, Show Offers And News in Popu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29413 (Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote ...) - TODO: check + NOT-FOR-US: Webasyst CVE-2024-29375 (CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a re ...) - TODO: check + NOT-FOR-US: Addactis IBNRS CVE-2024-29225 (WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier all ...) - TODO: check + NOT-FOR-US: WRC-X3200GST3-B CVE-2024-29167 (SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated ...) - TODO: check + NOT-FOR-US: SEEnergy Corp SVR-116 CVE-2024-29008 (A problem has been identified in the CloudStack additional VM configur ...) TODO: check CVE-2024-29007 (The CloudStack management server and secondary storage VM could be tri ...) @@ -47,19 +47,19 @@ CVE-2024-28870 (Suricata is a network Intrusion Detection System, Intrusion Prev CVE-2024-28520 (File Upload vulnerability in Byzoro Networks Smart multi-service secur ...) TODO: check CVE-2024-27706 (Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows a ...) - TODO: check + NOT-FOR-US: Huily Platform CVE-2024-27705 (Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers ...) - TODO: check + NOT-FOR-US: Leantime CVE-2024-26258 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlie ...) - TODO: check + NOT-FOR-US: WRC-X3200GST3-B CVE-2024-25568 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlie ...) - TODO: check + NOT-FOR-US: WRC-X3200GST3-B CVE-2024-25503 (Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17. ...) TODO: check CVE-2024-1418 (The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensiti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52043 (An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home M ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-45288 - golang-1.22 1.22.2-1 - golang-1.21 1.21.9-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf6e663877dbc90d9ce789f88c4445e6906acb99 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf6e663877dbc90d9ce789f88c4445e6906acb99 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 2ef9641b by Moritz Muehlenhoff at 2024-04-02T13:04:03+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -409,7 +409,7 @@ CVE-2024-26653 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7c9631969287a5366bc8e39cd5abff154b35fb80 (6.9-rc2) CVE-2024-31033 (JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus ...) - TODO: check + NOT-FOR-US: Java JWT CVE-2024-2278 (Themify WordPress plugin before 1.4.4 does not sanitise and escape so ...) NOT-FOR-US: WordPress plugin CVE-2024-2263 (Themify WordPress plugin before 1.4.4 does not sanitise and escape a ...) @@ -927,7 +927,7 @@ CVE-2024-28960 (An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-03/ NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md CVE-2024-28867 (Swift Prometheus is a Swift client for the Prometheus monitoring syste ...) - TODO: check + NOT-FOR-US: swift-prometheus CVE-2024-28714 (SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 al ...) NOT-FOR-US: CRMEB_Java e-commerce system CVE-2024-28456 (Cross Site Scripting vulnerability in Campcodes Online Marriage Regist ...) @@ -1992,7 +1992,7 @@ CVE-2023-39306 (Improper Neutralization of Input During Web Page Generation ('Cr CVE-2023-38388 (Unrestricted Upload of File with Dangerous Type vulnerability in Artbe ...) NOT-FOR-US: WordPress plugin CVE-2023-31854 (std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed ...) - TODO: check + NOT-FOR-US: precomp CVE-2023-31634 (In TeslaMate before 1.27.2, there is unauthorized access to port 4000 ...) NOT-FOR-US: TeslaMate CVE-2017-20190 (Some Microsoft technologies as used in Windows 8 through 11 allow a te ...) @@ -2278,9 +2278,9 @@ CVE-2024-2303 (The Easy Textillate plugin for WordPress is vulnerable to Stored CVE-2024-2170 (The VK All in One Expansion Unit plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-29442 (An unauthorized access vulnerability has been discovered in ROS2 Humbl ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29440 (An unauthorized access vulnerability has been discovered in ROS2 Humbl ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29303 (The delete admin users function of SourceCodester PHP Task Management ...) NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-29302 (SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Inj ...) @@ -2365,7 +2365,7 @@ CVE-2024-2864 (Improper Neutralization of Input During Web Page Generation ('Cro CVE-2024-29666 (Insecure Permissions vulnerability in Vehicle Monitoring platform syst ...) NOT-FOR-US: Vehicle Monitoring platform system CMSV6 CVE-2024-29650 (An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker ...) - TODO: check + NOT-FOR-US: @thi.ng/paths CVE-2024-29515 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...) NOT-FOR-US: Lepton CMS CVE-2024-29025 (Netty is an asynchronous event-driven network application framework fo ...) @@ -2402,7 +2402,7 @@ CVE-2024-28243 (KaTeX is a JavaScript library for TeX math rendering on the web. NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w NOTE: https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34 (v0.16.10) CVE-2024-28183 (ESP-IDF is the development framework for Espressif SoCs supported on W ...) - TODO: check + NOT-FOR-US: Espressif CVE-2024-28108 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ CVE-2024-28107 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) @@ -2661,7 +2661,7 @@ CVE-2024-24890 (Improper Neutralization of Special Elements used in an OS Comman CVE-2024-21865 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of week creden ...) NOT-FOR-US: HGW BL1500HM CVE-2024-21505 (Versions of the package web3-utils before 4.2.1 are vulnerable to Prot ...) - TODO: check + NOT-FOR-US: Node web3 CVE-2024-1962 (The CM Download Manager WordPress plugin before 2.9.1 does not have C ...) NOT-FOR-US: WordPress plugin CVE-2024-1564 (The wp-schema-pro WordPress plugin before
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 31b3f5f9 by Moritz Muehlenhoff at 2024-04-02T11:09:43+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27,7 +27,7 @@ CVE-2024-3139 (A vulnerability, which was classified as critical, has been found CVE-2024-3138 (** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS ...) NOT-FOR-US: RosarioSISster CVE-2024-3137 (Improper Privilege Management in uvdesk/community-skeleton) - TODO: check + NOT-FOR-US: UVdesk CVE-2024-31005 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...) NOT-FOR-US: Bento4 CVE-2024-31004 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...) @@ -208,15 +208,15 @@ CVE-2024-25187 (Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0 CVE-2024-24581 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) NOT-FOR-US: OpenHarmony CVE-2024-23119 (Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulne ...) - TODO: check + - centreon-web (bug #913903) CVE-2024-23118 (Centreon updateContactHostCommands SQL Injection Remote Code Execution ...) - TODO: check + - centreon-web (bug #913903) CVE-2024-23117 (Centreon updateContactServiceCommands SQL Injection Remote Code Execut ...) - TODO: check + - centreon-web (bug #913903) CVE-2024-23116 (Centreon updateLCARelation SQL Injection Remote Code Execution Vulnera ...) - TODO: check + - centreon-web (bug #913903) CVE-2024-23115 (Centreon updateGroups SQL Injection Remote Code Execution Vulnerabilit ...) - TODO: check + - centreon-web (bug #913903) CVE-2024-22180 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2024-22177 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause ...) @@ -264,7 +264,7 @@ CVE-2024-1274 (The My Calendar WordPress plugin before 3.4.24 does not sanitise CVE-2024-1179 (TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow ...) NOT-FOR-US: TP-Link CVE-2024-0637 (Centreon updateDirectory SQL Injection Remote Code Execution Vulnerabi ...) - TODO: check + - centreon-web (bug #913903) CVE-2023-52636 (In the Linux kernel, the following vulnerability has been resolved: l ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) @@ -293,18 +293,18 @@ CVE-2023-52630 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2a427b49d02995ea4a6ff93a1432c40fa4d36821 (6.8-rc4) CVE-2023-51573 (Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous ...) - TODO: check + NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2023-51572 (Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remo ...) - TODO: check + NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2023-51571 (Voltronic Power ViewPower Pro SocketService Missing Authentication Den ...) - TODO: check + NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2023-51570 (Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote ...) - TODO: check + NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2024-28219 - pillow NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security CVE-2024-3135 (The web server lacked CSRF tokens allowing an attacker to host malicio ...) - TODO: check + NOT-FOR-US: LocalAI CVE-2024-3131 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3130 (Hard-coded Credentialsin CoolKit eWeLlink app are before 5.4.x on Andr ...) @@ -348,51 +348,51 @@ CVE-2024-30859 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/c CVE-2024-30858 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fi ...) NOT-FOR-US: netentsec NS-ASG CVE-2024-29435 (An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary ...) - TODO: check + NOT-FOR-US: Alldata CVE-2024-29433 (A deserialization vulnerability in the FASTJSON component of Alldata v ...) - TODO: check + NOT-FOR-US: Alldata CVE-2024-28232 (Go package IceWhaleTech/CasaOS-UserService provides user management fu ...) NOT-FOR-US: IceWhaleTech/CasaOS-UserService CVE-2024-25574 (SQL injection vulnerability exists in GetDIAE_usListParameters.) - TODO: check + NOT-FOR-US: Delta Electronics CVE-2024-25080 (WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attac ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c619b2d0 by Moritz Muehlenhoff at 2024-04-02T10:39:37+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,85 +1,85 @@ CVE-2024-3165 (System->Maintenance-> Log Files in dotCMS dashboard is providing the u ...) - TODO: check + NOT-FOR-US: dotCMS CVE-2024-3164 (In dotCMS dashboard, the Tools and Log Files tabs under System \u2192 ...) - TODO: check + NOT-FOR-US: dotCMS CVE-2024-3160 (** DISPUTED ** A vulnerability, which was classified as problematic, w ...) - TODO: check + NOT-FOR-US: IntelBras CVE-2024-3148 (A vulnerability, which was classified as critical, has been found in D ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3147 (A vulnerability classified as problematic was found in DedeCMS 5.7. Th ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3146 (A vulnerability classified as problematic has been found in DedeCMS 5. ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3145 (A vulnerability was found in DedeCMS 5.7. It has been rated as problem ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3144 (A vulnerability was found in DedeCMS 5.7. It has been declared as prob ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3143 (A vulnerability was found in DedeCMS 5.7. It has been classified as pr ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3142 (A vulnerability was found in Clavister E10 and E80 up to 20240323 and ...) - TODO: check + NOT-FOR-US: Clavister CVE-2024-3141 (A vulnerability has been found in Clavister E10 and E80 up to 20240323 ...) - TODO: check + NOT-FOR-US: Clavister CVE-2024-3140 (A vulnerability, which was classified as problematic, was found in Sou ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-3139 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-3138 (** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS ...) - TODO: check + NOT-FOR-US: RosarioSISster CVE-2024-3137 (Improper Privilege Management in uvdesk/community-skeleton) TODO: check CVE-2024-31005 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2024-31004 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2024-31003 (Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a rem ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2024-31002 (Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a rem ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2024-2925 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2924 (The Creative Addons for Elementor plugin for WordPress is vulnerable t ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2839 (The Colibri Page Builder plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2791 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2369 (The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29276 (An issue was discovered in seeyonOA version 8, allows remote attackers ...) - TODO: check + NOT-FOR-US: seeyonOA CVE-2024-29086 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause ...) - TODO: check + NOT-FOR-US: OpenHarmony CVE-2024-29074 (in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitr ...) - TODO: check + NOT-FOR-US: OpenHarmony CVE-2024-28951 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) - TODO: check + NOT-FOR-US: OpenHarmony CVE-2024-28226 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause ...) - TODO: check + NOT-FOR-US: OpenHarmony CVE-2024-27334 (Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclo ...) - TODO: check + NOT-FOR-US: KOfax Power PDF CVE-2024-27333 (Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclo ...) - TODO: check + NOT-FOR-US: KOfax Power PDF CVE-2024-27332 (PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Dis ...) - TODO: check + NOT-FOR-US: PDF-XChange Editor CVE-2024-27331 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a53e54f by Moritz Muehlenhoff at 2024-03-22T12:26:17+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71,9 +71,9 @@ CVE-2024-29272 (Arbitrary File Upload vulnerability in VvvebJs before version 1. CVE-2024-29271 (Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before v ...) NOT-FOR-US: VvvebJs CVE-2024-29031 (Meshery is an open source, cloud native manager that enables the desig ...) - TODO: check + NOT-FOR-US: Meshery CVE-2024-28891 (SQL injection vulnerability exists in the script Handler_CFG.ashx.) - TODO: check + NOT-FOR-US: Delta Electronics CVE-2024-28863 (node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no ...) - node-tar NOTE: https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 @@ -103,13 +103,13 @@ CVE-2024-28029 (Privileges are not fully verified server-side, which can be abus CVE-2024-27921 (Grav is an open-source, flat-file content management system. A file up ...) NOT-FOR-US: Grav CMS CVE-2024-26557 (Codiad v2.8.4 allows reflected XSS via the components/market/dialog.ph ...) - TODO: check + NOT-FOR-US: Codiad CVE-2024-25937 (SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.) - TODO: check + NOT-FOR-US: Delta Electronics CVE-2024-25808 (Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1. ...) - TODO: check + NOT-FOR-US: Lychee CVE-2024-25807 (Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remot ...) - TODO: check + NOT-FOR-US: Lychee CVE-2024-25567 (Path traversal attack is possible and write outside of the intended di ...) NOT-FOR-US: Delta Electronics CVE-2024-24272 (An issue in iTop DualSafe Password Manager & Digital Vault before 1.4. ...) @@ -121,7 +121,7 @@ CVE-2024-23494 (SQL injection vulnerability exists in GetDIAE_unListParameters.) CVE-2024-0957 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...) NOT-FOR-US: WordPress plugin CVE-2023-42954 (A privilege escalation issue existed in FileMaker Server, potentially ...) - TODO: check + NOT-FOR-US: Claris FileMaker Server CVE-2024-2742 (Operating system command injection vulnerability in Planet IGS-4215-16 ...) NOT-FOR-US: Planet IGS-4215-16T2S CVE-2024-2741 (Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a53e54f87fcc34c6e13e4f1ef790217750062fb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a53e54f87fcc34c6e13e4f1ef790217750062fb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 66944a1d by Moritz Muehlenhoff at 2024-03-22T09:03:11+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22,7 +22,7 @@ CVE-2024-2464 (This issue occurs during password recovery, where a difference in CVE-2024-2463 (Weak password recovery mechanism in CDeX application allows to retriev ...) NOT-FOR-US: CDeX CVE-2024-29937 (NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and Free ...) - TODO: check + NOT-FOR-US: OpenBSD/FreeBSD CVE-2024-29916 (The dormakaba Saflok system before the November 2023 software update a ...) NOT-FOR-US: dormakaba Saflok system CVE-2024-29880 (In JetBrains TeamCity before 2023.11 users with access to the agent ma ...) @@ -54,11 +54,11 @@ CVE-2024-29732 (A SQL Injection has been found on SCAN_VISIO eDocument Suite Web CVE-2024-29374 (A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3. ...) - moodle CVE-2024-29244 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discover ...) - TODO: check + NOT-FOR-US: Shenzhen Libituo Technology CVE-2024-29243 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discover ...) - TODO: check + NOT-FOR-US: Shenzhen Libituo Technology CVE-2024-29180 (Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware ...) - TODO: check + NOT-FOR-US: Node webpack-dev-middleware CVE-2024-29019 (ESPHome is a system to control microcontrollers remotely through Home ...) NOT-FOR-US: ESPHome CVE-2024-28402 (TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-s ...) @@ -366,7 +366,7 @@ CVE-2023-41038 (Firebird is a relational database. Versions 4.0.0 through 4.0.3 CVE-2023-35888 (IBM Security Verify Governance 10.0.2 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2022-4963 (A vulnerability was found in Folio Spring Module Core up to 1.1.5. It ...) - TODO: check + NOT-FOR-US: Folio Spring Module Core CVE-2024-2631 (Inappropriate implementation in iOS in Google Chrome prior to 123.0.63 ...) - chromium [bullseye] - chromium (see #1061268) @@ -543,7 +543,7 @@ CVE-2024-28092 (UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allo CVE-2024-24336 (A multiple Cross-site scripting (XSS) vulnerability in the '/members/m ...) NOT-FOR-US: Koha Library Management System CVE-2024-22258 (Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2 ...) - TODO: check + NOT-FOR-US: Spring Authorization Server CVE-2024-22085 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-22084 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66944a1daad677387de022dbfcffdc5cee3e789d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66944a1daad677387de022dbfcffdc5cee3e789d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0147ef6f by Moritz Muehlenhoff at 2024-03-21T20:15:22+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -455,9 +455,9 @@ CVE-2024-2545 CVE-2024-2442 (Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path ...) NOT-FOR-US: Franklin Fueling System CVE-2024-2307 (A flaw was found in osbuild-composer. A condition can be triggered tha ...) - TODO: check + NOT-FOR-US: osbuild-composer CVE-2024-2169 (Implementations of UDP application protocol are vulnerable to network ...) - TODO: check + NOT-FOR-US: Various UDP implementations CVE-2024-29143 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29142 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -1705,7 +1705,7 @@ CVE-2024-1796 (The HUSKY \u2013 Products Filter for WooCommerce Professional plu CVE-2024-1795 (The HUSKY \u2013 Products Filter for WooCommerce Professional plugin f ...) NOT-FOR-US: WordPress plugin CVE-2024-1713 (A user who can create objects in a database with plv8 3.2.1 installed ...) - TODO: check + - plv8 CVE-2024-0860 (The affected product is vulnerable to a cleartext transmission of sens ...) NOT-FOR-US: Softing CVE-2024-0803 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0147ef6f53965aee7f7e26f981d47e31f60745b6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0147ef6f53965aee7f7e26f981d47e31f60745b6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 02661347 by Moritz Muehlenhoff at 2024-03-21T18:33:57+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-26307 + NOT-FOR-US: Apache Doris +CVE-2024-27438 + NOT-FOR-US: Apache Doris CVE-2024-2754 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Complete E-Commerce Site CVE-2024-2748 (A Cross Site Request Forgery vulnerability was identified in GitHub En ...) @@ -39,11 +43,11 @@ CVE-2024-29470 (OneBlog v2.3.4 was discovered to contain a stored cross-site scr CVE-2024-29469 (A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 al ...) NOT-FOR-US: OneBlog CVE-2024-29037 (datahub-helm provides the Kubernetes Helm charts for deploying Datahub ...) - TODO: check + NOT-FOR-US: Datahub Helm chart CVE-2024-29036 (Saleor Storefront is software for building e-commerce experiences. Pri ...) NOT-FOR-US: Saleor Storefront CVE-2024-29033 (OAuthenticator provides plugins for JupyterHub to use common OAuth pro ...) - TODO: check + NOT-FOR-US: JupyterHub plugin CVE-2024-29032 (Qiskit IBM Runtime is an environment that streamlines quantum computat ...) NOT-FOR-US: IBM CVE-2024-29026 (Owncast is an open source, self-hosted, decentralized, single user liv ...) @@ -67,7 +71,7 @@ CVE-2024-28834 CVE-2024-28635 (Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v. ...) NOT-FOR-US: SurveyJS Survey Creator CVE-2024-25294 (An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sens ...) - TODO: check + NOT-FOR-US: REBUILD CVE-2024-24050 (Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Jou ...) NOT-FOR-US: Sourcecodester Workout Journal App CVE-2024-22724 (An issue was discovered in osCommerce v4, allows local attackers to by ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/026613479709ac138e4992898e9fbb0379d25c6b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/026613479709ac138e4992898e9fbb0379d25c6b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f18f940 by Moritz Muehlenhoff at 2024-03-19T20:43:30+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-27439 + NOT-FOR-US: Apache Wicket +CVE-2024-24683 + NOT-FOR-US: Apache Hop Engine CVE-2024-2616 - firefox-esr - thunderbird 1:115.9.0-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f18f940b336b60e40bd32ab2c2b23f522d848f0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f18f940b336b60e40bd32ab2c2b23f522d848f0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5267801c by Moritz Muehlenhoff at 2024-03-19T17:16:03+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,61 +1,61 @@ CVE-2024-2622 (A vulnerability was found in Fujian Kelixin Communication Command and ...) - TODO: check + NOT-FOR-US: Fujian CVE-2024-2621 (A vulnerability was found in Fujian Kelixin Communication Command and ...) - TODO: check + NOT-FOR-US: Fujian CVE-2024-2620 (A vulnerability has been found in Fujian Kelixin Communication Command ...) - TODO: check + NOT-FOR-US: Fujian CVE-2024-2604 (A vulnerability was found in SourceCodester File Manager App 1.0. It h ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-28865 (django-wiki is a wiki system for Django. Installations of django-wiki ...) - TODO: check + NOT-FOR-US: django-wiki CVE-2024-28864 (SecureProps is a PHP library designed to simplify the encryption and d ...) - TODO: check + NOT-FOR-US: SecureProps CVE-2024-28855 (ZITADEL, open source authentication management software, uses Go templ ...) - TODO: check + NOT-FOR-US: Zitadel CVE-2024-28447 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discove ...) - TODO: check + NOT-FOR-US: Shenzhen Libituo Technology Co CVE-2024-28446 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discove ...) - TODO: check + NOT-FOR-US: Shenzhen Libituo Technology Co CVE-2024-28250 (Cilium is a networking, observability, and security solution with an e ...) - TODO: check + - cilium (bug #858303) CVE-2024-28249 (Cilium is a networking, observability, and security solution with an e ...) - TODO: check + - cilium (bug #858303) CVE-2024-28248 (Cilium is a networking, observability, and security solution with an e ...) - TODO: check + - cilium (bug #858303) CVE-2024-28237 (OctoPrint provides a web interface for controlling consumer 3D printer ...) - TODO: check + NOT-FOR-US: OctoPrint CVE-2024-26369 (An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x ...) TODO: check CVE-2024-25942 (Dell PowerEdge Server BIOS contains an Improper SMM communication buff ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-24578 (RaspberryMatic is an open-source operating system for HomeMatic intern ...) - TODO: check + NOT-FOR-US: RaspberryMatic CVE-2024-24043 (Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and befo ...) - TODO: check + NOT-FOR-US: Speedy11CZ MCRPX CVE-2024-24042 (Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and bef ...) - TODO: check + NOT-FOR-US: Devan-Kerman ARRP CVE-2024-2 (LDAP Account Manager (LAM) is a webfrontend for managing entries store ...) TODO: check CVE-2024-22453 (Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulne ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-22412 (ClickHouse is an open-source column-oriented database management syste ...) TODO: check CVE-2024-21504 (Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 ...) - TODO: check + NOT-FOR-US: livewire CVE-2024-21503 (Versions of the package black before 24.3.0 are vulnerable to Regular ...) TODO: check CVE-2024-0055 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...) - TODO: check + NOT-FOR-US: AXIS OS CVE-2024-0054 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...) - TODO: check + NOT-FOR-US: AXIS OS CVE-2023-40280 (An issue was discovered in OpenClinic GA 5.247.01. An attacker can per ...) - TODO: check + NOT-FOR-US: OpenClinic GA CVE-2023-40277 (An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-S ...) - TODO: check + NOT-FOR-US: OpenClinic GA CVE-2023-40276 (An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated ...) - TODO: check + NOT-FOR-US: OpenClinic GA CVE-2023-40275 (An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval ...) - TODO: check + NOT-FOR-US: OpenClinic GA CVE-2024-2599 (File upload restriction evasion vulnerability in AMSS++ version 4.31. ...) NOT-FOR-US: AMSS++ CVE-2024-2598 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5267801c81229759488ddfea6a811c03f5ff4ac6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5267801c81229759488ddfea6a811c03f5ff4ac6 You're receiving this email because of your account on
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 369f3c65 by Moritz Muehlenhoff at 2024-03-18T14:59:56+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -70,9 +70,9 @@ CVE-2023-39933 (Insufficient verification vulnerability exists in Broadcast Mail CVE-2023-39223 (Stored cross-site scripting vulnerability exists in CGIs included in A ...) NOT-FOR-US: PMailServer2 CVE-2021-47157 (The Kossy module before 0.60 for Perl allows JSON hijacking because of ...) - TODO: check + NOT-FOR-US: Kossy Perl module CVE-2021-47156 (The Net::IPAddress::Util module before 5.000 for Perl does not properl ...) - TODO: check + NOT-FOR-US: Net::IPAddress::Util Perl module CVE-2021-47155 (The Net::IPV4Addr module 0.10 for Perl does not properly consider extr ...) TODO: check CVE-2021-47154 (The Net::CIDR::Lite module before 0.22 for Perl does not properly cons ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/369f3c6581892c5aa6183de951a3513e5c6172aa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/369f3c6581892c5aa6183de951a3513e5c6172aa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 68d0e467 by Moritz Muehlenhoff at 2024-03-18T11:06:40+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,67 +1,67 @@ CVE-2024-2581 (A vulnerability was found in Tenda AC10 16.03.10.13 and classified as ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2577 (A vulnerability has been found in SourceCodester Employee Task Managem ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-2576 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-2575 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-2574 (A vulnerability classified as critical was found in SourceCodester Emp ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-2573 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-2572 (A vulnerability was found in SourceCodester Employee Task Management S ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-2571 (A vulnerability was found in SourceCodester Employee Task Management S ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-2570 (A vulnerability was found in SourceCodester Employee Task Management S ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-2569 (A vulnerability was found in SourceCodester Employee Task Management S ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-2568 (A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classifi ...) - TODO: check + NOT-FOR-US: JFinalCMS CVE-2024-2567 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) - TODO: check + NOT-FOR-US: AndroidWeatherApp CVE-2024-29156 (In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, th ...) TODO: check CVE-2024-29154 (danielmiessler fabric through 1.3.0 allows installer/client/gui/static ...) - TODO: check + NOT-FOR-US: danielmiessler/fabric CVE-2024-29151 (Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which doe ...) - TODO: check + NOT-FOR-US: Rocket.Chat.Audit CVE-2024-28745 (Improper export of Android application components issue exists in 'ABE ...) - TODO: check + NOT-FOR-US: ABEMA App for Android CVE-2024-28128 (Cross-site scripting vulnerability exists in FitNesse releases prior t ...) - TODO: check + NOT-FOR-US: FitNesse CVE-2024-28125 (FitNesse all releases allows a remote authenticated attacker to execut ...) - TODO: check + NOT-FOR-US: FitNesse CVE-2024-27974 (Cross-site request forgery vulnerability in FUJIFILM printers which im ...) - TODO: check + NOT-FOR-US: FUJIFILM CVE-2024-27757 (flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XS ...) - TODO: check + NOT-FOR-US: flusity CMS CVE-2024-24539 (FusionPBX before 5.2.0 does not validate a session.) - TODO: check + NOT-FOR-US: FusionPBX CVE-2024-24230 (Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vul ...) - TODO: check + NOT-FOR-US: Komm.One CMS CVE-2024-23604 (Cross-site scripting vulnerability exists in FitNesse all releases, wh ...) - TODO: check + NOT-FOR-US: FitNesse CVE-2024-23139 (An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1. ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23138 (A maliciously crafted DWG file when parsed through Autodesk DWG TrueVi ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-22475 (Cross-site request forgery vulnerability in multiple printers and scan ...) - TODO: check + NOT-FOR-US: BROTHER CVE-2024-21824 (Improper authentication vulnerability in exists in multiple printers a ...) - TODO: check + NOT-FOR-US: BROTHER CVE-2023-52159 (A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x ...) TODO: check CVE-2023-40747 (Directory traversal vulnerability exists in A.K.I Software's PMailServ ...) - TODO: check + NOT-FOR-US: PMailServer2 CVE-2023-40160 (Directory traversal vulnerability exists in Mailing List Search CGI (p ...) - TODO: check + NOT-FOR-US: PMailServer2 CVE-2023-39933 (Insufficient verification vulnerability exists in Broadcast Mail CGI ( ...) - TODO: check + NOT-FOR-US: PMailServer2 CVE-2023-39223 (Stored cross-site scripting vulnerability exists in CGIs included in A ...) - TODO: check + NOT-FOR-US: PMailServer2 CVE-2021-47157 (The Kossy module before 0.60 for Perl allows
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c94f8051 by Moritz Muehlenhoff at 2024-03-16T21:17:48+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,35 +1,35 @@ CVE-2024-2529 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2528 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2527 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2526 (A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2525 (A vulnerability, which was classified as problematic, was found in MAG ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2524 (A vulnerability, which was classified as critical, has been found in M ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2523 (A vulnerability classified as problematic was found in MAGESH-K21 Onli ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2522 (A vulnerability classified as critical has been found in MAGESH-K21 On ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2521 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2520 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2519 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2518 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2517 (A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2516 (A vulnerability, which was classified as critical, was found in MAGESH ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2515 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-1857 (The Ultimate Gift Cards for WooCommerce \u2013 Create, Redeem & Manage ...) - TODO: check + NOT-FOR-US: WooCommerce plugin CVE-2024-2467 [Crypt-OpenSSL-RSA vulnerable to the Marvin Attack] - libcrypt-openssl-rsa-perl (bug #1066969) [buster] - libcrypt-openssl-rsa-perl (Minor issue; side-channel timing attack) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c94f8051ebc8fc345b38aff3ca326967f6f6e5d4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c94f8051ebc8fc345b38aff3ca326967f6f6e5d4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 8156fa6f by Moritz Mühlenhoff at 2024-03-14T11:52:55+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,23 @@ +CVE-2024-25395 + NOT-FOR-US: RT-Thread +CVE-2024-25394 + NOT-FOR-US: RT-Thread +CVE-2024-25393 + NOT-FOR-US: RT-Thread +CVE-2024-25392 + NOT-FOR-US: RT-Thread +CVE-2024-25391 + NOT-FOR-US: RT-Thread +CVE-2024-25390 + NOT-FOR-US: RT-Thread +CVE-2024-25388 + NOT-FOR-US: RT-Thread +CVE-2024-25389 + NOT-FOR-US: RT-Thread +CVE-2024-24335 + NOT-FOR-US: RT-Thread +CVE-2024-24334 + NOT-FOR-US: RT-Thread CVE-2024-28746 - airflow (bug #819700) CVE-2024-2242 (The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cro ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8156fa6f535223af93b2dbc6ce31c2abad71e409 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8156fa6f535223af93b2dbc6ce31c2abad71e409 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 53bbe326 by Moritz Mühlenhoff at 2024-03-14T11:48:18+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23,9 +23,9 @@ CVE-2024-28175 (Argo CD is a declarative, GitOps continuous delivery tool for Ku CVE-2024-27703 (Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote a ...) NOT-FOR-US: Leantime CVE-2024-27102 (Wings is the server control plane for Pterodactyl Panel. This vulnerab ...) - TODO: check + NOT-FOR-US: Wings CVE-2024-27097 (A user endpoint didn't perform filtering on an incoming parameter, whi ...) - TODO: check + NOT-FOR-US: CKAN CVE-2024-25653 (Broken Access Control in the Report functionality of Delinea PAM Secre ...) NOT-FOR-US: Delinea PAM Secret Server CVE-2024-25652 (In Delinea PAM Secret Server 11.4, it is possible for a user (with acc ...) @@ -498,7 +498,7 @@ CVE-2024-28239 (Directus is a real-time API and App dashboard for managing SQL d CVE-2024-28238 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2024-28236 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...) - TODO: check + NOT-FOR-US: Vela CVE-2024-27440 (The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyok ...) NOT-FOR-US: Toyoko Inn official App CVE-2024-27305 (aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on ...) @@ -791,9 +791,9 @@ CVE-2024-1302 (Information exposure vulnerability in Badger Meter Monitool affec CVE-2024-1301 (SQL injection vulnerability in Badger Meter Monitool affecting version ...) NOT-FOR-US: Badger Meter Monitool CVE-2024-1227 (An open redirect vulnerability, the exploitation of which could allow ...) - TODO: check + NOT-FOR-US: Rejettos CVE-2024-1226 (The software does not neutralize or incorrectly neutralizes certain ch ...) - TODO: check + NOT-FOR-US: Rejettos CVE-2024-1138 (The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterpri ...) NOT-FOR-US: TIBCO CVE-2024-1137 (The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveS ...) @@ -937,7 +937,7 @@ CVE-2024-1400 (The Mollie Forms plugin for WordPress is vulnerable to unauthoriz CVE-2023-6814 (Insertion of Sensitive Information into Log File vulnerability in Hita ...) NOT-FOR-US: Hitachi CVE-2023-49785 (NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat use ...) - TODO: check + NOT-FOR-US: NextChat CVE-2023-49453 (Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22 ...) - racktables (bug #629531) CVE-2024-2370 (Unrestricted file upload vulnerability in ManageEngine Desktop Central ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53bbe326b47bf3c09d6b0cf310ff7d321b479e37 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53bbe326b47bf3c09d6b0cf310ff7d321b479e37 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 46faf2a3 by Moritz Muehlenhoff at 2024-03-06T18:55:41+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,35 @@ +CVE-2024-28160 + NOT-FOR-US: Jenkins plugin +CVE-2024-28159 + NOT-FOR-US: Jenkins plugin +CVE-2024-28158 + NOT-FOR-US: Jenkins plugin +CVE-2024-28157 + NOT-FOR-US: Jenkins plugin +CVE-2024-28156 + NOT-FOR-US: Jenkins plugin +CVE-2024-2215 + NOT-FOR-US: Jenkins plugin +CVE-2024-2216 + NOT-FOR-US: Jenkins plugin +CVE-2024-28161 + NOT-FOR-US: Jenkins plugin +CVE-2024-28162 + NOT-FOR-US: Jenkins plugin +CVE-2024-28155 + NOT-FOR-US: Jenkins plugin +CVE-2024-28154 + NOT-FOR-US: Jenkins plugin +CVE-2024-28153 + NOT-FOR-US: Jenkins plugin +CVE-2024-28152 + NOT-FOR-US: Jenkins plugin +CVE-2024-28151 + NOT-FOR-US: Jenkins plugin +CVE-2024-28150 + NOT-FOR-US: Jenkins plugin +CVE-2024-28149 + NOT-FOR-US: Jenkins plugin CVE-2023-50740 NOT-FOR-US: Apache Linkis CVE-2024-26580 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46faf2a3765a8a390dd9f04039c72d0b7cd3c9a0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46faf2a3765a8a390dd9f04039c72d0b7cd3c9a0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ae928773 by Moritz Muehlenhoff at 2024-03-06T16:47:05+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2023-50740 + NOT-FOR-US: Apache Linkis +CVE-2024-26580 + NOT-FOR-US: Apache InLong CVE-2024-2179 (Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via th ...) NOT-FOR-US: Concrete CMS CVE-2024-27765 (Directory Traversal vulnerability in Jeewms v.3.7 and before allows a ...) @@ -278,13 +282,13 @@ CVE-2024-26334 (swftools v0.9.2 was discovered to contain a segmentation violati CVE-2024-24098 (Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Inject ...) NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-23296 (A memory corruption issue was addressed with improved validation. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-23256 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-23243 (A privacy issue was addressed with improved private data redaction for ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-23225 (A memory corruption issue was addressed with improved validation. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-22352 (IBM InfoSphere Information Server 11.7 stores potentially sensitive in ...) NOT-FOR-US: IBM CVE-2024-22255 (VMware ESXi, Workstation, and Fusion contain an information disclosure ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae9287732ff7d86da5b7f32bb212eeed4aa52227 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae9287732ff7d86da5b7f32bb212eeed4aa52227 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ef9496d by Moritz Muehlenhoff at 2024-03-05T10:51:41+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -28,7 +28,7 @@ CVE-2024-25164 (iA Path Traversal vulnerability exists in iDURAR v2.0.0, that al CVE-2024-22383 (Missing release of resource after effective lifetime (CWE-772) in the ...) NOT-FOR-US: Gallagher CVE-2024-22188 (TYPO3 before 13.0.1 allows an authenticated admin user (with system ma ...) - TODO: check + NOT-FOR-US: TYPO3 CVE-2024-21838 (Improper neutralization of special elements in output (CWE-74) used by ...) NOT-FOR-US: Gallagher CVE-2024-21815 (Insufficiently protected credentials (CWE-522) for third party DVR int ...) @@ -156,9 +156,9 @@ CVE-2024-0156 (Dell Digital Delivery, versions prior to 5.0.86.0, contain a Buff CVE-2024-0155 (Dell Digital Delivery, versions prior to 5.0.86.0, contain a Use After ...) NOT-FOR-US: Dell CVE-2023-6241 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm ...) - TODO: check + NOT-FOR-US: Arm CVE-2023-6143 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm ...) - TODO: check + NOT-FOR-US: Arm CVE-2023-6068 (On affected 7130 Series FPGA platforms running MOS and recent versions ...) NOT-FOR-US: Arista CVE-2023-5451 (Forcepoint NGFW Security Management Center Management Server has SMC ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ef9496ddfa3d38e46b501c69974ec181b2d2581 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ef9496ddfa3d38e46b501c69974ec181b2d2581 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c30dda8b by Moritz Muehlenhoff at 2024-03-04T11:50:59+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,57 +21,57 @@ CVE-2024-21826 (in OpenHarmony v3.2.4 and prior versions allow a local attacker CVE-2024-21816 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2024-20038 (In pq, there is a possible out of bounds read due to an incorrect boun ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20037 (In pq, there is a possible write-what-where condition due to an incorr ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20036 (In vdec, there is a possible permission bypass due to a permissions by ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20034 (In battery, there is a possible escalation of privilege due to a missi ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20033 (In nvram, there is a possible information disclosure due to a missing ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20032 (In aee, there is a possible permission bypass due to a missing permiss ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20031 (In da, there is a possible out of bounds write due to lack of valudati ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20030 (In da, there is a possible information disclosure due to improper inpu ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20029 (In wlan firmware, there is a possible out of bounds write due to impro ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20028 (In da, there is a possible out of bounds write due to lack of valudati ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20027 (In da, there is a possible out of bounds write due to improper input v ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20026 (In da, there is a possible information disclosure due to improper inpu ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20025 (In da, there is a possible out of bounds write due to an integer overf ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20024 (In flashc, there is a possible out of bounds write due to lack of valu ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20023 (In flashc, there is a possible out of bounds write due to lack of valu ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20022 (In lk, there is a possible escalation of privilege due to a missing bo ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20020 (In OPTEE, there is a possible out of bounds write due to an incorrect ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20019 (In wlan driver, there is a possible memory leak due to improper input ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20018 (In wlan driver, there is a possible out of bounds write due to imprope ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20017 (In wlan service, there is a possible out of bounds write due to improp ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20005 (In da, there is a possible permission bypass due to a missing permissi ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-4479 (Stored XSS Vulnerability in M-Files Web versions before 23.8 allows at ...) - TODO: check + NOT-FOR-US: M-Files Web CVE-2023-49602 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause ...) - TODO: check + NOT-FOR-US: OpenHarmony CVE-2023-46708 (in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitr ...) - TODO: check + NOT-FOR-US: OpenHarmony CVE-2023-25176 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause ...) - TODO: check + NOT-FOR-US: OpenHarmony CVE-2019-25210 (An issue was discovered in Cloud Native Computing Foundation (CNCF) He ...) - TODO: check + - helm-kubernetes (bug #910799) CVE-2024-26622 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux NOTE: https://git.kernel.org/linus/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815 (6.8-rc7) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c30dda8b322d2d70ad80b9389a76ab0759f147ab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c30dda8b322d2d70ad80b9389a76ab0759f147ab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 330c3813 by Moritz Muehlenhoff at 2024-02-29T09:57:25+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2024-26559 (An issue in uverif v.2.0 allows a remote attacker to obtain sensitive ...) - TODO: check + NOT-FOR-US: uverif CVE-2024-26476 (An issue in open-emr before v.7.0.2 allows a remote attacker to escala ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2024-26450 (Cross Site Scripting vulnerability in Piwigo before v.14.2.0 allows a ...) - piwigo CVE-2024-25869 (An Unrestricted File Upload vulnerability in CodeAstro Membership Mana ...) @@ -89,35 +89,35 @@ CVE-2024-1468 (The Avada | Website Builder For WordPress & WooCommerce theme for CVE-2024-1437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-1435 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1434 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1341 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0689 (The Custom Field Suite plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6090 (Unrestricted Upload of File with Dangerous Type vulnerability in Molli ...) - TODO: check + NOT-FOR-US: WooCommerce plugin CVE-2023-5617 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 1 ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2023-51802 (Cross Site Scripting (XSS) vulnerability in the Simple Student Attenda ...) - TODO: check + NOT-FOR-US: Simple Student Attendance System CVE-2023-51801 (SQL Injection vulnerability in the Simple Student Attendance System v. ...) - TODO: check + NOT-FOR-US: Simple Student Attendance System CVE-2023-51800 (Cross Site Scripting (XSS) vulnerability in School Fees Management Sys ...) - TODO: check + NOT-FOR-US: School Fees Management System CVE-2023-51696 (Cross-Site Request Forgery (CSRF) vulnerability in \u0421leanTalk - An ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51531 (Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thriv ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51530 (Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Sli ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51529 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega \ ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51528 (Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Powe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-50905 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-50437 (An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. ...) NOT-FOR-US: Couchbase Server CVE-2023-50436 (An issue was discovered in Couchbase Server before 7.2.4. ns_server ad ...) @@ -131,13 +131,13 @@ CVE-2023-49930 (An issue was discovered in Couchbase Server before 7.2.4. cURL c CVE-2023-49338 (Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authent ...) NOT-FOR-US: Couchbase Server CVE-2023-47874 (Missing Authorization vulnerability in Perfmatters.This issue affects ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-45874 (An issue was discovered in Couchbase Server through 7.2.2. A data read ...) NOT-FOR-US: Couchbase Server CVE-2023-45873 (An issue was discovered in Couchbase Server through 7.2.2. A data read ...) NOT-FOR-US: Couchbase Server CVE-2023-45859 (In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 ...) - TODO: check + - hazelcast (bug #745640) CVE-2023-43769 (An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 ...) NOT-FOR-US: Couchbase Server CVE-2023-38372 (An unauthorized attacker who has obtained an IBM Watson IoT Platform 1 ...) @@ -339,7 +339,7 @@ CVE-2023-52226 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Flam CVE-2023-52223 (Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLi ...) NOT-FOR-US: WordPress plugin CVE-2023-52048 (RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vu ...) - TODO: check + NOT-FOR-US: RuoYi CVE-2023-52047 (Dedecms
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d8194a55 by Moritz Muehlenhoff at 2024-02-29T09:54:19+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -55,39 +55,39 @@ CVE-2024-23493 (Mattermost fails to properly authorize the requests fetchingteam CVE-2024-23488 (Mattermost fails to properly restrict the access of files attached to ...) - mattermost-server (bug #823556) CVE-2024-23302 (Couchbase Server before 7.2.4 has a private key leak in goxdcr.log.) - TODO: check + NOT-FOR-US: Couchbase Server CVE-2024-22983 (SQL injection vulnerability in Projectworlds Visitor Management System ...) - TODO: check + NOT-FOR-US: Projectworlds Visitor Management System CVE-2024-22871 (An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker ...) TODO: check CVE-2024-22532 (Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x8 ...) - TODO: check + NOT-FOR-US: XNSoft NConvert CVE-2024-21798 (ELECOM wireless LAN routers contain a cross-site scripting vulnerabili ...) - TODO: check + NOT-FOR-US: ELECOM CVE-2024-21752 (Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Aja ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1982 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1981 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1978 (The Friends plugin for WordPress is vulnerable to Server-Side Request ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1977 (The Restaurant Solutions \u2013 Checklist plugin for WordPress is vuln ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1976 (The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1972 (A vulnerability was found in SourceCodester Online Job Portal 1.0 and ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-1971 (A vulnerability has been found in Surya2Developer Online Shopping Syst ...) - TODO: check + NOT-FOR-US: Surya2Developer Online Shopping System CVE-2024-1970 (A vulnerability, which was classified as problematic, was found in Sou ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-1887 (Mattermost fails to check if compliance export is enabled when fetchin ...) - mattermost-server (bug #823556) CVE-2024-1468 (The Avada | Website Builder For WordPress & WooCommerce theme for Word ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1435 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) TODO: check CVE-2024-1434 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -119,27 +119,27 @@ CVE-2023-51528 (Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin A CVE-2023-50905 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) TODO: check CVE-2023-50437 (An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. ...) - TODO: check + NOT-FOR-US: Couchbase Server CVE-2023-50436 (An issue was discovered in Couchbase Server before 7.2.4. ns_server ad ...) - TODO: check + NOT-FOR-US: Couchbase Server CVE-2023-49932 (An issue was discovered in Couchbase Server before 7.2.4. An attacker ...) - TODO: check + NOT-FOR-US: Couchbase Server CVE-2023-49931 (An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL c ...) - TODO: check + NOT-FOR-US: Couchbase Server CVE-2023-49930 (An issue was discovered in Couchbase Server before 7.2.4. cURL calls t ...) - TODO: check + NOT-FOR-US: Couchbase Server CVE-2023-49338 (Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authent ...) - TODO: check + NOT-FOR-US: Couchbase Server CVE-2023-47874 (Missing Authorization vulnerability in Perfmatters.This issue affects ...) TODO: check CVE-2023-45874 (An issue was discovered in Couchbase Server through 7.2.2. A data read ...) - TODO: check + NOT-FOR-US: Couchbase Server CVE-2023-45873 (An issue was discovered in Couchbase Server through 7.2.2. A data read ...) - TODO: check + NOT-FOR-US: Couchbase Server CVE-2023-45859 (In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 ...) TODO: check CVE-2023-43769 (An issue was discovered in Couchbase
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 735e28e8 by Moritz Muehlenhoff at 2024-02-29T09:51:06+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,57 +3,57 @@ CVE-2024-26559 (An issue in uverif v.2.0 allows a remote attacker to obtain sens CVE-2024-26476 (An issue in open-emr before v.7.0.2 allows a remote attacker to escala ...) TODO: check CVE-2024-26450 (Cross Site Scripting vulnerability in Piwigo before v.14.2.0 allows a ...) - TODO: check + - piwigo CVE-2024-25869 (An Unrestricted File Upload vulnerability in CodeAstro Membership Mana ...) - TODO: check + NOT-FOR-US: CodeAstro CVE-2024-25868 (A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Man ...) - TODO: check + NOT-FOR-US: CodeAstro CVE-2024-25867 (A SQL Injection vulnerability in CodeAstro Membership Management Syste ...) - TODO: check + NOT-FOR-US: CodeAstro CVE-2024-25866 (A SQL Injection vulnerability in CodeAstro Membership Management Syste ...) - TODO: check + NOT-FOR-US: CodeAstro CVE-2024-25594 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25579 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...) - TODO: check + NOT-FOR-US: ELECOM CVE-2024-25422 (SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker t ...) - TODO: check + NOT-FOR-US: SEMCMS CVE-2024-25351 (SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGuruku ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2024-25350 (SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGuruku ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2024-25292 (Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows a ...) - TODO: check + NOT-FOR-US: RenderTune CVE-2024-25291 (Deskfiler v1.2.3 allows attackers to execute arbitrary code via upload ...) - TODO: check + NOT-FOR-US: Deskfiler CVE-2024-25098 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25094 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24988 (Mattermost fails to properly validate the length of the emoji value in ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-24525 (An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 all ...) - TODO: check + NOT-FOR-US: EpointWebBuilder CVE-2024-24155 (Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie, pars ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2024-24150 (A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4. ...) - TODO: check + - ming CVE-2024-24149 (A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4. ...) - TODO: check + - ming CVE-2024-24147 (A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v ...) - TODO: check + - ming CVE-2024-24146 (A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0. ...) - TODO: check + - ming CVE-2024-23910 (Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN ...) - TODO: check + NOT-FOR-US: ELECOM CVE-2024-23501 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-23493 (Mattermost fails to properly authorize the requests fetchingteam assoc ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-23488 (Mattermost fails to properly restrict the access of files attached to ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-23302 (Couchbase Server before 7.2.4 has a private key leak in goxdcr.log.) TODO: check CVE-2024-22983 (SQL injection vulnerability in Projectworlds Visitor Management System ...) @@ -83,7 +83,7 @@ CVE-2024-1971 (A vulnerability has been found in Surya2Developer Online Shopping CVE-2024-1970 (A vulnerability, which was classified as problematic, was found in Sou ...) TODO: check CVE-2024-1887 (Mattermost fails to check if compliance export is enabled when fetchin ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-1468 (The Avada | Website Builder For WordPress & WooCommerce theme for Word ...) TODO: check CVE-2024-1437 (Improper
[Git][security-tracker-team/security-tracker][master] NFus
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: fde94062 by Moritz Muehlenhoff at 2024-02-28T17:26:10+01:00 NFus - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-25065 + NOT-FOR-US: Apache OFBiz +CVE-2024-23946 + NOT-FOR-US: Apache OFBiz CVE-2024-22857 NOT-FOR-US: zlog CVE-2024-26016 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fde94062d13d96aa06e6d5e907d54d2f98219013 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fde94062d13d96aa06e6d5e907d54d2f98219013 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 37d28648 by Moritz Muehlenhoff at 2024-02-28T15:58:05+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2024-26016 + NOT-FOR-US: Apache Superset +CVE-2024-24779 + NOT-FOR-US: Apache Superset +CVE-2024-24772 + NOT-FOR-US: Apache Superset +CVE-2024-24773 + NOT-FOR-US: Apache Superset +CVE-2024-27315 + NOT-FOR-US: Apache Superset CVE-2021-47053 [crypto: sun8i-ss - Fix memory leak of pad] - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37d28648333f79b8ae2730e901813a705efb02e8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37d28648333f79b8ae2730e901813a705efb02e8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c0d8b90c by Moritz Muehlenhoff at 2024-02-28T09:44:23+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2,33 +2,33 @@ CVE-2024-27913 (ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9 - frr NOTE: https://github.com/FRRouting/frr/pull/15431 CVE-2024-26542 (Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixe ...) - TODO: check + NOT-FOR-US: Bonitasoft CVE-2024-26302 (A vulnerability in the web-based management interface of ClearPass Pol ...) - TODO: check + NOT-FOR-US: HPE CVE-2024-26301 (A vulnerability in the web-based management interface of ClearPass Pol ...) - TODO: check + NOT-FOR-US: HPE CVE-2024-26300 (A vulnerability in the guest interface of ClearPass Policy Manager cou ...) - TODO: check + NOT-FOR-US: HPE CVE-2024-26299 (A vulnerability in the web-based management interface of ClearPass Pol ...) - TODO: check + NOT-FOR-US: HPE CVE-2024-26298 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) - TODO: check + NOT-FOR-US: HPE CVE-2024-26297 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) - TODO: check + NOT-FOR-US: HPE CVE-2024-26296 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) - TODO: check + NOT-FOR-US: HPE CVE-2024-26295 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) - TODO: check + NOT-FOR-US: HPE CVE-2024-26294 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) - TODO: check + NOT-FOR-US: HPE CVE-2024-24027 (SQL Injection vulnerability in Likeshop before 2.5.7 allows attackers ...) - TODO: check + NOT-FOR-US: Likeshop CVE-2024-22723 (Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating ...) - TODO: check + NOT-FOR-US: Webtrees CVE-2024-1943 (The Yuki theme for WordPress is vulnerable to Cross-Site Request Forge ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-1932 (Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/ ...) - TODO: check + NOT-FOR-US: freescout-helpdesk CVE-2024-1892 (Parts of the Scrapy API were found to be vulnerable to a ReDoS attack. ...) TODO: check CVE-2024-1866 @@ -38,23 +38,23 @@ CVE-2024-1865 CVE-2024-1864 REJECTED CVE-2024-1568 (The Seraphinite Accelerator plugin for WordPress is vulnerable to Serv ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1388 (The Yuki theme for WordPress is vulnerable to unauthorized modificatio ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-0763 (Any user can delete an arbitrary folder (recursively) on a remote serv ...) - TODO: check + NOT-FOR-US: anythingllm CVE-2024-0550 (A user who is privileged already `manager` or `admin` can set their pr ...) - TODO: check + NOT-FOR-US: anythingllm CVE-2023-50737 (The SE menu contains information used by Lexmark to diagnose device er ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2023-50736 (A memory corruption vulnerability has been identified in PostScript in ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2023-50735 (A heap corruption vulnerability has been identified in PostScript inte ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2023-50734 (A buffer overflow vulnerability has been identified in PostScript inte ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2023-50303 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-46969 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0ecc1c70dcd32c0f081b173a1a5d89952686f271 (5.13-rc1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0d8b90cf1a882c215930ed4409951d2f418d2bd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0d8b90cf1a882c215930ed4409951d2f418d2bd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 805ecc5a by Moritz Muehlenhoff at 2024-02-28T09:28:03+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -203,7 +203,7 @@ CVE-2020-36776 (In the Linux kernel, the following vulnerability has been resolv CVE-2024-27508 (Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/cryp ...) TODO: check CVE-2024-27507 (libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2l ...) - TODO: check + - liblas CVE-2024-27099 (The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Ser ...) TODO: check CVE-2024-26473 (A reflected cross-site scripting (XSS) vulnerability in SocialMediaWeb ...) @@ -235,15 +235,15 @@ CVE-2024-25841 (In the module "So Flexibilite" (soflexibilite) from Common-Servi CVE-2024-25840 (In the module "Account Manager | Sales Representative & Dealers | CRM" ...) NOT-FOR-US: PrestaShop module CVE-2024-25723 (ZenML Server in the ZenML machine learning package before 0.46.7 for P ...) - TODO: check + NOT-FOR-US: ZenML CVE-2024-25400 (Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.ph ...) NOT-FOR-US: Subrion CMS CVE-2024-25399 (Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via admi ...) NOT-FOR-US: Subrion CMS CVE-2024-25398 (In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted n ...) - TODO: check + NOT-FOR-US: Srelay CVE-2024-24323 (SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a re ...) - TODO: check + NOT-FOR-US: linlinjava litemall CVE-2024-22251 (VMware Workstation and Fusion contain an out-of-bounds read vulnerabil ...) NOT-FOR-US: VMware CVE-2024-21742 (Improper input validation allows for header injection in MIME4J librar ...) @@ -402,7 +402,7 @@ CVE-2024-1686 (The Thank You Page Customizer for WooCommerce \u2013 Increase You CVE-2024-1323 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: WordPress plugin CVE-2024-0759 (Should an instance of AnythingLLM be hosted on an internal network and ...) - TODO: check + NOT-FOR-US: anythingllm CVE-2023-7033 (Insufficient Resource Pool vulnerability in Ethernet function of Mitsu ...) NOT-FOR-US: Mitsubishi CVE-2023-41506 (An arbitrary file upload vulnerability in the Update/Edit Student's Pr ...) @@ -567,13 +567,13 @@ CVE-2024-27084 CVE-2024-27081 (ESPHome is a system to control your ESP8266/ESP32. A security misconfi ...) NOT-FOR-US: ESPHome CVE-2024-26468 (A DOM based cross-site scripting (XSS) vulnerability in the component ...) - TODO: check + NOT-FOR-US: urlpages CVE-2024-26467 (A DOM based cross-site scripting (XSS) vulnerability in the component ...) - TODO: check + NOT-FOR-US: tabatkins/railroad-diagrams CVE-2024-26466 (A DOM based cross-site scripting (XSS) vulnerability in the component ...) - TODO: check + NOT-FOR-US: web-platform-tests/wpt CVE-2024-26465 (A DOM based cross-site scripting (XSS) vulnerability in the component ...) - TODO: check + NOT-FOR-US: beep.js CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...) - krb5 NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md @@ -681,9 +681,9 @@ CVE-2024-23835 (Suricata is a network Intrusion Detection System, Intrusion Prev NOTE: https://github.com/OISF/suricata/commit/b0d762d2675a2441b74e039d54bfa5b050641f8e (suricata-7.0.3) NOTE: https://github.com/OISF/suricata/commit/61a32360eba3c032de51029a05515ab46690286f (suricata-7.0.3) CVE-2024-23605 (A heap-based buffer overflow vulnerability exists in the GGUF library ...) - TODO: check + NOT-FOR-US: llama.cpp CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF library ...) - TODO: check + NOT-FOR-US: llama.cpp CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Ser ...) NOT-FOR-US: Tencent Blueking CMDB CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 SSL con ...) @@ -691,13 +691,13 @@ CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 S NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 NOTE: https://github.com/jetty/jetty.project/issues/11256 CVE-2024-21836 (A heap-based buffer overflow vulnerability exists in the GGUF library ...) - TODO: check + NOT-FOR-US: llama.cpp CVE-2024-21825 (A heap-based buffer overflow vulnerability exists in the GGUF library ...) - TODO: check + NOT-FOR-US: llama.cpp CVE-2024-21802 (A heap-based
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1fd6c29a by Moritz Muehlenhoff at 2024-02-27T22:46:35+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -234,45 +234,45 @@ CVE-2024-1106 (The Shariff Wrapper WordPress plugin before 4.6.10 does not sanit CVE-2024-0855 (The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the ev ...) NOT-FOR-US: WordPress plugin CVE-2024-0819 (Improper initialization of default settings in TeamViewer Remote Clien ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2024-0551 (Enable exports of the database and associated exported information of ...) - TODO: check + NOT-FOR-US: anything-llm CVE-2024-0197 (A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to ...) - TODO: check + NOT-FOR-US: Thales SafeNet CVE-2023-7203 (The Smart Forms WordPress plugin before 2.6.87 does not have authorisa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7202 (The Fatal Error Notify WordPress plugin before 1.5.3 does not have aut ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7198 (The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7167 (The Persian Fonts WordPress plugin through 1.6 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7165 (The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7115 (The Page Builder: Pagelayer WordPress plugin before 1.8.1 does not san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7016 (A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Wi ...) - TODO: check + NOT-FOR-US: Thales SafeNet CVE-2023-6585 (The WP JobSearch WordPress plugin before 2.3.4 does not validate files ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6584 (The WP JobSearch WordPress plugin before 2.3.4 does not prevent attack ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5993 (A flaw in the Windows Installer in Thales SafeNet Authentication Clien ...) - TODO: check + NOT-FOR-US: Thales SafeNet CVE-2023-5947 REJECTED CVE-2023-50380 (XML External Entity injection in apache ambari versions <= 2.7.7,Users ...) - TODO: check + NOT-FOR-US: Apache Ambari CVE-2023-48682 (Stored cross-site scripting (XSS) vulnerability in unit name. The foll ...) - TODO: check + NOT-FOR-US: Acronis CVE-2023-48681 (Self cross-site scripting (XSS) vulnerability in storage nodes search ...) - TODO: check + NOT-FOR-US: Acronis CVE-2023-48680 (Sensitive information disclosure due to excessive collection of system ...) - TODO: check + NOT-FOR-US: Acronis CVE-2023-48679 (Stored cross-site scripting (XSS) vulnerability due to missing origin ...) - TODO: check + NOT-FOR-US: Acronis CVE-2023-48678 (Sensitive information disclosure due to insecure folder permissions. T ...) - TODO: check + NOT-FOR-US: Acronis CVE-2024-27354 - phpseclib 1.0.23-1 - php-phpseclib 2.0.47-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fd6c29a0fd74e484e761255fa28d8e2e39dd594 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fd6c29a0fd74e484e761255fa28d8e2e39dd594 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: dcc64d36 by Moritz Muehlenhoff at 2024-02-27T15:49:51+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2023-50379 + NOT-FOR-US: Apache Ambari +CVE-2023-51747 + NOT-FOR-US: Apache James +CVE-2024-27905 + NOT-FOR-US: Apache Aurora CVE-2024-27356 (An issue was discovered on certain GL-iNet devices. Attackers can down ...) NOT-FOR-US: GL-iNet devices CVE-2024-27093 (Minder is a Software Supply Chain Security Platform. In version 0.0.31 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcc64d365a1a59475dba706ad7f4a49fd662af15 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcc64d365a1a59475dba706ad7f4a49fd662af15 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6412586a by Moritz Muehlenhoff at 2024-02-26T11:40:51+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,39 +1,39 @@ CVE-2024-27456 (rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for th ...) TODO: check CVE-2024-27455 (In the Bentley ALIM Web application, certain configuration settings ca ...) - TODO: check + NOT-FOR-US: Bentley CVE-2024-27454 (orjson.loads in orjson before 3.9.15 does not limit recursion for deep ...) - TODO: check + - python-orjson (bug #1002996) CVE-2024-27447 (pretix before 2024.1.1 mishandles file validation.) - TODO: check + NOT-FOR-US: pretix CVE-2024-27444 (langchain_experimental (aka LangChain Experimental) in LangChain befor ...) - TODO: check + NOT-FOR-US: langchain_experimental CVE-2024-1886 (This vulnerability allows remote attackers to traverse the directory o ...) - TODO: check + NOT-FOR-US: LG Electronics CVE-2024-1885 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: LG Electronics CVE-2024-1878 (A vulnerability was found in SourceCodester Employee Management System ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-1877 (A vulnerability was found in SourceCodester Employee Management System ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-1876 (A vulnerability was found in SourceCodester Employee Management System ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-1875 (A vulnerability was found in SourceCodester Complaint Management Syste ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-1735 (A vulnerability has been identified in armeria-saml versions less than ...) - TODO: check + NOT-FOR-US: armeria-saml CVE-2024-0798 (A user with a `default` role given to them by the admin can sent `DELE ...) - TODO: check + NOT-FOR-US: mintplex-labs/anything-llm CVE-2024-0455 (The inclusion of the web scraper for AnythingLLM means that any user w ...) - TODO: check + NOT-FOR-US: mintplex-labs/anything-llm CVE-2024-0440 (Attacker, with permission to submit a link or submits a link via POST ...) - TODO: check + NOT-FOR-US: mintplex-labs/anything-llm CVE-2024-0439 (As a manager, you should not be able to modify a series of settings. I ...) - TODO: check + NOT-FOR-US: mintplex-labs/anything-llm CVE-2024-0436 (Theoretically, it would be possible for an attacker to brute-force the ...) - TODO: check + NOT-FOR-US: mintplex-labs/anything-llm CVE-2024-0435 (User can send a chat that contains an XSS opportunity that will then r ...) - TODO: check + NOT-FOR-US: mintplex-labs/anything-llm CVE-2022-48626 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.16.10-1 [buster] - linux 4.19.232-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6412586a434839acfec2825a1ee7b18419407952 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6412586a434839acfec2825a1ee7b18419407952 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 066fbb5f by Moritz Muehlenhoff at 2024-02-23T23:38:31+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,15 @@ +CVE-2024-22371 + NOT-FOR-US: Apache Camel CVE-2024-27319 (Versions of the package onnx before and including 1.15.0 are vulnerabl ...) - TODO: check + NOT-FOR-US: onnx CVE-2024-27318 (Versions of the package onnx before and including 1.15.0 are vulnerabl ...) - TODO: check + NOT-FOR-US: onnx CVE-2024-26150 (`@backstage/backend-common` is a common functionality library for back ...) - TODO: check + NOT-FOR-US: backstage/backend-common CVE-2024-25928 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Sitepact CVE-2024-25915 (Server-Side Request Forgery (SSRF) vulnerability in Raaj Trambadia Pex ...) - TODO: check + NOT-FOR-US: Raaj Trambadia Pexels: Free Stock Photos CVE-2024-25629 (c-ares is a C library for asynchronous DNS requests. `ares__read_line( ...) - c-ares [bookworm] - c-ares (Minor issue) @@ -67413,7 +67415,7 @@ CVE-2023-24418 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i CVE-2023-24417 (Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Wor ...) NOT-FOR-US: WordPress plugin CVE-2023-24416 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI Cha ...) NOT-FOR-US: WordPress plugin CVE-2023-24414 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gall ...) @@ -91372,7 +91374,7 @@ CVE-2022-43844 (IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0. CVE-2022-43843 (IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected c ...) NOT-FOR-US: IBM CVE-2022-43842 (IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-43841 RESERVED CVE-2022-43840 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/066fbb5f599d1e87bc4047c5170e8c4d45f7f34e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/066fbb5f599d1e87bc4047c5170e8c4d45f7f34e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: cd6a9c54 by Moritz Muehlenhoff at 2024-02-23T21:24:47+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15,65 +15,65 @@ CVE-2024-25629 (c-ares is a C library for asynchronous DNS requests. `ares__read NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q NOTE: https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183 CVE-2024-23320 (Improper Input Validation vulnerability in Apache DolphinScheduler. An ...) - TODO: check + NOT-FOR-US: Apache DolphinScheduler CVE-2024-22776 (Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-bas ...) - TODO: check + NOT-FOR-US: Wallos CVE-2024-1834 (A vulnerability was found in SourceCodester Simple Student Attendance ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-1833 (A vulnerability was found in SourceCodester Employee Management System ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-1832 (A vulnerability has been found in SourceCodester Complete File Managem ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-1831 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-1830 (A vulnerability was found in code-projects Library System 1.0. It has ...) - TODO: check + NOT-FOR-US: code-projects Library System CVE-2024-1829 (A vulnerability was found in code-projects Library System 1.0. It has ...) - TODO: check + NOT-FOR-US: code-projects Library System CVE-2024-1828 (A vulnerability was found in code-projects Library System 1.0. It has ...) - TODO: check + NOT-FOR-US: code-projects Library System CVE-2024-1827 (A vulnerability was found in code-projects Library System 1.0 and clas ...) - TODO: check + NOT-FOR-US: code-projects Library System CVE-2024-1826 (A vulnerability has been found in code-projects Library System 1.0 and ...) - TODO: check + NOT-FOR-US: code-projects Library System CVE-2024-1825 (A vulnerability, which was classified as problematic, was found in Cod ...) - TODO: check + NOT-FOR-US: CodeAstro CVE-2024-1824 (A vulnerability, which was classified as critical, has been found in C ...) - TODO: check + NOT-FOR-US: CodeAstro CVE-2024-1823 (A vulnerability classified as critical was found in CodeAstro Simple V ...) - TODO: check + NOT-FOR-US: CodeAstro CVE-2024-1822 (A vulnerability classified as problematic has been found in PHPGurukul ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2024-1821 (A vulnerability was found in code-projects Crime Reporting System 1.0. ...) - TODO: check + NOT-FOR-US: Crime Reporting System CVE-2024-1820 (A vulnerability was found in code-projects Crime Reporting System 1.0. ...) - TODO: check + NOT-FOR-US: Crime Reporting System CVE-2024-1819 (A vulnerability was found in CodeAstro Membership Management System 1. ...) - TODO: check + NOT-FOR-US: CodeAstro CVE-2024-1818 (A vulnerability was found in CodeAstro Membership Management System 1. ...) - TODO: check + NOT-FOR-US: CodeAstro CVE-2024-1817 (A vulnerability has been found in Demososo DM Enterprise Website Build ...) - TODO: check + NOT-FOR-US: Demososo DM Enterprise Website Builder CVE-2024-1590 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1362 (The Colibri Page Builder plugin for WordPress is vulnerable to Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1361 (The Colibri Page Builder plugin for WordPress is vulnerable to Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1360 (The Colibri WP theme for WordPress is vulnerable to Cross-Site Request ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0563 (Denial of service condition in M-Files Server inversions before 24.2 ( ...) - TODO: check + NOT-FOR-US: M-Files CVE-2023-52457 (In the Linux kernel, the following vulnerability has been resolved: s ...) TODO: check CVE-2023-51394 (High traffic environments may result in NULL Pointer Dereference vulne ...) - TODO: check + NOT-FOR-US: Silabs CVE-2023-51393 (Due to an allocation of resources without limits, an uncontrolled reso ...) - TODO: check + NOT-FOR-US: Silabs CVE-2023-51392 (Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of ...) - TODO: check + NOT-FOR-US: Ember ZNet CVE-2023-4826 (The SocialDriver WordPress theme before version 2024
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: fb63f29d by Moritz Muehlenhoff at 2024-02-23T11:55:16+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1106,7 +1106,7 @@ CVE-2024-1651 (Torrentpier version 2.4.1 allows executing arbitrary commands on CVE-2024-1648 (electron-pdf version 20.0.0 allows an external attacker to remotely ob ...) NOT-FOR-US: electron-pdf CVE-2024-1647 (Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtai ...) - TODO: check + NOT-FOR-US: Pyhtml2pdf CVE-2024-1644 (Suite CRM version 7.14.2 allows including local php files. This is pos ...) NOT-FOR-US: Suite CRM CVE-2024-1638 (The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GAT ...) @@ -52140,11 +52140,11 @@ CVE-2023-29183 (An improper neutralization of input during web page generation ( CVE-2023-29182 (A stack-based buffer overflow vulnerability [CWE-121]in Fortinet Forti ...) NOT-FOR-US: FortiGuard CVE-2023-29181 (A use of externally-controlled format string in Fortinet FortiOS 7.2.0 ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2023-29180 (A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7 ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2023-29179 (A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7 ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2023-29178 (A access of uninitialized pointer vulnerability [CWE-824] in Fortinet ...) NOT-FOR-US: Fortinet CVE-2023-29177 (Multiple buffer copy without checking size of input ('classic buffer o ...) @@ -143259,7 +143259,7 @@ CVE-2022-25379 CVE-2022-25378 RESERVED CVE-2022-25377 (The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0. ...) - TODO: check + NOT-FOR-US: appwrite CVE-2022-25376 RESERVED CVE-2022-25375 (An issue was discovered in drivers/usb/gadget/function/rndis.c in the ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb63f29d8d385420445d634a58bbe009fcdd8b22 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb63f29d8d385420445d634a58bbe009fcdd8b22 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ced7c8d by Moritz Muehlenhoff at 2024-02-23T11:23:25+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -691,13 +691,13 @@ CVE-2024-25260 (elfutils v0.189 was discovered to contain a NULL pointer derefer NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=373f5212677235fc3ca6068b887111554790f944 NOTE: Crash in CLI tool, considered only to be a normal bug by upstream CVE-2024-25199 (Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node. ...) - TODO: check + NOT-FOR-US: ROS2 Navigation Framework and System CVE-2024-25198 (Inappropriate pointer order of laser_scan_filter_.reset() and tf_liste ...) - TODO: check + NOT-FOR-US: ROS2 Navigation Framework and System CVE-2024-25197 (Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versi ...) - TODO: check + NOT-FOR-US: ROS2 Navigation Framework and System CVE-2024-25196 (Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versi ...) - TODO: check + NOT-FOR-US: ROS2 Navigation Framework and System CVE-2024-25150 (Information disclosure vulnerability in the Control Panel in Liferay P ...) NOT-FOR-US: Liferay CVE-2024-24794 (A use-after-free vulnerability exists in the DICOM Element Parsing as ...) @@ -927,7 +927,7 @@ CVE-2024-1172 (The Essential Addons for Elementor \u2013 Best Elementor Template CVE-2024-1171 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-1156 (Incorrect directory permissions for the shared NI RabbitMQ service may ...) - TODO: check + NOT-FOR-US: NI SystemLink server CVE-2024-1155 (Incorrect permissions in the installation directories for shared Syste ...) NOT-FOR-US: Silabs CVE-2024-1133 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) @@ -1003,11 +1003,11 @@ CVE-2024-0407 (Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers CVE-2024-0379 (The Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget plugi ...) NOT-FOR-US: WordPress plugin CVE-2023-7245 (The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3. ...) - TODO: check + NOT-FOR-US: OpenVPN Connect CVE-2023-6923 (The Matomo Analytics \u2013 Ethical Stats. Powerful Insights. plugin f ...) NOT-FOR-US: WordPress plugin CVE-2023-6881 (Possible buffer overflow in is_mount_point) - TODO: check + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-6806 (The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) NOT-FOR-US: WordPress plugin CVE-2023-6565 (The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive ...) @@ -1054,15 +1054,15 @@ CVE-2023-47635 (Decidim is a participatory democracy framework. Starting in vers CVE-2023-47634 (Decidim is a participatory democracy framework. Starting in version 0. ...) NOT-FOR-US: Decidim CVE-2023-45318 (A heap-based buffer overflow vulnerability exists in the HTTP Server f ...) - TODO: check + NOT-FOR-US: Silabs CVE-2023-42791 (A relative path traversal in Fortinet FortiManager version 7.4.0 and 7 ...) NOT-FOR-US: Fortinet CVE-2023-39541 (A denial of service vulnerability exists in the ICMP and ICMPv6 parsin ...) - TODO: check + NOT-FOR-US: Silabs CVE-2023-39540 (A denial of service vulnerability exists in the ICMP and ICMPv6 parsin ...) - TODO: check + NOT-FOR-US: Silabs CVE-2023-38562 (A double-free vulnerability exists in the IP header loopback parsing f ...) - TODO: check + NOT-FOR-US: Silabs CVE-2023-37495 (Internet passwords stored in Person documents in the Domino\xae Direct ...) NOT-FOR-US: HCL CVE-2023-52434 (In the Linux kernel, the following vulnerability has been resolved: s ...) @@ -1097,9 +1097,9 @@ CVE-2024-25149 (Liferay Portal 7.2.0 through 7.4.1, and older unsupported versio CVE-2024-22234 (In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x p ...) - libspring-security-2.0-java CVE-2024-1651 (Torrentpier version 2.4.1 allows executing arbitrary commands on the s ...) - TODO: check + NOT-FOR-US: Torrentpier CVE-2024-1648 (electron-pdf version 20.0.0 allows an external attacker to remotely ob ...) - TODO: check + NOT-FOR-US: electron-pdf CVE-2024-1647 (Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtai ...) TODO: check CVE-2024-1644 (Suite CRM version 7.14.2 allows including local php files. This is pos ...) @@ -,7 +,7 @@ CVE-2024-1559 (The Link Library plugin for WordPress is vulnerable to Stored Cro CVE-2024-1510 (The WP Shortcodes Plugin \u2014
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: feae722f by Moritz Muehlenhoff at 2024-02-23T10:57:08+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -52,65 +52,65 @@ CVE-2024-25748 (A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9 v.3 CVE-2024-25746 (Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firm ...) NOT-FOR-US: Tenda CVE-2024-25385 (An issue in flvmeta v.1.2.2 allows a local attacker to cause a denial ...) - TODO: check + NOT-FOR-US: FLVMeta CVE-2024-25369 (A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2 ...) - TODO: check + NOT-FOR-US: FUEL CMS CVE-2024-25130 (Tuleap is an open source suite to improve management of software devel ...) - TODO: check + NOT-FOR-US: Tuleap CVE-2024-25129 (The CodeQL CLI repo holds binaries for the CodeQL command line interfa ...) - TODO: check + NOT-FOR-US: CodeQL CVE-2024-25021 (IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileg ...) NOT-FOR-US: IBM CVE-2024-24817 (Discourse Calendar adds the ability to create a dynamic calendar in th ...) - TODO: check + NOT-FOR-US: Discourse Calendar CVE-2024-23094 (Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...) - TODO: check + NOT-FOR-US: Flusity-CMS CVE-2024-22547 (WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS).) - TODO: check + NOT-FOR-US: WayOS CVE-2024-22243 (Applications that use UriComponentsBuilderto parse an externally provi ...) TODO: check CVE-2024-1786 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-1784 (A vulnerability classified as problematic was found in Limbas 5.2.14. ...) - TODO: check + NOT-FOR-US: Limbas CVE-2024-1783 (A vulnerability classified as critical has been found in Totolink LR12 ...) - TODO: check + NOT-FOR-US: Totolink CVE-2024-1781 (A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_202307 ...) - TODO: check + NOT-FOR-US: Totolink CVE-2024-1779 (The Admin side data storage for Contact Form 7 plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1778 (The Admin side data storage for Contact Form 7 plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1777 (The Admin side data storage for Contact Form 7 plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1776 (The Admin side data storage for Contact Form 7 plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1750 (A vulnerability, which was classified as critical, was found in Temmok ...) - TODO: check + NOT-FOR-US: TemmokuMVC CVE-2024-1749 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Bhojon Best Restaurant Management Software CVE-2024-1748 (A vulnerability classified as critical was found in van_der_Schaar LAB ...) - TODO: check + NOT-FOR-US: van_der_Schaar LAB AutoPrognosis CVE-2024-1683 (A DLL injection vulnerability exists where an authenticated, low-privi ...) - TODO: check + NOT-FOR-US: Tenable CVE-2024-1563 (An attacker could have executed unauthorized scripts on top origin sit ...) - TODO: check + NOT-FOR-US: Mozilla Firefox Focus CVE-2024-1104 (An unauthenticated remote attacker can bypass the brute force preventi ...) - TODO: check + NOT-FOR-US: Areal Topkapi WebServ2 CVE-2024-0220 (B Automation Studio Upgrade Service and B Technology Guarding use ...) - TODO: check + NOT-FOR-US: B Automation Studio CVE-2023-51653 (Hertzbeat is a real-time monitoring system. In the implementation of ` ...) - TODO: check + NOT-FOR-US: Hertzbeat CVE-2023-51450 (baserCMS is a website development framework. Prior to version 5.0.9, t ...) - TODO: check + NOT-FOR-US: baserCMS CVE-2023-51389 (Hertzbeat is a real-time monitoring system. At the interface of `/defi ...) - TODO: check + NOT-FOR-US: Hertzbeat CVE-2023-51388 (Hertzbeat is a real-time monitoring system. In `CalculateAlarm.java`, ...) - TODO: check + NOT-FOR-US: Hertzbeat CVE-2023-44379 (baserCMS is a website development framework. Prior to version 5.0.9, t ...) - TODO: check + NOT-FOR-US: baserCMS CVE-2023-37540 (Sametime Connect desktop chat client includes, but does not use or req ...) - TODO: check + NOT-FOR-US: Sametime Connect CVE-2024-26141 [Reject Range headers which are too large] - ruby-rack NOTE:
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f271358 by Moritz Muehlenhoff at 2024-02-23T09:38:16+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,29 +1,32 @@ +CVE-2024-23807 + NOTE: No change CVE assignment to clarify affected versions for CVE-2018-1311 + NOTE: Debian was already correct CVE-2024-26445 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...) - TODO: check + NOT-FOR-US: flusity-CMS CVE-2024-26352 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...) - TODO: check + NOT-FOR-US: flusity-CMS CVE-2024-26351 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...) - TODO: check + NOT-FOR-US: flusity-CMS CVE-2024-26350 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...) - TODO: check + NOT-FOR-US: flusity-CMS CVE-2024-26349 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...) - TODO: check + NOT-FOR-US: flusity-CMS CVE-2024-26287 REJECTED CVE-2024-26284 (Utilizing a 302 redirect, an attacker could have conducted a Universal ...) - TODO: check + NOT-FOR-US: Mozilla Firefox Focus CVE-2024-26283 (An attacker could have executed unauthorized scripts on top origin sit ...) - TODO: check + - firefox (iOS-specific) CVE-2024-26282 (Using an AMP url with a canonical element, an attacker could have exec ...) - TODO: check + - firefox (iOS-specific) CVE-2024-26281 (Upon scanning a JavaScript URI with the QR code scanner, an attacker c ...) - TODO: check + - firefox (iOS-specific) CVE-2024-26152 (### Summary On all Label Studio versions prior to 1.11.0, data importe ...) - TODO: check + - label-studio (bug #1026232) CVE-2024-26151 (The `mjml` PyPI package, found at the `FelixSchwarz/mjml-python` GitHu ...) - TODO: check + NOT-FOR-US: mjml Python package CVE-2024-26128 (baserCMS is a website development framework. Prior to version 5.0.9, t ...) - TODO: check + NOT-FOR-US: baserCMS CVE-2024-25876 (A cross-site scripting (XSS) vulnerability in the Header module of Enh ...) TODO: check CVE-2024-25875 (A cross-site scripting (XSS) vulnerability in the Header module of Enh ...) @@ -287,17 +290,17 @@ CVE-2024-0903 (The User Feedback \u2013 Create Interactive Feedback Form, User S CVE-2024-0446 (A maliciously crafted STP, CATPART or MODEL file when parsed in ASMKER ...) NOT-FOR-US: Autodesk CVE-2023-52155 (A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4. ...) - TODO: check + NOT-FOR-US: PMB CVE-2023-52154 (File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and ea ...) - TODO: check + NOT-FOR-US: PMB CVE-2023-52153 (A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.p ...) - TODO: check + NOT-FOR-US: PMB CVE-2023-51828 (A SQL Injection vulnerability in /admin/convert/export.class.php in PM ...) - TODO: check + NOT-FOR-US: PMB CVE-2023-38844 (SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote ...) - TODO: check + NOT-FOR-US: PMB CVE-2023-37177 (SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before all ...) - TODO: check + NOT-FOR-US: PMB CVE-2024-26147 (Helm is a package manager for Charts for Kubernetes. Versions prior to ...) - helm-kubernetes (bug #910799) CVE-2024-1726 @@ -341,7 +344,7 @@ CVE-2024-25892 (ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Inj CVE-2024-25891 (ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection ( ...) NOT-FOR-US: ChurchCRM CVE-2024-25461 (Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM ...) - TODO: check + NOT-FOR-US: Terrasoft CRM CVE-2024-25381 (There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publish ...) NOT-FOR-US: Emlog Pro CVE-2024-25288 (SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerab ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f2713588148776f18a0ba83251ba7c030dc0ddf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f2713588148776f18a0ba83251ba7c030dc0ddf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7f4f4c51 by Moritz Muehlenhoff at 2024-02-22T20:20:33+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2024-26578 + NOT-FOR-US: Apache Answer +CVE-2024-23349 + NOT-FOR-US: Apache Answer +CVE-2024-22393 + NOT-FOR-US: Apache Answer CVE-2024-27283 (A vulnerability was discovered in Veritas eDiscovery Platform before 1 ...) NOT-FOR-US: Veritas CVE-2024-26491 (A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Me ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f4f4c51835e00ae51e6e4553424828951ce8cad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f4f4c51835e00ae51e6e4553424828951ce8cad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f3d9a732 by Moritz Muehlenhoff at 2024-02-21T13:50:25+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,11 +5,11 @@ CVE-2024-26266 (Multiple stored cross-site scripting (XSS) vulnerabilities in Li CVE-2024-26140 (com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to v ...) NOT-FOR-US: Yet Analytics Core LRS Library CVE-2024-26136 (kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4 ...) - TODO: check + NOT-FOR-US: kedi ElectronCord CVE-2024-25905 (Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi ...) NOT-FOR-US: Mondula GmbH Multi Step Form CVE-2024-25904 (Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMC ...) - TODO: check + NOT-FOR-US: TinyMCE addon CVE-2024-25603 (Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Ma ...) NOT-FOR-US: Liferay CVE-2024-25602 (Stored cross-site scripting (XSS) vulnerability in Users Admin module' ...) @@ -47,17 +47,17 @@ CVE-2024-23758 (An issue discovered in Unisys Stealth 5.3.062.0 allows attackers CVE-2024-22235 (VMware Aria Operations contains a local privilege escalation vulnerabi ...) NOT-FOR-US: VMware CVE-2024-1631 (Impact: The library offers a function to generate an ed25519 key pair ...) - TODO: check + NOT-FOR-US: agent-js CVE-2024-1562 (The WooCommerce Google Sheet Connector plugin for WordPress is vulnera ...) NOT-FOR-US: WordPress plugin CVE-2024-1501 (The Database Reset plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: WordPress plugin CVE-2024-1108 (The Plugin Groups plugin for WordPress is vulnerable to unauthorized m ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1081 (The 3D FlipBook \u2013 PDF Flipbook WordPress plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0593 (The Simple Job Board plugin for WordPress is vulnerable to unauthorize ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52442 (In the Linux kernel, the following vulnerability has been resolved: k ...) - linux 6.5.3-1 [bookworm] - linux 6.1.55-1 @@ -79,69 +79,69 @@ CVE-2023-52440 (In the Linux kernel, the following vulnerability has been resolv CVE-2023-50923 (In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) ...) TODO: check CVE-2023-49034 (Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a ...) - TODO: check + NOT-FOR-US: ProjeQtOr CVE-2023-47422 (An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.5 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-46967 (Cross Site Scripting vulnerability in the sanitize function in Enhance ...) - TODO: check + NOT-FOR-US: osTicket CVE-2023-42953 (A permissions issue was addressed with additional restrictions. This i ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42952 (The issue was addressed with improved checks. This issue is fixed in i ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42951 (The issue was addressed with improved handling of caches. This issue i ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42946 (This issue was addressed with improved redaction of sensitive informat ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42945 (A permissions issue was addressed with additional restrictions. This i ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42942 (This issue was addressed with improved handling of symlinks. This issu ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42939 (A logic issue was addressed with improved checks. This issue is fixed ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42928 (The issue was addressed with improved bounds checks. This issue is fix ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42889 (The issue was addressed with improved checks. This issue is fixed in m ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42878 (A privacy issue was addressed with improved private data redaction for ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42877 (The issue was addressed with improved checks. This issue is fixed in m ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42873 (The issue was addressed with improved bounds checks. This issue is fix ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42860 (A permissions issue was addressed with additional restrictions. This i ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42859 (The issue was addressed with improved checks. This issue is fixed in
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 699c8f8e by Moritz Muehlenhoff at 2024-02-20T22:59:59+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -335,27 +335,27 @@ CVE-2023-52435 (In the Linux kernel, the following vulnerability has been resolv - linux 6.6.11-1 NOTE: https://git.kernel.org/linus/23d05d563b7e7b0314e65c8e882bc27eac2da8e7 (6.7-rc6) CVE-2023-51770 (Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This is ...) - TODO: check + NOT-FOR-US: Apache Dolphinscheduler CVE-2023-51447 (Decidim is a participatory democracy framework. Starting in version 0. ...) - TODO: check + NOT-FOR-US: Decidim CVE-2023-50306 (IBM Common Licensing 9.0 could allow a local user to enumerate usernam ...) NOT-FOR-US: IBM CVE-2023-50270 (Session Fixation Apache DolphinScheduler before version 3.2.0, which s ...) - TODO: check + NOT-FOR-US: Apache Dolphinscheduler CVE-2023-49250 (Because the HttpUtils class did not verify certificates, an attacker t ...) - TODO: check + NOT-FOR-US: Apache Dolphinscheduler CVE-2023-49109 (Exposure of Remote Code Execution in Apache Dolphinscheduler. This is ...) - TODO: check + NOT-FOR-US: Apache Dolphinscheduler CVE-2023-48220 (Decidim is a participatory democracy framework. Starting in version 0. ...) - TODO: check + NOT-FOR-US: Decidim CVE-2023-47635 (Decidim is a participatory democracy framework. Starting in version 0. ...) - TODO: check + NOT-FOR-US: Decidim CVE-2023-47634 (Decidim is a participatory democracy framework. Starting in version 0. ...) - TODO: check + NOT-FOR-US: Decidim CVE-2023-45318 (A heap-based buffer overflow vulnerability exists in the HTTP Server f ...) TODO: check CVE-2023-42791 (A relative path traversal in Fortinet FortiManager version 7.4.0 and 7 ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2023-39541 (A denial of service vulnerability exists in the ICMP and ICMPv6 parsin ...) TODO: check CVE-2023-39540 (A denial of service vulnerability exists in the ICMP and ICMPv6 parsin ...) @@ -363,7 +363,7 @@ CVE-2023-39540 (A denial of service vulnerability exists in the ICMP and ICMPv6 CVE-2023-38562 (A double-free vulnerability exists in the IP header loopback parsing f ...) TODO: check CVE-2023-37495 (Internet passwords stored in Person documents in the Domino\xae Direct ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-52434 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.6.8-1 NOTE: https://git.kernel.org/linus/af1689a9b7701d9907dfc84d2a4b57c4bc907144 (6.7-rc6) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/699c8f8ecc20f47714b621c52c8ccef0dfc48ad4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/699c8f8ecc20f47714b621c52c8ccef0dfc48ad4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 665fd4d0 by Moritz Muehlenhoff at 2024-02-19T16:56:11+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,9 +19,9 @@ CVE-2024-26327 (An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vf - qemu NOTE: https://lore.kernel.org/all/20240214-reuse-v4-5-89ad093a07f4%40daynix.com/ CVE-2024-26318 (Serenity before 6.8.0 allows XSS via an email link because LoginPage.t ...) - TODO: check + NOT-FOR-US: Serenity CVE-2024-24722 (An unquoted service path vulnerability in the 12d Synergy Server and F ...) - TODO: check + NOT-FOR-US: 12d Synergy Server CVE-2022-48624 (close_altfile in filename.c in less before 606 omits shell_quote calls ...) - less [bookworm] - less (Minor issue) @@ -71,23 +71,23 @@ CVE-2024-21984 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11 CVE-2024-21983 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 ar ...) NOT-FOR-US: StorageGRID CVE-2024-21500 (All versions of the package github.com/greenpau/caddy-security are vul ...) - TODO: check + NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-21499 (All versions of the package github.com/greenpau/caddy-security are vul ...) - TODO: check + NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-21498 (All versions of the package github.com/greenpau/caddy-security are vul ...) - TODO: check + NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-21497 (All versions of the package github.com/greenpau/caddy-security are vul ...) - TODO: check + NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-21496 (All versions of the package github.com/greenpau/caddy-security are vul ...) - TODO: check + NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-21495 (Versions of the package github.com/greenpau/caddy-security before 1.0. ...) - TODO: check + NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-21494 (All versions of the package github.com/greenpau/caddy-security are vul ...) - TODO: check + NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-21493 (All versions of the package github.com/greenpau/caddy-security are vul ...) - TODO: check + NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-21492 (All versions of the package github.com/greenpau/caddy-security are vul ...) - TODO: check + NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-20986 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2024-20980 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...) @@ -143,11 +143,11 @@ CVE-2024-1512 (The MasterStudy LMS WordPress Plugin \u2013 for Online Courses an CVE-2024-0610 (The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is v ...) NOT-FOR-US: WordPress Plugin CVE-2023-6749 (Unchecked length coming from user input in settings shell) - TODO: check + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-6249 (Signed to unsigned conversion esp32_ipm_send) - TODO: check + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-5779 (can: out of bounds in remove_rx_filter function) - TODO: check + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-52387 (Resource reuse vulnerability in the GPU module. Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2023-52381 (Script injection vulnerability in the email module.Successful exploita ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/665fd4d039f5e19870f0d0ba30d2a06551f23246 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/665fd4d039f5e19870f0d0ba30d2a06551f23246 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 835024bc by Moritz Muehlenhoff at 2024-02-19T16:03:54+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-23114 + NOT-FOR-US: Apache Camel +CVE-2024-22369 + NOT-FOR-US: Apache Camel CVE-2024-26328 (An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in h ...) - qemu NOTE: https://lore.kernel.org/all/20240213055345-mutt-send-email-mst%40kernel.org View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/835024bcb149a6d4a2dd3c2df1a821342c9c268e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/835024bcb149a6d4a2dd3c2df1a821342c9c268e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 8d50efca by Moritz Muehlenhoff at 2024-02-18T20:13:00+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25,25 +25,25 @@ CVE-2024-1444 CVE-2024-0023 (In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible ...) NOT-FOR-US: Android CVE-2024-0021 (In onCreate of NotificationAccessConfirmationActivity.java, there is a ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0020 (In onActivityResult of NotificationSoundPreference.java, there is a po ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0019 (In setListening of AppOpsControllerImpl.java, there is a possible way ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0018 (In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possi ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0017 (In shouldUseNoOpLocation of CameraActivity.java, there is a possible c ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0016 (In multiple locations, there is a possible out of bounds read due to a ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0015 (In convertToComponentName of DreamService.java, there is a possible wa ...) - TODO: check + NOT-FOR-US: Android CVE-2023-51931 (An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a de ...) - TODO: check + NOT-FOR-US: urlite CVE-2023-45860 (In Hazelcast Platform through 5.3.4, a security issue exists within th ...) - hazelcast (bug #745640) CVE-2023-40085 (In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible ou ...) - TODO: check + NOT-FOR-US: Android CVE-2023-52160 - wpa (bug #1064061) NOTE: https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c @@ -85107,7 +85107,7 @@ CVE-2023-21167 (In setProfileName of DevicePolicyManagerService.java, there is a CVE-2023-21166 (In RGXBackingZSBuffer of rgxta3d.c, there is a possible arbitrary code ...) NOT-FOR-US: Android CVE-2023-21165 (In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitr ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21164 (In DevmemIntMapPMR of devicemem_server.c, there is a possible arbitrar ...) NOT-FOR-US: Android CVE-2023-21163 (In PMR_ReadBytes of pmr.c, there is a possible arbitrary code executio ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d50efca580206eacd37b08f7eba5b5d64d0b52c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d50efca580206eacd37b08f7eba5b5d64d0b52c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 715d3803 by Moritz Muehlenhoff at 2024-02-16T14:23:12+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-0793 + NOT-FOR-US: kube-controller-manager CVE-2024-25580 [QT KTX buffer overflow] - qt6-base - qtbase-opensource-src @@ -1046,7 +1048,7 @@ CVE-2024-22126 (The User Admin application of SAP NetWeaver AS for Java - versio CVE-2024-22024 (An XML external entity or XXE vulnerability in the SAML component of I ...) NOT-FOR-US: Ivanti CVE-2024-21491 (Versions of the package svix before 1.17.0 are vulnerable to Authentic ...) - TODO: check + NOT-FOR-US: Rust crate svix CVE-2024-1439 (Inadequate access control in Moodle LMS. This vulnerability could allo ...) - moodle CVE-2024-1420 @@ -1094,7 +1096,7 @@ CVE-2023-6081 (The chartjs WordPress plugin through 2023.2 does not sanitise and CVE-2023-6036 (The Web3 WordPress plugin before 3.0.0 is vulnerable to an authenticat ...) NOT-FOR-US: WordPress plugin CVE-2023-52431 (The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows ...) - TODO: check + NOT-FOR-US: Plack::Middleware::XSRFBlock perl module CVE-2023-52430 (The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a ...) NOT-FOR-US: Caddy plugin CVE-2023-52060 (A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attacker ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/715d380343ab0da1f905d41b766c87d00287ebea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/715d380343ab0da1f905d41b766c87d00287ebea You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9aa4ff3a by Moritz Muehlenhoff at 2024-02-16T11:06:38+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,65 +1,65 @@ CVE-2024-25415 (A remote code execution (RCE) vulnerability in /admin/define_language. ...) - TODO: check + NOT-FOR-US: CE Phoenix CVE-2024-25414 (An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1 ...) - TODO: check + NOT-FOR-US: CSZ CMS CVE-2024-25413 (A XSLT Server Side injection vulnerability in the Import Jobs function ...) - TODO: check + NOT-FOR-US: Magento plugin CVE-2024-25123 (MSS (Mission Support System) is an open source package designed for pl ...) - TODO: check + NOT-FOR-US: MSS (Mission Support System) CVE-2024-23674 (The Online-Ausweis-Funktion eID scheme in the German National Identity ...) TODO: check CVE-2024-23479 (SolarWinds Access Rights Manager (ARM) was found to be susceptible to ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2024-23478 (SolarWinds Access Rights Manager (ARM) was found to be susceptible to ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2024-23477 (The SolarWinds Access Rights Manager (ARM) was found to be susceptible ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2024-23476 (The SolarWinds Access Rights Manager (ARM) was found to be susceptible ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2024-21728 (An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTi ...) - TODO: check + NOT-FOR-US: osTicky2 CVE-2024-0622 (Local privilege escalation vulnerabilityaffects OpenText Operations Ag ...) - TODO: check + NOT-FOR-US: OpenText Operations Agent CVE-2024-0240 (A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products ...) - TODO: check + NOT-FOR-US: Silabs CVE-2024-0041 (In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0040 (In setParameter of MtpPacket.cpp, there is a possible out of bounds re ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0038 (In injectInputEventToInputFilter of AccessibilityManagerService.java, ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0037 (In applyCustomDescription of SaveUi.java, there is a possible way to v ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0036 (In startNextMatchingActivity of ActivityTaskManagerService.java, there ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0035 (In onNullBinding of TileLifecycleManager.java, there is a possible way ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0034 (In BackgroundLaunchProcessController, there is a possible way to launc ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0033 (In multiple functions of ashmem-dev.cpp, there is a possible missing s ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0032 (In queryChildDocuments of FileSystemProvider.java, there is a possible ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0031 (In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a p ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0030 (In btif_to_bta_response of btif_gatt_util.cc, there is a possible out ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0029 (In multiple files, there is a possible way to capture the device scree ...) - TODO: check + NOT-FOR-US: Android CVE-2024-0014 (In startInstall of UpdateFetcher.java, there is a possible way to trig ...) - TODO: check + NOT-FOR-US: Android CVE-2023-6451 (Publicly known cryptographic machine key in AlayaCare's Procura Portal ...) - TODO: check + NOT-FOR-US: AlayaCare Procura Portal CVE-2023-6123 (Improper Neutralization vulnerability affects OpenText ALM Octaneversi ...) - TODO: check + NOT-FOR-US: Open Text ALM Octane CVE-2023-49508 (Directory Traversal vulnerability in YetiForceCompany YetiForceCRM ver ...) - TODO: check + NOT-FOR-US: YetiForceCRM CVE-2023-40122 (In applyCustomDescription of SaveUi.java, there is a possible way to v ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40093 (In multiple files, there is a possible way that trimmed content could ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40057 (The SolarWinds Access Rights Manager was found to be susceptible to a ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2024-21890 [experimental] - nodejs - nodejs (Only affects 20.x and later) @@ -49410,7 +49410,7 @@ CVE-2023-28715 (Improper access control in some Intel(R) oneAPI Toolkit and comp
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d879413 by Moritz Muehlenhoff at 2024-02-15T21:32:32+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24,103 +24,103 @@ CVE-2024-21892 - nodejs NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#code-injection-and-privilege-escalation-through-linux-capabilities-cve-2024-21892---high CVE-2024-25502 (Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote ...) - TODO: check + NOT-FOR-US: flusity CMS CVE-2024-25373 (Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-23113 (A use of externally-controlled format string in Fortinet FortiOS versi ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2024-20750 (Substance3D - Designer versions 13.1.0 and earlier are affected by an ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20749 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20748 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20747 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20744 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20743 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20742 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20741 (Substance3D - Painter versions 9.1.1 and earlier are affected by a Wri ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20740 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20739 (Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-ba ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20738 (Adobe Framemaker versions 2022.1 and earlier are affected by an Improp ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20736 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20735 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20734 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20733 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20731 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20730 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20729 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20728 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20727 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20726 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20725 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20724 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20723 (Substance3D - Painter versions 9.1.1 and earlier are affected by a Buf ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20722 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20720 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20719 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20718 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20717 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...) -
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 930e34d2 by Moritz Muehlenhoff at 2024-02-15T17:17:50+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,9 +9,9 @@ CVE-2024-26261 (The functionality for file download in HGiga OAKlouds' certain m CVE-2024-26260 (The functionality for synchronization in HGiga OAKlouds' certain moudu ...) NOT-FOR-US: HGiga OAKlouds CVE-2024-25941 (The jail(2) system call has not limited a visiblity of allocated TTYs ...) - TODO: check + NOT-FOR-US: FreeBSD CVE-2024-25940 (`bhyveload -h ` may be used to grant loader access to the < ...) - TODO: check + NOT-FOR-US: FreeBSD CVE-2024-25620 (Helm is a tool for managing Charts. Charts are packages of pre-configu ...) TODO: check CVE-2024-25619 (Mastodon is a free, open-source social network server based on Activit ...) @@ -36,23 +36,23 @@ CVE-2024-24256 (SQL Injection vulnerability in Yonyou space-time enterprise info CVE-2024-21727 (XSS vulnerability in DP Calendar component for Joomla.) NOT-FOR-US: DP Calendar component for Joomla CVE-2024-1523 (EC-WEB FS-EZViewer(Web)'s query functionality lacks proper restriction ...) - TODO: check + NOT-FOR-US: EC-WEB FS-EZViewer CVE-2024-1482 (An incorrect authorization vulnerability was identified in GitHub Ente ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-1471 (An HTML injection vulnerability exists where an authenticated, remote ...) - TODO: check + NOT-FOR-US: Tenable CVE-2024-1367 (A command injection vulnerability exists where an authenticated, remot ...) - TODO: check + NOT-FOR-US: Tenable CVE-2024-0708 (The Landing Page Cat \u2013 Coming Soon Page, Maintenance Page & Squee ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0353 (Local privilege escalation vulnerability potentially allowed an attack ...) - TODO: check + NOT-FOR-US: ESET CVE-2023-6138 (A potential security vulnerability has been identified in the system B ...) - TODO: check + NOT-FOR-US: HP CVE-2023-51787 (An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a ...) - TODO: check + NOT-FOR-US: Wind River VxWorks CVE-2023-46596 (Improper input validation in Algosec FireFlow VisualFlow workflow edit ...) - TODO: check + NOT-FOR-US: Algosec FireFlow VisualFlow CVE-2024-1488 (A vulnerability was found in Unbound due to incorrect default permissi ...) - unbound (RedHat specific patch vulnerability) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2264183 @@ -929,7 +929,7 @@ CVE-2023-41703 (User ID references at mentions in document comments were not cor CVE-2022-48623 (The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-boun ...) TODO: check CVE-2021-4437 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: lambda-middleware frameguard CVE-2024-1459 (A path traversal vulnerability was found in Undertow. This issue may a ...) - undertow NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259475 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/930e34d2fe88c35679e57fd51ef6d3d85422ff33 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/930e34d2fe88c35679e57fd51ef6d3d85422ff33 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b9c26799 by Moritz Muehlenhoff at 2024-02-14T23:37:11+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -46,9 +46,9 @@ CVE-2024-25165 (A global-buffer-overflow vulnerability was found in SWFTools v0. - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/217 CVE-2024-24990 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...) - TODO: check + NOT-FOR-US: Quic module for Nginx CVE-2024-24989 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...) - TODO: check + NOT-FOR-US: Quic module for Nginx CVE-2024-24966 (When LDAP remote authentication is configured on F5OS, a remote user w ...) NOT-FOR-US: F5 BIG-IP CVE-2024-24775 (When a virtual server is enabled with VLAN group and SNAT listener is ...) @@ -120,7 +120,7 @@ CVE-2023-6408 (CWE-924: Improper Enforcement of Message Integrity During Transmi CVE-2023-5123 (The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcu ...) NOT-FOR-US: Grafana plugin CVE-2023-5122 (Grafana is an open-source platform for monitoring and observability. T ...) - - grafana + NOT-FOR-US: Grafana plugin CVE-2023-52399 REJECTED CVE-2023-52398 @@ -210,7 +210,7 @@ CVE-2023-41252 (Out-of-bounds read in some Intel(R) QAT software drivers for Win CVE-2023-41231 (Incorrect default permissions in some ACAT software maintained by Inte ...) NOT-FOR-US: Intel CVE-2023-41091 (Uncontrolled search path for some Intel(R) MPI Library Software before ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-41090 (Race condition in some Intel(R) MAS software before version 2.3 may al ...) NOT-FOR-US: Intel CVE-2023-40161 (Improper access control in some Intel Unite(R) Client software before ...) @@ -304,13 +304,13 @@ CVE-2023-32618 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and com CVE-2023-32280 (Insufficiently protected credentials in some Intel(R) Server Product O ...) NOT-FOR-US: Intel CVE-2023-31271 (Improper access control in some Intel(R) VROC software before version ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-31189 (Improper authentication in some Intel(R) Server Product OpenBMC firmwa ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-30767 (Improper buffer restrictions in Intel(R) Optimization for TensorFlow b ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-29153 (Uncontrolled resource consumption for some Intel(R) SPS firmware befor ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-28720 (Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) ...) - firmware-nonfree [bookworm] - firmware-nonfree (Non-free not supported) @@ -641,9 +641,9 @@ CVE-2023-45207 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9. CVE-2023-45206 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and ...) NOT-FOR-US: Zimbra CVE-2023-31347 (Due to a code bug in Secure_TSC, SEV firmware may allow an attacker wi ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-31346 (Failure to initialize memory in SEV Firmware may allow a privileged at ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-4408 (The DNS message parsing code in `named` includes a section whose compu ...) {DSA-5621-1} - bind9 1:9.19.21-1 @@ -792,7 +792,7 @@ CVE-2024-22024 (An XML external entity or XXE vulnerability in the SAML componen CVE-2024-21491 (Versions of the package svix before 1.17.0 are vulnerable to Authentic ...) TODO: check CVE-2024-1439 (Inadequate access control in Moodle LMS. This vulnerability could allo ...) - TODO: check + - moodle CVE-2024-1420 REJECTED CVE-2024-0566 (The Smart Manager WordPress plugin before 8.28.0 does not properly san ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9c267996b29224747c6227644ab5b5c1ab69d94 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9c267996b29224747c6227644ab5b5c1ab69d94 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 60931f05 by Moritz Muehlenhoff at 2024-02-14T16:12:11+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -671,7 +671,7 @@ CVE-2024-25109 (ManageWiki is a MediaWiki extension allowing users to manage wik CVE-2024-24831 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24828 (pkg is tool design to bundle Node.js projects into an executables. Any ...) - TODO: check + NOT-FOR-US: Node pkg CVE-2024-24804 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24803 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -695,7 +695,7 @@ CVE-2024-23323 (Envoy is a high-performance edge/middle/service proxy. The regex CVE-2024-23322 (Envoy is a high-performance edge/middle/service proxy. Envoy will cras ...) - envoyproxy (bug #987544) CVE-2024-21624 (nonebot2 is a cross-platform Python asynchronous chatbot framework wri ...) - TODO: check + NOT-FOR-US: nonebot2 CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A regular exp ...) - angular.js [buster] - angular.js (Fix along with the next DLA) @@ -730,7 +730,7 @@ CVE-2024-25711 (diffoscope before 256 allows directory traversal via an embedded NOTE: https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361 NOTE: https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/458f7f04bc053a0066aa7d2fd3251747d4899476 (256) CVE-2024-25679 (In PQUIC before 5bde5bb, retention of unused initial encryption keys a ...) - TODO: check + NOT-FOR-US: pquic CVE-2024-25678 (In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mi ...) NOT-FOR-US: LiteSpeed QUIC (LSQUIC) Library CVE-2024-25677 (In Min before 1.31.0, local files are not correctly treated as unique ...) @@ -1861,7 +1861,7 @@ CVE-2024-22202 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and CVE-2024-1225 (A vulnerability classified as critical was found in QiboSoft QiboCMS X ...) NOT-FOR-US: QiboSoft QiboCMS X1 CVE-2024-0953 (When a user scans a QR Code with the QR Code Scanner feature, the user ...) - TODO: check + - firefox (Only affects Firefox for iOS) CVE-2024-0323 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in B ...) NOT-FOR-US: B Industrial Automation Automation Runtime (SDM modules) CVE-2023-7216 (A path traversal vulnerability was found in the CPIO utility. This iss ...) @@ -54155,7 +54155,7 @@ CVE-2023-28020 (URL redirection in Login page in HCL BigFix WebUI allows malicio CVE-2023-28019 (Insufficient validation in Bigfix WebUI API App site version < 14 allo ...) NOT-FOR-US: HCL CVE-2023-28018 (HCL Connections is vulnerable to a denial of service, caused by improp ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-28017 (HCL Connections is vulnerable to a cross-site scripting attack where a ...) NOT-FOR-US: HCL CVE-2023-28016 (Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal S ...) @@ -58074,7 +58074,7 @@ CVE-2023-26564 (The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable t CVE-2023-26563 (The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesys ...) NOT-FOR-US: Syncfusion CVE-2023-26562 (In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2 ...) - TODO: check + NOT-FOR-US: Zimbra CVE-2023-26561 RESERVED CVE-2023-26560 (Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of aut ...) @@ -61575,7 +61575,7 @@ CVE-2023-25537 (Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell CVE-2023-25536 (Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive informati ...) NOT-FOR-US: Dell CVE-2023-25535 (Dell SupportAssist for Home PCs Installer Executable file version prio ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-22660 (A heap-based buffer overflow vulnerability exists in the way Ichitaro ...) NOT-FOR-US: Ichitaro CVE-2023-0731 (The Interactive Geo Maps plugin for WordPress is vulnerable to Stored ...) @@ -87448,7 +87448,7 @@ CVE-2023-20588 (A division-by-zero error on some AMD processors can potentially NOTE: https://xenbits.xen.org/xsa/advisory-439.html NOTE: https://github.com/xen-project/xen/commit/d7b78041dc819efde0350f27754a61cb01a93496 CVE-2023-20587 (Improper Access Control in System Management Mode (SMM) may allow an a ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-20586 (A potential vulnerability was reported in Radeon\u2122 Software Crimso ...) NOT-FOR-US: AMD
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c59f4ca9 by Moritz Muehlenhoff at 2024-02-14T12:51:52+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-25125 (Digdag is an open source tool that to build, run, schedule, and monito ...) - TODO: check + NOT-FOR-US: Digdag CVE-2024-25121 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: TYPO3 CVE-2024-25120 (TYPO3 is an open source PHP based web content management system releas ...) @@ -25,19 +25,19 @@ CVE-2024-24690 (Improper input validation in some Zoom clients may allow an auth CVE-2024-24142 (Sourcecodester School Task Manager 1.0 allows SQL Injection via the 's ...) NOT-FOR-US: Sourcecodester School Task Manager CVE-2024-22455 (Dell E-Lab Navigator, [3.1.9, 3.2.0], contains an Insecure Direct Obje ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-1485 (A vulnerability was found in the decompression function of registry-su ...) - TODO: check + NOT-FOR-US: OpenShift CVE-2023-6152 (A user changing their email after signing up and verifying it can chan ...) - TODO: check + - grafana CVE-2023-44293 (In Dell Secure Connect Gateway Application and Secure Connect Gateway ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-44283 (In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and Supp ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-39249 (Dell SupportAssist for Business PCs version 3.4.0 contains a local Aut ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-38960 (Insecure Permissions issue in Raiden Professional Server RaidenFTPD v. ...) - TODO: check + NOT-FOR-US: RaidenFTPD CVE-2024-1342 NOT-FOR-US: Red Hat OpenShift CVE-2024-25122 (sidekiq-unique-jobs is an open source project which prevents simultane ...) @@ -249,25 +249,25 @@ CVE-2024-20673 (Microsoft Office Remote Code Execution Vulnerability) CVE-2024-20667 (Azure DevOps Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-1378 (A command injection vulnerability was identified in GitHub Enterprise ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-1374 (A command injection vulnerability was identified in GitHub Enterprise ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-1372 (A command injection vulnerability was identified in GitHub Enterprise ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-1369 (A command injection vulnerability was identified in GitHub Enterprise ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-1359 (A command injection vulnerability was identified in GitHub Enterprise ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-1355 (A command injection vulnerability was identified in GitHub Enterprise ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-1354 (A command injection vulnerability was identified in GitHub Enterprise ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-1309 (Uncontrolled Resource Consumption vulnerability in Honeywell Niagara F ...) NOT-FOR-US: Honeywell CVE-2024-1216 (Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerabi ...) - TODO: check + NOT-FOR-US: Twister Antivirus CVE-2024-1163 (Path Traversal in GitHub repository mbloch/mapshaper prior to 0.6.44.) - TODO: check + NOT-FOR-US: mapshaper CVE-2024-1160 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-1159 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) @@ -279,9 +279,9 @@ CVE-2024-1140 (Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vu CVE-2024-1096 (Twister Antivirus v8.17 allows Elevation of Privileges on the computer ...) NOT-FOR-US: Twister Antivirus CVE-2024-1084 (Cross-site Scripting in thetag name pattern field in the tag protectio ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-1082 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-0707 REJECTED CVE-2023-6072 (A cross-site scripting vulnerability in Trellix Central Management (CM ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c59f4ca9b787e2b5e0326da2b3a87afdea997a01 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c59f4ca9b787e2b5e0326da2b3a87afdea997a01 You're receiving this email because of your
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3b3a5ce1 by Moritz Muehlenhoff at 2024-02-09T14:37:02+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -305,7 +305,7 @@ CVE-2024-24815 (CKEditor4 is an open source what-you-see-is-what-you-get HTML ed CVE-2024-24812 (Frappe is a full-stack web application framework that uses Python and ...) NOT-FOR-US: Frappe Framework CVE-2024-24811 (SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnera ...) - TODO: check + NOT-FOR-US: SQLAlchemyDA CVE-2024-24771 (Open Forms allows users create and publish smart forms. Versions prior ...) NOT-FOR-US: Open Forms CVE-2024-24706 (Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp ...) @@ -627,7 +627,7 @@ CVE-2024-24112 (xmall v1.1 was discovered to contain a SQL injection vulnerabili CVE-2024-23304 (Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthentica ...) NOT-FOR-US: Cybozu KUNAI for Android CVE-2024-23049 (An issue in symphony v.3.6.3 and before allows a remote attacker to ex ...) - TODO: check + NOT-FOR-US: symphony forum software CVE-2024-22853 (D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password fo ...) NOT-FOR-US: D-LINK CVE-2024-22852 (D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buff ...) @@ -783,7 +783,7 @@ CVE-2024-0244 (Buffer overflow in CPCA PCFAX number process of Office Multifunct CVE-2024-0221 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...) NOT-FOR-US: WordPress plugin CVE-2024-0202 (A security vulnerability has been identified in the cryptlib cryptogra ...) - TODO: check + NOT-FOR-US: cryptlib CVE-2023-7029 (The WordPress Button Plugin MaxButtons plugin for WordPress is vulnera ...) NOT-FOR-US: WordPress plugin CVE-2023-7014 (The Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molo ...) @@ -962,7 +962,7 @@ CVE-2024-23109 (An improper neutralization of special elements used in an os com CVE-2024-23108 (An improper neutralization of special elements used in an os command ( ...) NOT-FOR-US: FortiGuard CVE-2024-23054 (An issue in Plone Docker Official Image 5.2.13 (5221) open-source soft ...) - TODO: check + NOT-FOR-US: official Plone Docker image CVE-2024-22567 (File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arb ...) NOT-FOR-US: MCMS CVE-2024-22202 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) @@ -982,9 +982,9 @@ CVE-2023-6874 (Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service CVE-2023-6028 (A reflected cross-site scripting (XSS) vulnerability exists in the SVG ...) NOT-FOR-US: B Automation Runtime CVE-2023-5643 (Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver ...) - TODO: check + NOT-FOR-US: Arm CVE-2023-5249 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...) - TODO: check + NOT-FOR-US: Arm CVE-2023-52138 (Engrampa is an archive manager for the MATE environment. Engrampa is f ...) - engrampa (bug #1063494) NOTE: https://github.com/mate-desktop/engrampa/security/advisories/GHSA-c98h-v39w-3r7v @@ -1693,7 +1693,7 @@ CVE-2024-21626 (runc is a CLI tool for spawning and running containers on Linux NOTE: https://github.com/opencontainers/runc/commit/ee73091a8d28692fa4868bac81aa40a0b05f9780 NOTE: https://github.com/opencontainers/runc/commit/d8edada9f252873b88043279a71099db71941dea CVE-2024-24579 (stereoscope is a go library for processing container images and simula ...) - TODO: check + NOT-FOR-US: stereoscope CVE-2024-24566 (Lobe Chat is a chatbot framework that supports speech synthesis, multi ...) NOT-FOR-US: Lobe Chat CVE-2024-23637 (OctoPrint is a web interface for 3D printer.s OctoPrint versions up un ...) @@ -56231,7 +56231,7 @@ CVE-2023-27003 CVE-2023-27002 RESERVED CVE-2023-27001 (An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to ...) - TODO: check + NOT-FOR-US: Egerie Risk Manager CVE-2023-27000 (Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 ...) NOT-FOR-US: NetScoutnGeniusOne CVE-2023-26999 (An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker ...) @@ -61193,7 +61193,7 @@ CVE-2023-25367 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered u CVE-2023-25366 (In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interfa ...) NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS CVE-2023-25365 (Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows ...) - TODO: check + NOT-FOR-US: October CMS
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3318b31d by Moritz Muehlenhoff at 2024-02-09T11:03:12+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,101 +1,101 @@ CVE-2024-25107 (WikiDiscover is an extension designed for use with a CreateWiki manage ...) - TODO: check + NOT-FOR-US: MediaWiki extension CVE-2024-25106 (OpenObserve is a observability platform built specifically for logs, m ...) - TODO: check + NOT-FOR-US: OpenObserve CVE-2024-25004 (KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buf ...) - TODO: check + NOT-FOR-US: KiTTY CVE-2024-25003 (KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buf ...) - TODO: check + NOT-FOR-US: KiTTY CVE-2024-24830 (OpenObserve is a observability platform built specifically for logs, m ...) - TODO: check + NOT-FOR-US: OpenObserve CVE-2024-24829 (Sentry is an error tracking and performance monitoring platform. Sentr ...) - TODO: check + NOT-FOR-US: Sentry CVE-2024-24825 (DIRAC is a distributed resource framework. In affected versions any us ...) - TODO: check + NOT-FOR-US: DIRAC CVE-2024-24821 (Composer is a dependency Manager for the PHP language. In affected ver ...) TODO: check CVE-2024-24820 (Icinga Director is a tool designed to make Icinga 2 configuration hand ...) - TODO: check + NOT-FOR-US: Icinga Director CVE-2024-24819 (icingaweb2-module-incubator is a working project of bleeding edge Icin ...) - TODO: check + NOT-FOR-US: icingaweb2-module-incubator CVE-2024-24499 (SQL Injection vulnerability in Employee Management System v.1.0 allows ...) - TODO: check + NOT-FOR-US: Employee Management System CVE-2024-24498 (Unrestricted File Upload vulnerability in Employee Management System 1 ...) - TODO: check + NOT-FOR-US: Employee Management System CVE-2024-24497 (SQL Injection vulnerability in Employee Management System v.1.0 allows ...) - TODO: check + NOT-FOR-US: Employee Management System CVE-2024-24496 (An issue in Daily Habit Tracker v.1.0 allows a remote attacker to mani ...) - TODO: check + NOT-FOR-US: Daily Habit Tracker CVE-2024-24495 (SQL Injection vulnerability in delete-tracker.php in Daily Habit Track ...) - TODO: check + NOT-FOR-US: Daily Habit Tracker CVE-2024-24494 (Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows ...) - TODO: check + NOT-FOR-US: Daily Habit Tracker CVE-2024-24393 (File Upload vulnerability index.php in Pichome v.1.1.01 allows a remot ...) - TODO: check + NOT-FOR-US: Pichome CVE-2024-24308 (SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module f ...) - TODO: check + NOT-FOR-US: Boostmyshop CVE-2024-23756 (The HTTP PUT and DELETE methods are enabled in the Plone official Dock ...) - TODO: check + NOT-FOR-US: Plone Docker image CVE-2024-23749 (KiTTY versions 0.76.1.13 and before is vulnerable to command injection ...) - TODO: check + NOT-FOR-US: KiTTY CVE-2024-23639 (Micronaut Framework is a modern, JVM-based, full stack Java framework ...) - TODO: check + NOT-FOR-US: Micronaut Framework CVE-2024-22332 (The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vul ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22318 (IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 th ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-1353 (A vulnerability, which was classified as critical, has been found in P ...) - TODO: check + NOT-FOR-US: PHPEMS CVE-2024-1122 (The Event Manager, Events Calendar, Events Tickets for WooCommerce \u2 ...) - TODO: check + NOT-FOR-US: WooCommerce plugin CVE-2024-0842 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0657 (The Internal Link Juicer: SEO Auto Linker for WordPress plugin for Wor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51761 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unaut ...) - TODO: check + NOT-FOR-US: Emerson Rosemount CVE-2023-51630 (Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypa ...) - TODO: check + NOT-FOR-US: Paessler PRTG Network Monitor CVE-2023-50026 (SQL injection vulnerability in Presta Monster "Multi Accessories Pro" ...) - TODO: check + NOT-FOR-US: Presta CVE-2023-49716 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authe ...) - TODO: check + NOT-FOR-US: Emerson Rosemount CVE-2023-49101 (WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d1eafc42 by Moritz Muehlenhoff at 2024-02-07T10:46:53+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,9 +5,9 @@ CVE-2024-24943 (In JetBrains Toolbox App before 2.2 a DoS attack was possible vi CVE-2024-24942 (In JetBrains TeamCity before 2023.11.3 path traversal allowed reading ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-24941 (In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Spac ...) - TODO: check + - intellij-idea (bug #747616) CVE-2024-24940 (In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible ...) - TODO: check + - intellij-idea (bug #747616) CVE-2024-24939 (In JetBrains Rider before 2023.3.3 logging of environment variables co ...) NOT-FOR-US: JetBrains Rider CVE-2024-24938 (In JetBrains TeamCity before 2023.11.2 limited directory traversal was ...) @@ -53,21 +53,21 @@ CVE-2024-23917 (In JetBrains TeamCity before 2023.11.3 authentication bypass lea CVE-2024-23673 (Malicious code execution via path traversal in Apache Software Foundat ...) NOT-FOR-US: Apache Sling Servlets Resolver CVE-2024-23447 (An issue was discovered in the Windows Network Drive Connector when us ...) - TODO: check + NOT-FOR-US: Elastic Network Drive Connector CVE-2024-23446 (An issue was discovered by Elastic, whereby the Detection Engine Searc ...) - TODO: check + - kibana (bug #700337) CVE-2024-23344 (Tuleap is an Open Source Suite to improve management of software devel ...) NOT-FOR-US: Tuleap CVE-2024-22520 (An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers t ...) - TODO: check + NOT-FOR-US: Dronetag Drone Scanner CVE-2024-22519 (An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to imper ...) - TODO: check + NOT-FOR-US: OpenDroneID OSM CVE-2024-22515 (Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5. ...) NOT-FOR-US: iSpyConnect.com Agent DVR CVE-2024-22514 (An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attack ...) NOT-FOR-US: iSpyConnect.com Agent DVR CVE-2024-22388 (Certain configuration available in the communication channel for encod ...) - TODO: check + NOT-FOR-US: HID Global iCLASS SE CP1000 Encoder CVE-2024-22331 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, ...) NOT-FOR-US: IBM CVE-2024-22241 (Aria Operations for Networks contains a cross site scripting vulnerabi ...) @@ -133,11 +133,11 @@ CVE-2024-1037 (The All-In-One Security (AIOS) \u2013 Security and Firewall plugi CVE-2024-0977 (The Timeline Widget For Elementor (Elementor Timeline, Vertical & Hori ...) NOT-FOR-US: WordPress plugin CVE-2024-0971 (A SQL injection vulnerability exists where an authenticated, low-privi ...) - TODO: check + NOT-FOR-US: Nessus CVE-2024-0955 (A stored XSS vulnerability exists where an authenticated, remote attac ...) - TODO: check + NOT-FOR-US: Nessur CVE-2024-0849 (Leanote version 2.7.0 allows obtaining arbitrary local files. This is ...) - TODO: check + NOT-FOR-US: Leanote CVE-2024-0628 (The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Sid ...) NOT-FOR-US: WordPress plugin CVE-2024-0256 (The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) @@ -161,29 +161,29 @@ CVE-2023-46683 (A post authentication command injection vulnerability exists wh CVE-2023-46183 (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW ...) NOT-FOR-US: IBM CVE-2023-45735 (A potential attacker with access to the Westermo Lynx device may be ab ...) - TODO: check + NOT-FOR-US: Westermo Lynx CVE-2023-45227 (An attacker with access to the web application with vulnerable softwar ...) - TODO: check + NOT-FOR-US: Westermo Lynx CVE-2023-45222 (An attacker with access to the web application that has the vulnerable ...) - TODO: check + NOT-FOR-US: Westermo Lynx CVE-2023-45213 (A potential attacker with access to the Westermo Lynx device would be ...) - TODO: check + NOT-FOR-US: Westermo Lynx CVE-2023-43482 (A command execution vulnerability exists in the guest resource functio ...) NOT-FOR-US: Tp-Link CVE-2023-42765 (An attacker with access to the vulnerable software could introduce arb ...) - TODO: check + NOT-FOR-US: Westermo Lynx CVE-2023-42664 (A post authentication command injection vulnerability exists when sett ...) NOT-FOR-US: Tp-Link CVE-2023-40545 (Authenticationbypass when an OAuth2 Client is using client_secret_jwt ...) - TODO: check + NOT-FOR-US: Ping Identity PingFederate CVE-2023-40544 (An
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5f5aeb80 by Moritz Muehlenhoff at 2024-02-05T09:40:57+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,13 @@ +CVE-2024-0406 + NOT-FOR-US: mholt/archiver Go package CVE-2024-25089 (Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows r ...) - TODO: check + NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control CVE-2024-24870 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24866 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24865 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24864 (A race condition was found in the Linux kernel's media/dvb-core in dvb ...) TODO: check CVE-2024-24861 (A race condition was found in the Linux kernel's media/xc4000 device d ...) @@ -21,17 +23,17 @@ CVE-2024-24857 (A race condition was found in the Linux kernel's net/bluetooth d CVE-2024-24855 (A race condition was found in the Linux kernel's scsi device driver in ...) TODO: check CVE-2024-24848 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24847 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24846 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24841 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24839 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24838 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-23196 (A race condition was found in the Linux kernel's sound/hda device dri ...) TODO: check CVE-2024-22667 (Vim before 9.0.2142 has a stack-based buffer overflow because did_set_ ...) @@ -39,45 +41,45 @@ CVE-2024-22667 (Vim before 9.0.2142 has a stack-based buffer overflow because di CVE-2024-22386 (A race condition was found in the Linux kernel's drm/exynos device dri ...) TODO: check CVE-2024-20016 (In ged, there is a possible out of bounds write due to an integer over ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20015 (In telephony, there is a possible escalation of privilege due to a per ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20013 (In keyInstall, there is a possible out of bounds write due to a missin ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20012 (In keyInstall, there is a possible escalation of privilege due to type ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20011 (In alac decoder, there is a possible information disclosure due to an ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20010 (In keyInstall, there is a possible escalation of privilege due to type ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20009 (In alac decoder, there is a possible out of bounds write due to an inc ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20007 (In mp3 decoder, there is a possible out of bounds write due to a race ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20006 (In da, there is a possible out of bounds write due to a missing bounds ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20004 (In Modem NL1, there is a possible system crash due to an improper inpu ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20003 (In Modem NL1, there is a possible system crash due to an improper inpu ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20002 (In TVAPI, there is a possible out of bounds write due to a missing bou ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20001 (In TVAPI, there is a possible out of bounds write due to a missing bou ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-7077 (Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554 ...) - TODO: check + NOT-FOR-US: Sharp CVE-2023-5800 (Vintage, member of the AXIS OS Bug Bounty Program, has found that the ...) - TODO: check + NOT-FOR-US: AXIS CVE-2023-5677 (Brandon Rothel from QED Secure Solutions has found that the