[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 522a2023 by security tracker role at 2024-04-30T20:12:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,113 @@ +CVE-2024-4340 (Passing a heavily nested list to sqlparse.parse() leads to a Denial of ...) + TODO: check +CVE-2024-4337 (Adive Framework 2.0.8, does not sufficiently encode user-controlled in ...) + TODO: check +CVE-2024-4336 (Adive Framework 2.0.8, does not sufficiently encode user-controlled in ...) + TODO: check +CVE-2024-4185 (The Customer Email Verification for WooCommerce plugin for WordPress i ...) + TODO: check +CVE-2024-3746 (The entire parent directory - C:\ScadaPro and its sub-directories and ...) + TODO: check +CVE-2024-3411 (Implementations of IPMI Authenticated sessions does not provide enough ...) + TODO: check +CVE-2024-3072 (The ACF Front End Editor plugin for WordPress is vulnerable to unautho ...) + TODO: check +CVE-2024-34088 (In FRRouting (FRR) through 9.1, it is possible for the get_edge() func ...) + TODO: check +CVE-2024-33832 (OneNav v0.9.35-20240318 was discovered to contain a Server-Side Reques ...) + TODO: check +CVE-2024-33831 (A stored cross-site scripting (XSS) vulnerability in the Advanced Expe ...) + TODO: check +CVE-2024-33465 (Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allow ...) + TODO: check +CVE-2024-33437 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) + TODO: check +CVE-2024-33436 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) + TODO: check +CVE-2024-33383 (Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allow ...) + TODO: check +CVE-2024-33371 (Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remot ...) + TODO: check +CVE-2024-2 (An issue discovered in SpringBlade 3.7.1 allows attackers to obtain se ...) + TODO: check +CVE-2024-33309 (An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and i ...) + TODO: check +CVE-2024-33308 (An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and i ...) + TODO: check +CVE-2024-33275 (SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and bef ...) + TODO: check +CVE-2024-33274 (Directory Traversal vulnerability in FME Modules customfields v.2.2.7 ...) + TODO: check +CVE-2024-33273 (SQL injection vulnerability in shipup before v.3.3.0 allows a remote a ...) + TODO: check +CVE-2024-33270 (An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2 ...) + TODO: check +CVE-2024-33267 (SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before a ...) + TODO: check +CVE-2024-33103 (An arbitrary file upload vulnerability in the Media Manager component ...) + TODO: check +CVE-2024-33102 (A stored cross-site scripting (XSS) vulnerability in the component /pu ...) + TODO: check +CVE-2024-33101 (A stored cross-site scripting (XSS) vulnerability in the component /ac ...) + TODO: check +CVE-2024-2877 (Vault Enterprise, when configured with performance standby nodes and a ...) + TODO: check +CVE-2024-2663 (The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server ...) + TODO: check +CVE-2024-2617 (A vulnerability exists in the RTU500 that allows for authenticated and ...) + TODO: check +CVE-2024-2378 (A vulnerability exists in the web-authentication component of the SDM6 ...) + TODO: check +CVE-2024-2377 (A vulnerability exists in the too permissive HTTP response header web ...) + TODO: check +CVE-2024-29384 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) + TODO: check +CVE-2024-29320 (Wallos before 1.15.3 is vulnerable to SQL Injection via the category a ...) + TODO: check +CVE-2024-28716 (An issue in OpenStack Storlets yoga-eom allows a remote attacker to ex ...) + TODO: check +CVE-2024-28269 (ReCrystallize Server 5.10.0.0 allows administrators to upload files to ...) + TODO: check +CVE-2024-26331 (ReCrystallize Server 5.10.0.0 uses a authorization mechanism that reli ...) + TODO: check +CVE-2024-25938 (A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0 ...) + TODO: check +CVE-2024-25648 (A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0 ...) + TODO: check +CVE-2024-25575 (A type confusion vulnerability vulnerability exists in the way Foxit R ...) + TODO: check +CVE-2024-23774 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...) + TODO: check +CVE-2024-23773 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b9277d2b by security tracker role at 2024-04-30T08:11:48+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,63 @@ +CVE-2024-4327 (A vulnerability was found in Apryse WebViewer up to 10.8.0. It has bee ...) + TODO: check +CVE-2024-4226 (It was identified that in certain versions of Octopus Server, that a u ...) + TODO: check +CVE-2024-4225 (Multiple security vulnerabilities has been discovered in web interface ...) + TODO: check +CVE-2024-34050 (Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice b ...) + TODO: check +CVE-2024-34049 (Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice b ...) + TODO: check +CVE-2024-34048 (O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdat ...) + TODO: check +CVE-2024-34047 (O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateH ...) + TODO: check +CVE-2024-34046 (The O-RAN E2T I-Release Prometheus metric Increment function can crash ...) + TODO: check +CVE-2024-34045 (The O-RAN E2T I-Release Prometheus metric Increment function can crash ...) + TODO: check +CVE-2024-34044 (The O-RAN E2T I-Release buildPrometheusList function can have a NULL p ...) + TODO: check +CVE-2024-34043 (O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a ce ...) + TODO: check +CVE-2024-33522 (In vulnerable versions of Calico (v3.27.2 and below), Calico Enterpris ...) + TODO: check +CVE-2024-33401 (Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remot ...) + TODO: check +CVE-2024-33350 (Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote at ...) + TODO: check +CVE-2024-31837 (DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string ...) + TODO: check +CVE-2024-28294 (Limbas up to v5.2.14 was discovered to contain a SQL injection vulnera ...) + TODO: check +CVE-2024-27518 (An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 all ...) + TODO: check +CVE-2024-1371 (The LeadConnector plugin for WordPress is vulnerable to unauthorized m ...) + TODO: check +CVE-2024-0216 (The Google Doc Embedder plugin for WordPress is vulnerable to Server S ...) + TODO: check +CVE-2023-52728 (Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an i ...) + TODO: check +CVE-2023-52727 (Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an i ...) + TODO: check +CVE-2023-52726 (Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows i ...) + TODO: check +CVE-2023-52725 (Open Networking Foundation SD-RAN ONOS onos-kpimon 0.4.7 allows blocki ...) + TODO: check +CVE-2023-52724 (Open Networking Foundation SD-RAN onos-kpimon 0.4.7 allows out-of-boun ...) + TODO: check +CVE-2023-50434 (emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen wit ...) + TODO: check +CVE-2023-50433 (marshall in dhcp_packet.c in simple-dhcp-server through ec976d2 allows ...) + TODO: check +CVE-2023-50432 (simple-dhcp-server through ec976d2 allows remote attackers to cause a ...) + TODO: check +CVE-2023-46960 (Buffer Overflow vulnerability in PyPXE v.1.8.4 allows a remote attacke ...) + TODO: check +CVE-2023-46566 (Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e3 ...) + TODO: check +CVE-2023-31889 (An issue discovered in httpd in ASUS RT-AC51U with firmware version up ...) + TODO: check CVE-2024-4310 (Cross-site Scripting (XSS) vulnerability in HubBank affecting version ...) NOT-FOR-US: HubBank CVE-2024-4309 (SQL injection vulnerability in HubBank affecting version 1.0.2. This v ...) @@ -23009,7 +23069,7 @@ CVE-2024-22853 (D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded passw NOT-FOR-US: D-LINK CVE-2024-22852 (D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buff ...) NOT-FOR-US: D-LINK -CVE-2024-22773 (Intelbras Roteador ACtion RF 1200 1.2.2 esposes the Password in Cookie ...) +CVE-2024-22773 (Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 ...) NOT-FOR-US: Intelbras Roteador ACtion RF 1200 CVE-2024-22208 (phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9277d2b4c6ccf35157fb43ccdf6f92408025ea4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9277d2b4c6ccf35157fb43ccdf6f92408025ea4 You're receiving this email because of your account on salsa.debian.org. ___
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 796f8713 by security tracker role at 2024-04-29T20:12:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,133 @@ +CVE-2024-4310 (Cross-site Scripting (XSS) vulnerability in HubBank affecting version ...) + TODO: check +CVE-2024-4309 (SQL injection vulnerability in HubBank affecting version 1.0.2. This v ...) + TODO: check +CVE-2024-4308 (SQL injection vulnerability in HubBank affecting version 1.0.2. This v ...) + TODO: check +CVE-2024-4307 (SQL injection vulnerability in HubBank affecting version 1.0.2. This v ...) + TODO: check +CVE-2024-4306 (Critical unrestricted file upload vulnerability in HubBank affecting v ...) + TODO: check +CVE-2024-4304 (A Cross-Site Scripting XSS vulnerability has been detected on GT3 Solu ...) + TODO: check +CVE-2024-3375 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) + TODO: check +CVE-2024-34020 (A stack-based buffer overflow was found in the putSDN() function of ma ...) + TODO: check +CVE-2024-34011 (Local privilege escalation due to insecure folder permissions. The fol ...) + TODO: check +CVE-2024-34010 (Local privilege escalation due to unquoted search path vulnerability. ...) + TODO: check +CVE-2024-33684 (Missing Authorization vulnerability in Pdfcrowd Save as PDF plugin by ...) + TODO: check +CVE-2024-33652 (Missing Authorization vulnerability in Real Big Plugins Client Dash.Th ...) + TODO: check +CVE-2024-33636 (Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget ...) + TODO: check +CVE-2024-33635 (Missing Authorization vulnerability in Piotnet Piotnet Addons For Elem ...) + TODO: check +CVE-2024-33597 (Missing Authorization vulnerability in ProFaceOff SSU.This issue affec ...) + TODO: check +CVE-2024-33596 (Missing Authorization vulnerability in Five Star Plugins Five Star Res ...) + TODO: check +CVE-2024-33595 (Missing Authorization vulnerability in Jewel Theme Master Addons for E ...) + TODO: check +CVE-2024-33594 (Missing Authorization vulnerability in Leaky Paywall.This issue affect ...) + TODO: check +CVE-2024-33593 (Missing Authorization vulnerability in RedNao Smart Forms.This issue a ...) + TODO: check +CVE-2024-33591 (Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept ...) + TODO: check +CVE-2024-33590 (Server-Side Request Forgery (SSRF) vulnerability in codeSavory Knowled ...) + TODO: check +CVE-2024-33589 (Missing Authorization vulnerability in WPOmnia KB Support.This issue a ...) + TODO: check +CVE-2024-33588 (Missing Authorization vulnerability in codeSavory Knowledge Base docum ...) + TODO: check +CVE-2024-33587 (Missing Authorization vulnerability in Copy Content Protection Team Se ...) + TODO: check +CVE-2024-33586 (Missing Authorization vulnerability in Photo Gallery Team Photo Galler ...) + TODO: check +CVE-2024-33585 (Missing Authorization vulnerability in Tyche Softwares Payment Gateway ...) + TODO: check +CVE-2024-33558 (Missing Authorization vulnerability in 8theme XStore Core.This issue a ...) + TODO: check +CVE-2024-33449 (An SSRF issue in the PDFMyURL service allows a remote attacker to obta ...) + TODO: check +CVE-2024-33445 (An issue in hisiphp v2.0.111 allows a remote attacker to execute arbit ...) + TODO: check +CVE-2024-33444 (SQL injection vulnerability in onethink v.1.1 allows a remote attacker ...) + TODO: check +CVE-2024-33443 (An issue in onethink v.1.1 allows a remote attacker to execute arbitra ...) + TODO: check +CVE-2024-33438 (File Upload vulnerability in CubeCart before 6.5.5 allows an authentic ...) + TODO: check +CVE-2024-33435 (Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Tec ...) + TODO: check +CVE-2024-33345 (D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer derefe ...) + TODO: check +CVE-2024-8 (Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote ...) + TODO: check +CVE-2024-33276 (SQL Injection vulnerability in FME Modules preorderandnotication v.3.1 ...) + TODO: check +CVE-2024-33272 (SQL injection vulnerability in KnowBand for PrestaShop autosuggest bef ...) + TODO: check +CVE-2024-33271 (An issue in FME Modules eventsmanager before 4.4.0 allows an attacker ...) + TODO: check +CVE-2024-33269 (SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before ...) + TODO: check +CVE-2024-33268 (SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 al ...) + TODO: check +CVE-2024-33266 (SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8 ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f8fa9a7 by security tracker role at 2024-04-29T08:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,119 @@ +CVE-2024-4303 (ArmorX Android APP's multi-factor authentication (MFA) for the login f ...) + TODO: check +CVE-2024-4302 (Super 8 Live Chat online customer service platform fails to properly f ...) + TODO: check +CVE-2024-4301 (N-Reporter and N-Cloud, products of the N-Partner, have an OS Command ...) + TODO: check +CVE-2024-4300 (E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in ...) + TODO: check +CVE-2024-4299 (The system configuration interface of HGiga iSherlock (including MailS ...) + TODO: check +CVE-2024-4298 (The email search interface of HGiga iSherlock (including MailSherlock, ...) + TODO: check +CVE-2024-4297 (The system configuration interface of HGiga iSherlock (including MailS ...) + TODO: check +CVE-2024-4296 (The account management interface of HGiga iSherlock (including MailShe ...) + TODO: check +CVE-2024-3196 (A vulnerability was found in MailCleaner up to 2023.03.14. It has been ...) + TODO: check +CVE-2024-3195 (A vulnerability was found in MailCleaner up to 2023.03.14. It has been ...) + TODO: check +CVE-2024-3194 (A vulnerability was found in MailCleaner up to 2023.03.14 and classifi ...) + TODO: check +CVE-2024-3193 (A vulnerability has been found in MailCleaner up to 2023.03.14 and cla ...) + TODO: check +CVE-2024-3192 (A vulnerability, which was classified as problematic, was found in Mai ...) + TODO: check +CVE-2024-3191 (A vulnerability, which was classified as critical, has been found in M ...) + TODO: check +CVE-2024-33905 (In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS ...) + TODO: check +CVE-2024-33904 (In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), ...) + TODO: check +CVE-2024-33903 (In CARLA through 0.9.15.2, the collision sensor mishandles some situat ...) + TODO: check +CVE-2024-33899 (RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attacke ...) + TODO: check +CVE-2024-33891 (Delinea Secret Server before 11.7.01 allows attackers to bypass au ...) + TODO: check +CVE-2024-33686 (Missing Authorization vulnerability in Extend Themes Pathway, Extend T ...) + TODO: check +CVE-2024-33681 (Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Regen ...) + TODO: check +CVE-2024-33649 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33648 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33646 (Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Stick ...) + TODO: check +CVE-2024-33645 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33643 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33641 (Deserialization of Untrusted Data vulnerability in Team Yoast Custom f ...) + TODO: check +CVE-2024-33640 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33637 (Insertion of Sensitive Information into Log File vulnerability in Soli ...) + TODO: check +CVE-2024-33634 (Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Ad ...) + TODO: check +CVE-2024-33633 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33632 (Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Add ...) + TODO: check +CVE-2024-33631 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33630 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33629 (Server-Side Request Forgery (SSRF) vulnerability in Creative Motion Au ...) + TODO: check +CVE-2024-33627 (Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely ...) + TODO: check +CVE-2024-33584 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in D ...) + TODO: check +CVE-2024-33575 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-33571 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33566 (Missing Authorization vulnerability in N-Media OrderConvo allows OS Co ...) + TODO: check +CVE-2024-33562 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 80610b94 by security tracker role at 2024-04-28T20:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,190 +1,208 @@ -CVE-2024-26928 [smb: client: fix potential UAF in cifs_debug_files_proc_show()] +CVE-2024-4294 (A vulnerability, which was classified as critical, has been found in P ...) + TODO: check +CVE-2024-4293 (A vulnerability classified as problematic was found in PHPGurukul Doct ...) + TODO: check +CVE-2024-4292 (A vulnerability classified as critical has been found in Contemporary ...) + TODO: check +CVE-2024-33883 (The ejs (aka Embedded JavaScript templates) package before 3.1.10 for ...) + TODO: check +CVE-2024-33851 (phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based t ...) + TODO: check +CVE-2024-25050 (IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2 ...) + TODO: check +CVE-2023-52722 (An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zm ...) + TODO: check +CVE-2022-48685 (An issue was discovered in Logpoint 7.1 before 7.1.2. The daily execut ...) + TODO: check +CVE-2022-48684 (An issue was discovered in Logpoint before 7.1.1. Template injection w ...) + TODO: check +CVE-2024-26928 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/ca545b7f0823f19db0f1148d59bc5e1a56634502 (6.9-rc3) -CVE-2024-26927 [ASoC: SOF: Add some bounds checking to firmware data] +CVE-2024-26927 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/98f681b0f84cfc3a1d83287b77697679e0398306 (6.9-rc1) -CVE-2022-48668 [smb3: fix temporary data corruption in collapse range] +CVE-2022-48668 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4 (6.0-rc4) -CVE-2022-48667 [smb3: fix temporary data corruption in insert range] +CVE-2022-48667 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9c8b7a293f50253e694f19161c045817a938e551 (6.0-rc4) -CVE-2022-48666 [scsi: core: Fix a use-after-free] +CVE-2022-48666 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.0.2-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8fe4ce5836e932f5766317cb651c1ff2a4cd0506 (6.0-rc5) -CVE-2022-48665 [exfat: fix overflow for large capacity partition] +CVE-2022-48665 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2e9ceb6728f1dc2fa4b5d08f37d88cbc49a20a62 (6.0-rc7) -CVE-2022-48664 [btrfs: fix hang during unmount when stopping a space reclaim worker] +CVE-2022-48664 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 NOTE: https://git.kernel.org/linus/a362bb864b8db4861977d00bd2c3222503ccc34b (6.0-rc7) -CVE-2022-48663 [gpio: mockup: fix NULL pointer dereference when removing debugfs] +CVE-2022-48663 (In the Linux kernel, the following vulnerability has been resolved: g ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b7df41a6f79dfb18ba2203f8c5f0e9c0b9b57f68 (6.0-rc7) -CVE-2022-48662 [drm/i915/gem: Really move i915_gem_context.link under ref protection] +CVE-2022-48662 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d119888b09bd567e07c6b93a07f175df88857e02 (6.0-rc7) -CVE-2022-48661 [gpio: mockup: Fix potential resource leakage when register a chip] +CVE-2022-48661 (In the Linux kernel, the following vulnerability has been resolved: g ...) - linux 6.0.2-1
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e63461bf by security tracker role at 2024-04-27T20:12:34+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,31 @@ +CVE-2024-4291 (A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It ha ...) + TODO: check +CVE-2024-4257 (A vulnerability was found in BlueNet Technology Clinical Browsing Syst ...) + TODO: check +CVE-2024-4256 (A vulnerability was found in Techkshetra Info Solutions Savsoft Quiz 6 ...) + TODO: check +CVE-2024-4255 (A vulnerability, which was classified as critical, has been found in R ...) + TODO: check +CVE-2024-4252 (A vulnerability classified as critical has been found in Tenda i22 1.0 ...) + TODO: check +CVE-2024-4251 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been rat ...) + TODO: check +CVE-2024-4250 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been dec ...) + TODO: check +CVE-2024-4249 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been cla ...) + TODO: check +CVE-2024-4248 (A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified a ...) + TODO: check +CVE-2024-4247 (A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classif ...) + TODO: check +CVE-2024-4246 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-3342 (The Timetable and Event Schedule by MotoPress plugin for WordPress is ...) + TODO: check +CVE-2024-3309 (The Qi Addons For Elementor plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2024-25048 (IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer ...) + TODO: check CVE-2024-4245 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-4244 (A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4 ...) @@ -30891,6 +30919,7 @@ CVE-2023-51708 (Bentley eB System Management Console applications within Assetwi CVE-2023-51707 (MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows r ...) NOT-FOR-US: MotionPro CVE-2023-51704 (An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1. ...) + {DLA-3796-1} - mediawiki 1:1.39.6-1 [bookworm] - mediawiki 1:1.39.7-1~deb12u1 [bullseye] - mediawiki (Minor issue, fix along in next update) @@ -79680,8 +79709,8 @@ CVE-2023-1002 (A vulnerability, which was classified as problematic, has been fo NOT-FOR-US: MuYuCMS CVE-2023-1001 RESERVED -CVE-2023-1000 - RESERVED +CVE-2023-1000 (A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has be ...) + TODO: check CVE-2023-0999 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Sales Tracker Management System CVE-2023-0998 (A vulnerability classified as critical has been found in SourceCodeste ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e63461bf63f381231603dda8819a79f482702c4d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e63461bf63f381231603dda8819a79f482702c4d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5a993a91 by security tracker role at 2024-04-27T08:11:30+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,51 @@ +CVE-2024-4245 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-4244 (A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4 ...) + TODO: check +CVE-2024-4243 (A vulnerability classified as critical has been found in Tenda W9 1.0. ...) + TODO: check +CVE-2024-4242 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated ...) + TODO: check +CVE-2024-4241 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been decla ...) + TODO: check +CVE-2024-4240 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been class ...) + TODO: check +CVE-2024-4239 (A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as cr ...) + TODO: check +CVE-2024-3052 (Malformed S2 Nonce Get command classes can be sent to crash the gatewa ...) + TODO: check +CVE-2024-3051 (Malformed Device Reset Locally command classes can be sent to temporar ...) + TODO: check +CVE-2024-3034 (The BackUpWordPress plugin for WordPress is vulnerable to Directory Tr ...) + TODO: check +CVE-2024-32887 (Sidekiq is simple, efficient background processing for Ruby. Sidekiq i ...) + TODO: check +CVE-2024-32883 (MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot u ...) + TODO: check +CVE-2024-32881 (Danswer is the AI Assistant connected to company's docs, apps, and peo ...) + TODO: check +CVE-2024-32878 (Llama.cpp is LLM inference in C/C++. There is a use of uninitialized h ...) + TODO: check +CVE-2024-31828 (Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows att ...) + TODO: check +CVE-2024-31741 (Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote a ...) + TODO: check +CVE-2024-31601 (An issue in Beijing Panabit Network Software Co., Ltd Panalog big data ...) + TODO: check +CVE-2024-31551 (Directory Traversal vulnerability in lib/admin/image.admin.php in cmse ...) + TODO: check +CVE-2024-31502 (An issue in Insurance Management System v.1.0.0 and before allows a re ...) + TODO: check +CVE-2024-30804 (An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert ...) + TODO: check +CVE-2024-2859 (By default, SANnav OVA is shipped with root user login enabled. While ...) + TODO: check +CVE-2024-2838 (The WPC Composite Products for WooCommerce plugin for WordPress is vul ...) + TODO: check +CVE-2024-2258 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact For ...) + TODO: check +CVE-2024-28322 (SQL Injection vulnerability in /event-management-master/backend/regist ...) + TODO: check CVE-2024-4238 (A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified ...) TODO: check CVE-2024-4237 (A vulnerability, which was classified as critical, was found in Tenda ...) @@ -1201,13 +1249,13 @@ CVE-2024-29965 (In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to NOT-FOR-US: Brocade SANnav CVE-2024-29964 (Brocade SANnav versions before v2.3.0a do not correctly set permission ...) NOT-FOR-US: Brocade SANnav -CVE-2024-29963 (Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded keys ...) +CVE-2024-29963 (Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS k ...) NOT-FOR-US: Brocade SANnav CVE-2024-29962 (Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file per ...) NOT-FOR-US: Brocade SANnav CVE-2024-29961 (A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It a ...) NOT-FOR-US: Brocade SANnav -CVE-2024-29960 (In the Brocade SANnav server versions before v2.3.1 and v2.3.0a, the S ...) +CVE-2024-29960 (In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys insid ...) NOT-FOR-US: Brocade SANnav CVE-2024-29959 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Bro ...) NOT-FOR-US: Brocade SANnav View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a993a911078a8b61b85a31f3dc2f6ff91d339a5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a993a911078a8b61b85a31f3dc2f6ff91d339a5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9c638f00 by security tracker role at 2024-04-26T20:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,146 @@ -CVE-2023-52646 [aio: fix mremap after fork null-deref] +CVE-2024-4238 (A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified ...) + TODO: check +CVE-2024-4237 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-4236 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-4235 (A vulnerability classified as problematic was found in Netgear DG834Gv ...) + TODO: check +CVE-2024-4234 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-4198 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 ...) + TODO: check +CVE-2024-4195 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 ...) + TODO: check +CVE-2024-4183 (Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x bef ...) + TODO: check +CVE-2024-4182 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and ...) + TODO: check +CVE-2024-3962 (The Product Addons & Fields for WooCommerce plugin for WordPress is vu ...) + TODO: check +CVE-2024-3682 (The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable ...) + TODO: check +CVE-2024-3076 (The MM-email2image WordPress plugin through 0.2.5 does not have CSRF c ...) + TODO: check +CVE-2024-33697 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33696 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33695 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33694 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33693 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33692 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33691 (Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup ...) + TODO: check +CVE-2024-33690 (Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio. ...) + TODO: check +CVE-2024-33689 (Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Ha ...) + TODO: check +CVE-2024-33688 (Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Telur ...) + TODO: check +CVE-2024-33683 (Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Da ...) + TODO: check +CVE-2024-33682 (Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information ...) + TODO: check +CVE-2024-33680 (Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child ...) + TODO: check +CVE-2024-33679 (Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameThem ...) + TODO: check +CVE-2024-33678 (Cross-Site Request Forgery (CSRF) vulnerability in ClickCease ClickCea ...) + TODO: check +CVE-2024-33677 (Cross-Site Request Forgery (CSRF) vulnerability in Renzo Johnson Conta ...) + TODO: check +CVE-2024-33344 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in fte ...) + TODO: check +CVE-2024-33343 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in Chg ...) + TODO: check +CVE-2024-33342 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in Set ...) + TODO: check +CVE-2024-33263 (QuickJS commit 3b45d15 was discovered to contain an Assertion Failure ...) + TODO: check +CVE-2024-33260 (Jerryscript commit cefd391 was discovered to contain a segmentation vi ...) + TODO: check +CVE-2024-33259 (Jerryscript commit cefd391 was discovered to contain a segmentation vi ...) + TODO: check +CVE-2024-33258 (Jerryscript commit ff9ff8f was discovered to contain a segmentation vi ...) + TODO: check +CVE-2024-33255 (Jerryscript commit cefd391 was discovered to contain an Assertion Fail ...) + TODO: check +CVE-2024-32957 (Missing Authorization vulnerability in Live Composer Team Page Builder ...) + TODO: check +CVE-2024-32884 (gitoxide is a pure Rust implementation of Git. `gix-transport` does no ...) + TODO: check +CVE-2024-32880 (pyload is an open-source Download Manager written in pure Python. An a ...) + TODO: check +CVE-2024-32829 (Missing Authorization vulnerability in Supsystic Data Tables Generator ...) + TODO: check +CVE-2024-32828 (Missing Authorization
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 821a6aa0 by security tracker role at 2024-04-26T08:11:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,109 @@ +CVE-2024-4163 (The Skylab IGX IIoT Gateway allowed users to connect to it via a limit ...) + TODO: check +CVE-2024-4056 (Denial of service condition in M-Files Server in versions before 24.4. ...) + TODO: check +CVE-2024-3890 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-3678 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...) + TODO: check +CVE-2024-3265 (The Advanced Search WordPress plugin through 1.1.6 does not properly e ...) + TODO: check +CVE-2024-3188 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) + TODO: check +CVE-2024-3075 (The MM-email2image WordPress plugin through 0.2.5 does not validate an ...) + TODO: check +CVE-2024-3060 (The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize an ...) + TODO: check +CVE-2024-3059 (The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF c ...) + TODO: check +CVE-2024-3058 (The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF c ...) + TODO: check +CVE-2024-3048 (The Bannerlid WordPress plugin through 1.1.0 does not escape generated ...) + TODO: check +CVE-2024-33673 (An issue was discovered in Veritas Backup Exec before 22.2 HotFix 9173 ...) + TODO: check +CVE-2024-33672 (An issue was discovered in Veritas NetBackup before 10.4. The Multi-Th ...) + TODO: check +CVE-2024-33671 (An issue was discovered in Veritas Backup Exec before 22.2 HotFix 9173 ...) + TODO: check +CVE-2024-33670 (Passbolt API before 4.6.2 allows HTML injection in a URL parameter, re ...) + TODO: check +CVE-2024-33669 (An issue was discovered in Passbolt Browser Extension before 4.6.2. It ...) + TODO: check +CVE-2024-33668 (An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cach ...) + TODO: check +CVE-2024-33667 (An issue was discovered in Zammad before 6.3.0. An authenticated agent ...) + TODO: check +CVE-2024-33666 (An issue was discovered in Zammad before 6.3.0. Users with customer ac ...) + TODO: check +CVE-2024-33665 (angular-translate through 2.19.1 allows XSS via a crafted key that is ...) + TODO: check +CVE-2024-33664 (python-jose through 3.3.0 allows attackers to cause a denial of servic ...) + TODO: check +CVE-2024-33663 (python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA k ...) + TODO: check +CVE-2024-33661 (Portainer before 2.20.0 allows redirects when the target is not index. ...) + TODO: check +CVE-2024-33651 (Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gi ...) + TODO: check +CVE-2024-33650 (Cross-Site Request Forgery (CSRF) vulnerability in Cryout Creations Se ...) + TODO: check +CVE-2024-33642 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33639 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33638 (Cross-Site Request Forgery (CSRF) vulnerability in Brijesh Kothari Sma ...) + TODO: check +CVE-2024-33598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32868 (ZITADEL provides users the possibility to use Time-based One-Time-Pass ...) + TODO: check +CVE-2024-32651 (changedetection.io is an open source web page change detection, websit ...) + TODO: check +CVE-2024-32406 (Server-Side Template Injection (SSTI) vulnerability in inducer relate ...) + TODO: check +CVE-2024-32404 (Server-Side Template Injection (SSTI) vulnerability in inducer relate ...) + TODO: check +CVE-2024-31755 (cJSON v1.7.17 was discovered to contain a segmentation violation, whic ...) + TODO: check +CVE-2024-31610 (File Upload vulnerability in the function for employees to upload avat ...) + TODO: check +CVE-2024-31609 (Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attac ...) + TODO: check +CVE-2024-2920 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-2908 (The Call Now Button WordPress plugin before 1.4.7 does not sanitise a ...) + TODO: check +CVE-2024-2837 (The WP Chat App WordPress plugin before 3.6.4 does not sanitise and es ...) + TODO: check +CVE-2024-2603 (The Salon booking system WordPress plugin through 9.6.5 does not sanit ...) + TODO: check +CVE-2024-2439 (The Salon booking system WordPress plugin through 9.6.5 does not sanit ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 29679e3f by security tracker role at 2024-04-25T20:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,111 @@ +CVE-2024-4175 (Unicode transformation vulnerability in Hyperion affecting version 2.0 ...) + TODO: check +CVE-2024-4174 (Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affect ...) + TODO: check +CVE-2024-4172 (A vulnerability classified as problematic was found in idcCMS 1.35. Af ...) + TODO: check +CVE-2024-4171 (A vulnerability classified as critical has been found in Tenda W30E 1. ...) + TODO: check +CVE-2024-4170 (A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as ...) + TODO: check +CVE-2024-4169 (A vulnerability was found in Tenda 4G300 1.01.42. It has been declared ...) + TODO: check +CVE-2024-4168 (A vulnerability was found in Tenda 4G300 1.01.42. It has been classifi ...) + TODO: check +CVE-2024-4167 (A vulnerability was found in Tenda 4G300 1.01.42 and classified as cri ...) + TODO: check +CVE-2024-4166 (A vulnerability has been found in Tenda 4G300 1.01.42 and classified a ...) + TODO: check +CVE-2024-4165 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-4164 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-4077 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-4035 (The Photo Gallery \u2013 GT3 Image Gallery & Gutenberg Block Gallery p ...) + TODO: check +CVE-2024-4024 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2024-4006 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2024-3994 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) + TODO: check +CVE-2024-3733 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-3730 (The Simple Membership plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-33592 (Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Play ...) + TODO: check +CVE-2024-33247 (Sourcecodester Employee Task Management System v1.0 is vulnerable to S ...) + TODO: check +CVE-2024-32961 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32676 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) + TODO: check +CVE-2024-32649 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32648 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32647 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32646 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32645 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32481 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32467 (MeterSphere is an open source continuous testing platform. Prior to ve ...) + TODO: check +CVE-2024-32358 (An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitra ...) + TODO: check +CVE-2024-32324 (Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd ...) + TODO: check +CVE-2024-32236 (An issue in CmsEasy v.7.7 and before allows a remote attacker to obtai ...) + TODO: check +CVE-2024-31615 (ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php.) + TODO: check +CVE-2024-31574 (Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attac ...) + TODO: check +CVE-2024-31266 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-30939 (An issue discovered in Yealink VP59 Teams Editions with firmware versi ...) + TODO: check +CVE-2024-30890 (Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacke ...) + TODO: check +CVE-2024-30560 (Cross-Site Request Forgery (CSRF) vulnerability in \u5927\u4fa0WP DX-W ...) + TODO: check +CVE-2024-2829 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2024-2434 (An issue has been discovered in GitLab affecting all versions of GitLa ...) + TODO: check +CVE-2024-29660 (Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local att ...) + TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ae8df104 by security tracker role at 2024-04-25T08:12:35+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,16 +1,38 @@ -CVE-2024-26926 [binder: check offset alignment in binder_get_object()] +CVE-2024-4173 (A vulnerability in Brocade SANnav ova versions before Brocade SANnav v ...) + TODO: check +CVE-2024-4161 (In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic receiv ...) + TODO: check +CVE-2024-4159 (Brocade SANnav before Brocade SANnav v2.3.1 lacks protection mechanism ...) + TODO: check +CVE-2024-3988 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) + TODO: check +CVE-2024-3929 (The Content Views \u2013 Post Grid & Filter, Recent Posts, Category Po ...) + TODO: check +CVE-2024-3893 (The Classified Listing \u2013 Classified ads & Business Directory Plug ...) + TODO: check +CVE-2024-2907 (The AGCA WordPress plugin before 7.2.2 does not sanitise and escape s ...) + TODO: check +CVE-2024-29205 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + TODO: check +CVE-2024-23527 (An out-of-bounds read vulnerability in WLAvalancheService component of ...) + TODO: check +CVE-2024-20313 (A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE ...) + TODO: check +CVE-2023-51478 (Improper Authentication vulnerability in Abdul Hakeem Build App Online ...) + TODO: check +CVE-2024-26926 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/aaef73821a3b0194a01bd23ca4f704a04d40 (6.9-rc5) -CVE-2024-26925 [netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path] +CVE-2024-26925 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0d459e2ffb541841714839e8228b845458ed3b27 (6.9-rc3) -CVE-2024-26924 [netfilter: nft_set_pipapo: do not free live element] +CVE-2024-26924 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc (6.9-rc5) -CVE-2024-26923 [af_unix: Fix garbage collector racing against connect()] +CVE-2024-26923 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux NOTE: https://git.kernel.org/linus/47d8ac011fe1c9251070e1bd64cb10b48193ec51 (6.9-rc4) CVE-2024-4060 @@ -21286,11 +21308,14 @@ CVE-2024-24820 (Icinga Director is a tool designed to make Icinga 2 configuratio NOT-FOR-US: Icinga Director CVE-2024-24819 (icingaweb2-module-incubator is a working project of bleeding edge Icin ...) NOT-FOR-US: icingaweb2-module-incubator -CVE-2024-24499 (SQL Injection vulnerability in Employee Management System v.1.0 allows ...) +CVE-2024-24499 + REJECTED NOT-FOR-US: Employee Management System -CVE-2024-24498 (Unrestricted File Upload vulnerability in Employee Management System 1 ...) +CVE-2024-24498 + REJECTED NOT-FOR-US: Employee Management System -CVE-2024-24497 (SQL Injection vulnerability in Employee Management System v.1.0 allows ...) +CVE-2024-24497 + REJECTED NOT-FOR-US: Employee Management System CVE-2024-24496 (An issue in Daily Habit Tracker v.1.0 allows a remote attacker to mani ...) NOT-FOR-US: Daily Habit Tracker @@ -25183,7 +25208,8 @@ CVE-2024-0716 (A vulnerability classified as problematic has been found in Byzor NOT-FOR-US: Beijing Baichuo Smart S150 Management Platform CVE-2024-0714 (A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It ...) NOT-FOR-US: MiczFlor RPi-Jukebox-RFID -CVE-2024-0713 (A vulnerability was found in Monitorr 1.7.6m. It has been declared as ...) +CVE-2024-0713 + REJECTED NOT-FOR-US: Monitorr CVE-2024-0712 (A vulnerability was found in Byzoro Smart S150 Management Platform V31 ...) NOT-FOR-US: Beijing Baichuo Smart S150 Management Platform @@ -26286,7 +26312,7 @@ CVE-2023-42135 (PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50 NOT-FOR-US: PAX devices CVE-2023-42134 (PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45 ...) NOT-FOR-US: PAX devices -CVE-2023-6237 [openssl: Checking excessively long invalid RSA public keys may take a long time] +CVE-2023-6237 (Issue summary: Checking excessively long invalid RSA public keys may t ...) - openssl 3.1.5-1 (bug #1060858) [bookworm] -
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cf25cd45 by security tracker role at 2024-04-24T20:11:57+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,269 @@ +CVE-2024-4141 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an in ...) + TODO: check +CVE-2024-4127 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been classi ...) + TODO: check +CVE-2024-4126 (A vulnerability was found in Tenda W15E 15.11.0.14 and classified as c ...) + TODO: check +CVE-2024-4125 (A vulnerability has been found in Tenda W15E 15.11.0.14 and classified ...) + TODO: check +CVE-2024-4124 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-4123 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-4122 (A vulnerability classified as critical was found in Tenda W15E 15.11.0 ...) + TODO: check +CVE-2024-4121 (A vulnerability classified as critical has been found in Tenda W15E 15 ...) + TODO: check +CVE-2024-4120 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated ...) + TODO: check +CVE-2024-4119 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been declar ...) + TODO: check +CVE-2024-4118 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been classi ...) + TODO: check +CVE-2024-4117 (A vulnerability was found in Tenda W15E 15.11.0.14 and classified as c ...) + TODO: check +CVE-2024-4116 (A vulnerability has been found in Tenda W15E 15.11.0.14 and classified ...) + TODO: check +CVE-2024-4115 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-4114 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-4113 (A vulnerability classified as critical was found in Tenda TX9 22.03.02 ...) + TODO: check +CVE-2024-4112 (A vulnerability classified as critical has been found in Tenda TX9 22. ...) + TODO: check +CVE-2024-4111 (A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated ...) + TODO: check +CVE-2024-4093 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-4075 (A vulnerability classified as problematic has been found in Kashipara ...) + TODO: check +CVE-2024-4074 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) + TODO: check +CVE-2024-4073 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) + TODO: check +CVE-2024-4072 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) + TODO: check +CVE-2024-4071 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) + TODO: check +CVE-2024-4070 (A vulnerability has been found in Kashipara Online Furniture Shopping ...) + TODO: check +CVE-2024-4069 (A vulnerability, which was classified as critical, was found in Kaship ...) + TODO: check +CVE-2024-4066 (A vulnerability classified as critical has been found in Tenda AC8 16. ...) + TODO: check +CVE-2024-3371 (MongoDB Compass may accept and use insufficiently validated input from ...) + TODO: check +CVE-2024-3261 (The Strong Testimonials WordPress plugin before 3.1.12 does not valida ...) + TODO: check +CVE-2024-33531 (cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsi ...) + TODO: check +CVE-2024-32958 (Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannid ...) + TODO: check +CVE-2024-32956 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32955 (Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flo ...) + TODO: check +CVE-2024-32954 (Unrestricted Upload of File with Dangerous Type vulnerability in Tribu ...) + TODO: check +CVE-2024-32953 (Insertion of Sensitive Information into Log File vulnerability in News ...) + TODO: check +CVE-2024-32952 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32951 (Missing Authorization vulnerability in BloomPixel Max Addons Pro for B ...) + TODO: check +CVE-2024-32950 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32948 (Missing Authorization vulnerability in Repute Infosystems ARMember.Thi ...) + TODO: check +CVE-2024-32947 (Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Se ...) + TODO: check +CVE-2024-32879 (Python Social Auth is a social authentication/registration mechanism. ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ccfd9a6 by security tracker role at 2024-04-23T20:11:43+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,68 @@ -CVE-2024-26922 [drm/amdgpu: validate the parameters of bo mapping operations more clearly] +CVE-2024-4065 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated ...) + TODO: check +CVE-2024-4064 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been declar ...) + TODO: check +CVE-2024-4063 (A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. I ...) + TODO: check +CVE-2024-4062 (A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classi ...) + TODO: check +CVE-2024-3911 (An unauthenticated remote attacker candeceive users into performing un ...) + TODO: check +CVE-2024-3732 (The GeoDirectory \u2013 WordPress Business Directory Plugin, or Classi ...) + TODO: check +CVE-2024-3665 (The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-3491 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...) + TODO: check +CVE-2024-3185 (A key used in logging.json does not follow the least privilege princip ...) + TODO: check +CVE-2024-33217 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-33215 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-33214 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-33213 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-33212 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-33211 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-32679 (Missing Authorization vulnerability in Shared Files PRO Shared Files.T ...) + TODO: check +CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) + TODO: check +CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...) + TODO: check +CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) + TODO: check +CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) + TODO: check +CVE-2024-32482 (The Tillitis TKey signer device application is an ed25519 signing tool ...) + TODO: check +CVE-2024-32258 (The network server of fceux 2.7.0 has a path traversal vulnerability, ...) + TODO: check +CVE-2024-31804 (An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.2 ...) + TODO: check +CVE-2024-31208 (Synapse is an open-source Matrix homeserver. A remote Matrix user with ...) + TODO: check +CVE-2024-30800 (PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly z ...) + TODO: check +CVE-2024-2477 (The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site S ...) + TODO: check +CVE-2024-28627 (An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain s ...) + TODO: check +CVE-2024-28130 (An incorrect type conversion vulnerability exists in the DVPSSoftcopyV ...) + TODO: check +CVE-2024-21979 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) + TODO: check +CVE-2024-21972 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) + TODO: check +CVE-2024-0900 (The Elespare \u2013 Build Your Blog, News & Magazine Websites with Exp ...) + TODO: check +CVE-2023-47731 (IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pa ...) + TODO: check +CVE-2024-26922 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux NOTE: https://git.kernel.org/linus/6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75 (6.9-rc5) CVE-2024-4031 (Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM ...) @@ -37,7 +101,7 @@ CVE-2024-2760 (Bkav Home v7816, build 2403161130 is vulnerable to a Memory Infor NOT-FOR-US: Bkac CVE-2024-2493 (Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This is ...) NOT-FOR-US: Hitachi -CVE-2024-29368 (An issue discovered in moziloCMS v2.0 allows attackers to bypass file ...) +CVE-2024-29368 (An arbitrary file upload vulnerability in the file handling module of ...) NOT-FOR-US: moziloCMS CVE-2024-28890 (Forminator prior to 1.29.0 contains an unrestricted upload of file wit ...) NOT-FOR-US: WordPress plugin @@ -862,6 +926,7 @@
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 317d173b by security tracker role at 2024-04-23T08:11:57+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2024-4031 (Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM ...) + TODO: check +CVE-2024-3889 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) + TODO: check +CVE-2024-3664 (The Quick Featured Images plugin for WordPress is vulnerable to unauth ...) + TODO: check +CVE-2024-3293 (The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress ...) + TODO: check +CVE-2024-32657 (Hydra is a Continuous Integration service for Nix based projects. Atta ...) + TODO: check +CVE-2024-32656 (Ant Media Server is live streaming engine software. A local privilege ...) + TODO: check +CVE-2024-32653 (jadx is a Dex to Java decompiler. Prior to version 1.5.0, the packag ...) + TODO: check +CVE-2024-32480 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...) + TODO: check +CVE-2024-32479 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...) + TODO: check +CVE-2024-32461 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...) + TODO: check +CVE-2024-32394 (An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01 ...) + TODO: check +CVE-2024-31857 (Forminator prior to 1.15.4 contains a cross-site scripting vulnerabili ...) + TODO: check +CVE-2024-31077 (Forminator prior to 1.29.3 contains a SQL injection vulnerability. If ...) + TODO: check +CVE-2024-31036 (A heap-buffer-overflow vulnerability in the read_byte function in Nano ...) + TODO: check +CVE-2024-2799 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) + TODO: check +CVE-2024-2798 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) + TODO: check +CVE-2024-2760 (Bkav Home v7816, build 2403161130 is vulnerable to a Memory Informatio ...) + TODO: check +CVE-2024-2493 (Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This is ...) + TODO: check +CVE-2024-29368 (An issue discovered in moziloCMS v2.0 allows attackers to bypass file ...) + TODO: check +CVE-2024-28890 (Forminator prior to 1.29.0 contains an unrestricted upload of file wit ...) + TODO: check +CVE-2024-27574 (SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 a ...) + TODO: check +CVE-2024-21511 (Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrar ...) + TODO: check +CVE-2024-1241 (Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulne ...) + TODO: check +CVE-2023-6833 (Insertion of Sensitive Information into Log File vulnerability in Hita ...) + TODO: check +CVE-2023-48184 (QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free b ...) + TODO: check +CVE-2023-48183 (QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer derefe ...) + TODO: check CVE-2024-4040 (VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1. ...) NOT-FOR-US: CrushFTP CVE-2024-4026 (Cross-Site Scripting (XSS) vulnerability in the Holded application. Th ...) @@ -118,27 +170,27 @@ CVE-2018-25101 (A vulnerability, which was classified as problematic, has been f NOT-FOR-US: Koha Library Management System CVE-2015-10132 (A vulnerability classified as problematic was found in Thimo Grauerhol ...) NOT-FOR-US: WordPress plugin -CVE-2024-32041 [OutOfBound Read in zgfx_decompress_segment] +CVE-2024-32041 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release -CVE-2024-32039 [Integer overflow & OutOfBound Write in clear_decompress_residual_data] +CVE-2024-32039 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release -CVE-2024-32040 [integer underflow in nsc_rle_decode] +CVE-2024-32040 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release -CVE-2024-32458 [OutOfBound Read in planar_skip_plane_rle] +CVE-2024-32458 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 NOTE:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e395f3b2 by security tracker role at 2024-04-22T20:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,8 +1,92 @@ -CVE-2024-27349 +CVE-2024-4040 (VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1. ...) + TODO: check +CVE-2024-4026 (Cross-Site Scripting (XSS) vulnerability in the Holded application. Th ...) + TODO: check +CVE-2024-3645 (The Essential Addons for Elementor Pro plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-32691 (Missing Authorization vulnerability in realmag777 Active Products Tabl ...) + TODO: check +CVE-2024-32688 (Missing Authorization vulnerability in Long Watch Studio MyRewards.Thi ...) + TODO: check +CVE-2024-32687 (Missing Authorization vulnerability in WPClever WPC Frequently Bought ...) + TODO: check +CVE-2024-32684 (Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This i ...) + TODO: check +CVE-2024-32682 (Missing Authorization vulnerability in BdThemes Prime Slider \u2013 Ad ...) + TODO: check +CVE-2024-32681 (Missing Authorization vulnerability in BdThemes Prime Slider \u2013 Ad ...) + TODO: check +CVE-2024-32407 (An issue in inducer relate before v.2024.1 allows a remote attacker to ...) + TODO: check +CVE-2024-32405 (Cross Site Scripting vulnerability in inducer relate before v.2024.1 a ...) + TODO: check +CVE-2024-32399 (Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 a ...) + TODO: check +CVE-2024-32368 (Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-L ...) + TODO: check +CVE-2024-32238 (H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password ...) + TODO: check +CVE-2024-32205 + REJECTED +CVE-2024-31666 (An issue in flusity-CMS v.2.33 allows a remote attacker to execute arb ...) + TODO: check +CVE-2024-31545 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...) + TODO: check +CVE-2024-29661 (A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to ...) + TODO: check +CVE-2024-29376 (Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Pr ...) + TODO: check +CVE-2024-28717 (An issue in OpenStack Storlets yoga-eom allows a remote attacker to ex ...) + TODO: check +CVE-2024-28699 (A buffer overflow vulnerability in pdf2json v0.70 allows a local attac ...) + TODO: check +CVE-2024-28436 (Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DA ...) + TODO: check +CVE-2024-22856 (A SQL injection vulnerability via the Save Favorite Search function in ...) + TODO: check +CVE-2024-22815 (An issue in the communication protocol of Tormach xsTECH CNC Router, P ...) + TODO: check +CVE-2024-22813 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) + TODO: check +CVE-2024-22811 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) + TODO: check +CVE-2024-22809 (Incorrect access control in Tormach xsTECH CNC Router, PathPilot Contr ...) + TODO: check +CVE-2024-22808 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) + TODO: check +CVE-2024-22807 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) + TODO: check +CVE-2023-38302 (A certain software build for the Sharp Rouvo V device (SHARP/VZW_STTM2 ...) + TODO: check +CVE-2023-38301 (An issue was discovered in a third-party component related to vendor.g ...) + TODO: check +CVE-2023-38300 (A certain software build for the Orbic Maui device (Orbic/RC545L/RC545 ...) + TODO: check +CVE-2023-38299 (Various software builds for the AT Calypso, Nokia C100, Nokia C200, ...) + TODO: check +CVE-2023-38298 (Various software builds for the following TCL devices (30Z, A3X, 20XE, ...) + TODO: check +CVE-2023-38297 (An issue was discovered in a third-party com.factory.mmigroup componen ...) + TODO: check +CVE-2023-38296 (Various software builds for the following TCL 30Z and TCL A3X devices ...) + TODO: check +CVE-2023-38295 (Certain software builds for the TCL 30Z and TCL 10 Android devices con ...) + TODO: check +CVE-2023-38294 (Certain software builds for the Itel Vision 3 Turbo Android device con ...) + TODO: check +CVE-2023-38293 (Certain software builds for the Nokia C200 and Nokia C100 Android devi ...) + TODO: check +CVE-2023-38292 (Certain software builds for the TCL 20XE Android device contain a vuln ...) + TODO: check +CVE-2023-38291 (An issue was discovered in a third-party component related to ro.boot. ...) + TODO: check +CVE-2023-38290 (Certain software builds for
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d9f5714f by security tracker role at 2024-04-22T08:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,33 @@ +CVE-2024-4022 (A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-18 ...) + TODO: check +CVE-2024-4021 (A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-18 ...) + TODO: check +CVE-2024-32698 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32697 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32696 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32695 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32694 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32693 (Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automati ...) + TODO: check +CVE-2024-32690 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32418 (An issue in flusity CMS v2.33 allows a remote attacker to execute arbi ...) + TODO: check +CVE-2024-30799 (An issue in PX4 Autopilot v1.14 and before allows a remote attacker to ...) + TODO: check +CVE-2024-28722 (Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3 ...) + TODO: check +CVE-2023-7252 (The Tickera WordPress plugin before 3.5.2.5 does not prevent users fr ...) + TODO: check +CVE-2018-25101 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2015-10132 (A vulnerability classified as problematic was found in Thimo Grauerhol ...) + TODO: check CVE-2024-32041 [OutOfBound Read in zgfx_decompress_segment] - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 @@ -1922,7 +1952,7 @@ CVE-2024- [Stored XSS in Avatar block] NOTE: https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/ NOTE: https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/ CVE-2024-3302 (There was no limit to the number of HTTP/2 CONTINUATION frames that wo ...) - {DSA-5663-1 DLA-3790-1} + {DSA-5670-1 DSA-5663-1 DLA-3790-1} - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 @@ -1933,7 +1963,7 @@ CVE-2024-3865 (Memory safety bugs present in Firefox 124. Some of these bugs sho - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3865 CVE-2024-3864 (Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thund ...) - {DSA-5663-1 DLA-3790-1} + {DSA-5670-1 DSA-5663-1 DLA-3790-1} - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 @@ -1951,7 +1981,7 @@ CVE-2024-3862 (The MarkStack assignment operator, part of the JavaScript engine, - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3862 CVE-2024-3861 (If an AlignedBuffer were assigned to itself, the subsequent self-move ...) - {DSA-5663-1 DLA-3790-1} + {DSA-5670-1 DSA-5663-1 DLA-3790-1} - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 @@ -1962,7 +1992,7 @@ CVE-2024-3860 (An out-of-memory condition during object initialization could res - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3860 CVE-2024-3859 (On 32-bit versions there were integer-overflows that led to an out-of- ...) - {DSA-5663-1 DLA-3790-1} + {DSA-5670-1 DSA-5663-1 DLA-3790-1} - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 @@ -1973,7 +2003,7 @@ CVE-2024-3858 (It was possible to mutate a JavaScript object so that the JIT cou - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3858 CVE-2024-3857 (The JIT created incorrect code for arguments in certain cases. This le ...) - {DSA-5663-1 DLA-3790-1} + {DSA-5670-1 DSA-5663-1 DLA-3790-1} - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 @@ -1987,7 +2017,7 @@ CVE-2024-3855 (In certain cases the JIT incorrectly optimized MSubstr operations - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3855 CVE-2024-3854 (In some code patterns the JIT incorrectly optimized switch
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 96f4d461 by security tracker role at 2024-04-21T08:11:50+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-4020 (A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified ...) + TODO: check CVE-2024-4019 (A vulnerability classified as critical has been found in Byzoro Smart ...) TODO: check CVE-2024-4014 (The hCaptcha for WordPress plugin for WordPress is vulnerable to Store ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96f4d461182cf71c3da728d19547a080c8c4fc30 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96f4d461182cf71c3da728d19547a080c8c4fc30 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b0a25f8d by security tracker role at 2024-04-20T20:11:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-4019 (A vulnerability classified as critical has been found in Byzoro Smart ...) + TODO: check +CVE-2024-4014 (The hCaptcha for WordPress plugin for WordPress is vulnerable to Store ...) + TODO: check CVE-2024-4018 (Improper Privilege Management vulnerability in BeyondTrust U-Series Ap ...) TODO: check CVE-2024-4017 (Improper Privilege Management vulnerability in BeyondTrust U-Series Ap ...) @@ -1798,54 +1802,67 @@ CVE-2024- [gix-transport indirect code execution via malicious username] CVE-2024-27980 - nodejs (Only affects Windows) CVE-2024-3847 (Insufficient policy enforcement in WebUI in Google Chrome prior to 124 ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3846 (Inappropriate implementation in Prompts in Google Chrome prior to 124. ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3845 (Inappropriate implementation in Networks in Google Chrome prior to 124 ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3844 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3843 (Insufficient data validation in Downloads in Google Chrome prior to 12 ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3841 (Insufficient data validation in Browser Switcher in Google Chrome prio ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3840 (Insufficient policy enforcement in Site Isolation in Google Chrome pri ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3839 (Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 al ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3838 (Inappropriate implementation in Autofill in Google Chrome prior to 124 ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3837 (Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3834 (Use after free in Downloads in Google Chrome prior to 124.0.6367.60 al ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3833 (Object corruption in WebAssembly in Google Chrome prior to 124.0.6367. ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3832 (Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowe ...) + {DSA-5668-1} - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0a25f8d74221a3afd72d356c5f0b5d9534200b9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0a25f8d74221a3afd72d356c5f0b5d9534200b9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bea5ca51 by security tracker role at 2024-04-20T08:11:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,31 @@ +CVE-2024-4018 (Improper Privilege Management vulnerability in BeyondTrust U-Series Ap ...) + TODO: check +CVE-2024-4017 (Improper Privilege Management vulnerability in BeyondTrust U-Series Ap ...) + TODO: check +CVE-2024-32392 (Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote ...) + TODO: check +CVE-2024-32391 (Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 all ...) + TODO: check +CVE-2024-31994 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...) + TODO: check +CVE-2024-31993 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...) + TODO: check +CVE-2024-31992 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...) + TODO: check +CVE-2024-31991 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...) + TODO: check +CVE-2024-31584 (Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the ...) + TODO: check +CVE-2024-30974 (SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to ...) + TODO: check +CVE-2024-22905 (Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote ...) + TODO: check +CVE-2024-1730 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) + TODO: check +CVE-2024-1480 (Unitronics Vision Standard line of controllers allow the Information M ...) + TODO: check +CVE-2024-1057 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) + TODO: check CVE-2024-3979 (A vulnerability, which was classified as problematic, has been found i ...) - vsomeip (bug #997892) CVE-2024-3818 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bea5ca516ef30604040ea646c8690526a6b7a981 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bea5ca516ef30604040ea646c8690526a6b7a981 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6b9e1a5c by security tracker role at 2024-04-19T20:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,243 @@ +CVE-2024-3979 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-3818 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) + TODO: check +CVE-2024-3742 (Electrolink transmitters store credentials in clear-text. Use of these ...) + TODO: check +CVE-2024-3741 (Electrolink transmitters are vulnerable to an authentication bypass v ...) + TODO: check +CVE-2024-3731 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-3684 (A server side request forgery vulnerability was identified in GitHub E ...) + TODO: check +CVE-2024-3654 (An XSS vulnerability has been found in Teimas Global's Teixo, version ...) + TODO: check +CVE-2024-3646 (A command injection vulnerability was identified in GitHub Enterprise ...) + TODO: check +CVE-2024-3615 (The Media Library Folders plugin for WordPress is vulnerable to Reflec ...) + TODO: check +CVE-2024-3600 (The Poll Maker \u2013 Best WordPress Poll Plugin plugin for WordPress ...) + TODO: check +CVE-2024-3598 (The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-3560 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-3470 (An Improper Privilege Management vulnerability was identified in GitHu ...) + TODO: check +CVE-2024-32683 (Authorization Bypass Through User-Controlled Key vulnerability in Wpme ...) + TODO: check +CVE-2024-32652 (The adapter @hono/node-server allows you to run your Hono application ...) + TODO: check +CVE-2024-32650 (Rustls is a modern TLS library written in Rust. `rustls::ConnectionCom ...) + TODO: check +CVE-2024-32644 (Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain tha ...) + TODO: check +CVE-2024-32478 (Git Credential Manager (GCM) is a secure Git credential helper. Prior ...) + TODO: check +CVE-2024-32473 (Moby is an open source container framework that is a key component of ...) + TODO: check +CVE-2024-32409 (An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary ...) + TODO: check +CVE-2024-32206 (A stored cross-site scripting (XSS) vulnerability in the component \af ...) + TODO: check +CVE-2024-32166 (Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - ...) + TODO: check +CVE-2024-32038 (Wazuh is a free and open source platform used for threat prevention, d ...) + TODO: check +CVE-2024-31846 (An issue was discovered in Italtel Embrace 1.6.4. The web application ...) + TODO: check +CVE-2024-31841 (An issue was discovered in Italtel Embrace 1.6.4. The web server fails ...) + TODO: check +CVE-2024-31750 (SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote ...) + TODO: check +CVE-2024-31745 (Libdwarf v0.9.1 was discovered to contain a heap use-after-free via th ...) + TODO: check +CVE-2024-31744 (In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/j ...) + TODO: check +CVE-2024-31587 (SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an ...) + TODO: check +CVE-2024-31552 (CuteHttpFileServer v.3.1 version has an arbitrary file download vulner ...) + TODO: check +CVE-2024-31547 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...) + TODO: check +CVE-2024-31546 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...) + TODO: check +CVE-2024-31450 (Owncast is an open source, self-hosted, decentralized, single user liv ...) + TODO: check +CVE-2024-30938 (SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker t ...) + TODO: check +CVE-2024-30929 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) + TODO: check +CVE-2024-30928 (SQL Injection vulnerability in DerbyNet v9.0 and below allows attacker ...) + TODO: check +CVE-2024-30927 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) + TODO: check +CVE-2024-30926 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) + TODO: check +CVE-2024-30925 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) + TODO: check +CVE-2024-30924 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) + TODO: check +CVE-2024-30923 (SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e9c20f4 by security tracker role at 2024-04-18T20:11:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,193 @@ +CVE-2024-3948 (A vulnerability was found in SourceCodester Home Clean Service System ...) + TODO: check +CVE-2024-32689 (Missing Authorization vulnerability in GenialSouls WP Social Comments. ...) + TODO: check +CVE-2024-32686 (Insertion of Sensitive Information into Log File vulnerability in Inis ...) + TODO: check +CVE-2024-32604 (Authorization Bypass Through User-Controlled Key vulnerability in Plec ...) + TODO: check +CVE-2024-32603 (Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy ...) + TODO: check +CVE-2024-32602 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-32601 (Missing Authorization vulnerability in WP OnlineSupport, Essential Plu ...) + TODO: check +CVE-2024-32600 (Deserialization of Untrusted Data vulnerability in Averta Master Slide ...) + TODO: check +CVE-2024-32599 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-32598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32597 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32596 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32595 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32594 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32592 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32591 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32590 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32588 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32587 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32586 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32585 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32584 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32583 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32582 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32581 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32580 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32579 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32577 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32576 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32575 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32572 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32571 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32570 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32569 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32568 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32567 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32566 (Improper Neutralization of Input During Web Page Generation ('Cross-si
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3fd6e59a by security tracker role at 2024-04-18T08:11:47+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,61 @@ +CVE-2024-3932 (A vulnerability classified as problematic has been found in Totara LMS ...) + TODO: check +CVE-2024-3931 (A vulnerability was found in Totara LMS 18.0.1 Build 20231128.01. It h ...) + TODO: check +CVE-2024-3928 (A vulnerability was found in Dromara open-capacity-platform 2.0.1. It ...) + TODO: check +CVE-2024-32746 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32745 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32744 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32743 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32472 (excalidraw is an open source virtual hand-drawn style whiteboard. A st ...) + TODO: check +CVE-2024-32345 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...) + TODO: check +CVE-2024-32344 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...) + TODO: check +CVE-2024-32343 (A cross-site scripting (XSS) vulnerability in the Create Page of Boid ...) + TODO: check +CVE-2024-32342 (A cross-site scripting (XSS) vulnerability in the Create Page of Boid ...) + TODO: check +CVE-2024-32341 (Multiple cross-site scripting (XSS) vulnerabilities in the Home page o ...) + TODO: check +CVE-2024-32340 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32339 (Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page ...) + TODO: check +CVE-2024-32338 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32337 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-31869 (Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows ...) + TODO: check +CVE-2024-2729 (The Otter Blocks WordPress plugin before 2.6.6 does not properly esca ...) + TODO: check +CVE-2024-29956 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the ...) + TODO: check +CVE-2024-29955 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allo ...) + TODO: check +CVE-2024-29952 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allo ...) + TODO: check +CVE-2024-1429 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) + TODO: check +CVE-2024-1426 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) + TODO: check +CVE-2023-4509 (It is possible for an API key to be logged in clear text in the audit ...) + TODO: check +CVE-2023-4235 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) + TODO: check +CVE-2023-4234 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) + TODO: check +CVE-2023-4233 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) + TODO: check +CVE-2023-4232 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) + TODO: check CVE-2024-3914 (Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a ...) - chromium [bullseye] - chromium (see #1061268) @@ -11452,7 +11510,7 @@ CVE-2024-24693 (Improper access control in the installer for Zoom Rooms Client f CVE-2024-24692 (Race condition in the installer for Zoom Rooms Client for Windows befo ...) NOT-FOR-US: Zoom CVE-2024-24549 (Denial of Service due to improper input validation vulnerability for H ...) - {DLA-3779-1} + {DSA-5665-1 DLA-3779-1} - tomcat10 10.1.20-1 (bug #1066878) - tomcat9 9.0.70-2 NOTE: https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg @@ -11460,7 +11518,7 @@ CVE-2024-24549 (Denial of Service due to improper input validation vulnerability NOTE: https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0 (9.0.86) NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version CVE-2024-23672 (Denial of Service via incomplete cleanup vulnerability in Apache Tomca ...) - {DLA-3779-1} + {DSA-5665-1 DLA-3779-1} - tomcat10 10.1.20-1 (bug #1066877) - tomcat9 9.0.70-2 NOTE: https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f @@ -16334,7 +16392,7 @@ CVE-2024-23496 (A
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4195e357 by security tracker role at 2024-04-17T20:11:48+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,521 +1,789 @@ -CVE-2024-2961 [ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence] +CVE-2024-3914 (Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a ...) + TODO: check +CVE-2024-3910 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-3909 (A vulnerability classified as critical was found in Tenda AC500 2.0.1. ...) + TODO: check +CVE-2024-3908 (A vulnerability classified as critical has been found in Tenda AC500 2 ...) + TODO: check +CVE-2024-3907 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been ra ...) + TODO: check +CVE-2024-3906 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been de ...) + TODO: check +CVE-2024-3905 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been cl ...) + TODO: check +CVE-2024-3900 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long ...) + TODO: check +CVE-2024-3825 (Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw ...) + TODO: check +CVE-2024-3817 (HashiCorp\u2019s go-getter library is vulnerable to argument injection ...) + TODO: check +CVE-2024- (The Essential Addons for Elementor plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-3323 (Cross Site Scripting in UI Request/Response Validation in TIBCO Ja ...) + TODO: check +CVE-2024-32550 (Cross-Site Request Forgery (CSRF) vulnerability in BMI Adult & Kid Cal ...) + TODO: check +CVE-2024-32549 (Cross-Site Request Forgery (CSRF) vulnerability in Microkid Related Po ...) + TODO: check +CVE-2024-32548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32547 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32546 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32545 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32544 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32543 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32542 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32540 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32539 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32538 (Cross-Site Request Forgery (CSRF) vulnerability in Joshua Eldridge Eas ...) + TODO: check +CVE-2024-32536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32535 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32534 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32533 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32531 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32530 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32529 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32528 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32527 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32526 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32510 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32508 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32506 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-32505 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32463 (phlex is an open source framework for building object-oriented views i ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 44c50bee by security tracker role at 2024-04-17T08:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,58 +1,478 @@ +CVE-2024-3882 (A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been cla ...) + TODO: check +CVE-2024-3881 (A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified a ...) + TODO: check +CVE-2024-3880 (A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classif ...) + TODO: check +CVE-2024-3879 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-3878 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-3877 (A vulnerability classified as critical was found in Tenda F1202 1.2.0. ...) + TODO: check +CVE-2024-3876 (A vulnerability classified as critical has been found in Tenda F1202 1 ...) + TODO: check +CVE-2024-3875 (A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been ra ...) + TODO: check +CVE-2024-3874 (A vulnerability was found in Tenda W20E 15.11.0.6. It has been declare ...) + TODO: check +CVE-2024-3873 (A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It has bee ...) + TODO: check +CVE-2024-3872 (Mattermost Mobile app versions 2.13.0 and earlier use a regular expres ...) + TODO: check +CVE-2024-3871 (The Delta Electronics DVW-W02W2-E2 devices expose a web administration ...) + TODO: check +CVE-2024-3869 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-3867 (The archive-tainacan-collection theme for WordPress is vulnerable to R ...) + TODO: check +CVE-2024-3672 (The BA Book Everything plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-3660 (A arbitrary code injection vulnerability in TensorFlow's Keras framewo ...) + TODO: check +CVE-2024-3367 (Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1. ...) + TODO: check +CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-3067 (The WooCommerce Google Feed Manager plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-32634 (In huge memory get unmapped area check, code can never be reached beca ...) + TODO: check +CVE-2024-32633 (An unsigned value can never be negative, so eMMC full disk test will a ...) + TODO: check +CVE-2024-32632 (A value in ATCMD will be misinterpreted by printf, causing incorrect o ...) + TODO: check +CVE-2024-32631 (Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect compu ...) + TODO: check +CVE-2024-32625 (In OffloadAMRWriter, a scalar field is not initialized so will contain ...) + TODO: check +CVE-2024-32532 (Missing Authorization vulnerability in SiteGround Speed Optimizer.This ...) + TODO: check +CVE-2024-32525 (Missing Authorization vulnerability in Theme My Login.This issue affec ...) + TODO: check +CVE-2024-32524 (Missing Authorization vulnerability in Nuggethon Custom Order Statuses ...) + TODO: check +CVE-2024-32522 (Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Te ...) + TODO: check +CVE-2024-32520 (Missing Authorization vulnerability in WPClever WPC Grouped Product fo ...) + TODO: check +CVE-2024-32519 (Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCo ...) + TODO: check +CVE-2024-32518 (Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultim ...) + TODO: check +CVE-2024-32517 (Missing Authorization vulnerability in WooCommerce & WordPress Tutoria ...) + TODO: check +CVE-2024-32516 (Missing Authorization vulnerability in Palscode Multi Currency For Woo ...) + TODO: check +CVE-2024-32515 (Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega ...) + TODO: check +CVE-2024-32514 (Unrestricted Upload of File with Dangerous Type vulnerability in Poll ...) + TODO: check +CVE-2024-32513 (Insertion of Sensitive Information into Log File vulnerability in AdTr ...) + TODO: check +CVE-2024-32509 (Missing Authorization vulnerability in Loopus WP Cost Estimation & Pay ...) + TODO: check +CVE-2024-32455 (Missing Authorization vulnerability in Very Good Plugins Fatal Error N ...) + TODO: check +CVE-2024-32256 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...) + TODO: check +CVE-2024-32254 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...) + TODO: check +CVE-2024-32086 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e70c3222 by security tracker role at 2024-04-16T08:11:57+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,106 @@ +CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb) + TODO: check +CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the Authorizat ...) + TODO: check +CVE-2024-3573 (mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to impro ...) + TODO: check +CVE-2024-3572 (The scrapy/scrapy project is vulnerable to XML External Entity (XXE) a ...) + TODO: check +CVE-2024-3571 (langchain-ai/langchain is vulnerable to path traversal due to improper ...) + TODO: check +CVE-2024-3493 (A specific malformed fragmented packet type (fragmented packets may be ...) + TODO: check +CVE-2024-3271 (A command injection vulnerability exists in the run-llama/llama_index ...) + TODO: check +CVE-2024-3029 (In mintplex-labs/anything-llm, an attacker can exploit improper input ...) + TODO: check +CVE-2024-3028 (mintplex-labs/anything-llm is vulnerable to improper input validation, ...) + TODO: check +CVE-2024-32557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32036 (ImageSharp is a 2D graphics API. A heap-use-after-free flaw was found ...) + TODO: check +CVE-2024-31784 (An issue in Typora v.1.8.10 and before, allows a local attacker to obt ...) + TODO: check +CVE-2024-31783 (Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, ...) + TODO: check +CVE-2024-31652 (A cross-site scripting (XSS) in Cosmetics and Beauty Product Online St ...) + TODO: check +CVE-2024-31651 (A cross-site scripting (XSS) in Cosmetics and Beauty Product Online St ...) + TODO: check +CVE-2024-31650 (A cross-site scripting (XSS) in Cosmetics and Beauty Product Online St ...) + TODO: check +CVE-2024-31649 (A cross-site scripting (XSS) in Cosmetics and Beauty Product Online St ...) + TODO: check +CVE-2024-31648 (Cross Site Scripting (XSS) in Insurance Management System v1.0, allows ...) + TODO: check +CVE-2024-31634 (Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 a ...) + TODO: check +CVE-2024-30656 (An issue in Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-202 ...) + TODO: check +CVE-2024-30567 (An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allow ...) + TODO: check +CVE-2024-2912 (An insecure deserialization vulnerability exists in the BentoML framew ...) + TODO: check +CVE-2024-2424 (An input validation vulnerability exists in the Rockwell Automation501 ...) + TODO: check +CVE-2024-2260 (A session fixation vulnerability exists in the zenml-io/zenml applicat ...) + TODO: check +CVE-2024-2083 (A directory traversal vulnerability exists in the zenml-io/zenml repos ...) + TODO: check +CVE-2024-27794 (Claris FileMaker Server before version 20.3.2 was susceptible to a ref ...) + TODO: check +CVE-2024-23561 (HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information ...) + TODO: check +CVE-2024-23558 (HCL DevOps Deploy / HCL Launch does not invalidate session after logou ...) + TODO: check +CVE-2024-22262 (Applications that use UriComponentsBuilderto parse an externally provi ...) + TODO: check +CVE-2024-1961 (vertaai/modeldb is vulnerable to a path traversal attack due to improp ...) + TODO: check +CVE-2024-1739 (lunary-ai/lunary is vulnerable to an authentication issue due to impro ...) + TODO: check +CVE-2024-1738 (An incorrect authorization vulnerability exists in the lunary-ai/lunar ...) + TODO: check +CVE-2024-1666 (In lunary-ai/lunary version 1.0.0, an authorization flaw exists that a ...) + TODO: check +CVE-2024-1665 (lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluatio ...) + TODO: check +CVE-2024-1646 (parisneo/lollms-webui is vulnerable to authentication bypass due to in ...) + TODO: check +CVE-2024-1626 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...) + TODO: check +CVE-2024-1601 (An SQL injection vulnerability exists in the `delete_discussion()` fun ...) + TODO: check +CVE-2024-1594 (A path traversal vulnerability exists in the mlflow/mlflow repository, ...) + TODO: check +CVE-2024-1593 (A path traversal vulnerability exists in the mlflow/mlflow repository ...) + TODO: check +CVE-2024-1569 (parisneo/lollms-webui is vulnerable to a denial of service (DoS) attac ...) + TODO: check +CVE-2024-1561 (An issue was discovered in gradio-app/gradio, where the `/component_se ...) + TODO: check +CVE-2024-1560 (A
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bb6d802e by security tracker role at 2024-04-15T20:11:56+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,255 @@ +CVE-2024-3804 (A vulnerability, which was classified as critical, has been found in V ...) + TODO: check +CVE-2024-3803 (A vulnerability classified as critical was found in Vesystem Cloud Des ...) + TODO: check +CVE-2024-3802 (Vulnerabilities in Celeste 22.x was vulnerable to takeover from unauth ...) + TODO: check +CVE-2024-3797 (A vulnerability was found in SourceCodester QR Code Bookmark System 1. ...) + TODO: check +CVE-2024-3796 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) + TODO: check +CVE-2024-3795 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) + TODO: check +CVE-2024-3794 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) + TODO: check +CVE-2024-3793 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) + TODO: check +CVE-2024-3792 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) + TODO: check +CVE-2024-3791 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) + TODO: check +CVE-2024-3790 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) + TODO: check +CVE-2024-3789 (Uncontrolled resource consumption vulnerability in White Bear Solution ...) + TODO: check +CVE-2024-3788 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) + TODO: check +CVE-2024-3787 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) + TODO: check +CVE-2024-3786 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) + TODO: check +CVE-2024-3785 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) + TODO: check +CVE-2024-3784 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) + TODO: check +CVE-2024-3783 (The Backup Agents section in WBSAirback 21.02.04 is affected by a Path ...) + TODO: check +CVE-2024-3782 (Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which ...) + TODO: check +CVE-2024-3781 (Command injection vulnerability in the operating system. Improper neut ...) + TODO: check +CVE-2024-3780 (A vulnerability of Information Exposure has been found on Technicolor ...) + TODO: check +CVE-2024-32437 (Cross-Site Request Forgery (CSRF) vulnerability in impleCode eCommerce ...) + TODO: check +CVE-2024-32436 (Cross-Site Request Forgery (CSRF) vulnerability in Codemenschen Gift V ...) + TODO: check +CVE-2024-32435 (Cross-Site Request Forgery (CSRF) vulnerability in Affieasy Team AffiE ...) + TODO: check +CVE-2024-32434 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Ord ...) + TODO: check +CVE-2024-32433 (Cross-Site Request Forgery (CSRF) vulnerability in Themefic BEAF.This ...) + TODO: check +CVE-2024-32141 (Cross-Site Request Forgery (CSRF) vulnerability in Libsyn Libsyn Publi ...) + TODO: check +CVE-2024-32129 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...) + TODO: check +CVE-2024-32104 (Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove ...) + TODO: check +CVE-2024-32103 (Cross-Site Request Forgery (CSRF) vulnerability in Siteimprove.This is ...) + TODO: check +CVE-2024-32102 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Kingsley Clar ...) + TODO: check +CVE-2024-32101 (Cross-Site Request Forgery (CSRF) vulnerability in Omnisend Email Mark ...) + TODO: check +CVE-2024-32099 (Cross-Site Request Forgery (CSRF) vulnerability in James Ward WP Mail ...) + TODO: check +CVE-2024-32097 (Cross-Site Request Forgery (CSRF) vulnerability in Eyal Fitoussi GEO m ...) + TODO: check +CVE-2024-32096 (Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech WP Migrat ...) + TODO: check +CVE-2024-32095 (Cross-Site Request Forgery (CSRF) vulnerability in MultiParcels MultiP ...) + TODO: check +CVE-2024-32094 (Cross-Site Request Forgery (CSRF) vulnerability in ChurchThemes Church ...) + TODO: check +CVE-2024-32093 (Cross-Site Request Forgery (CSRF) vulnerability in Nose Graze Novelist ...) + TODO: check +CVE-2024-32092 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Bester Kimi ...) + TODO: check +CVE-2024-32091 (Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo Sangar Slide ...) + TODO: check +CVE-2024-32090 (Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church A ...) + TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f33239cd by security tracker role at 2024-04-15T08:12:01+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,189 @@ +CVE-2024-3778 (The file upload functionality of Ai3 QbiBot does not properly restrict ...) + TODO: check +CVE-2024-3777 (The password reset feature of Ai3 QbiBot lacks proper access control, ...) + TODO: check +CVE-2024-3776 (The parameter used in the login page of Netvision airPASS is not prope ...) + TODO: check +CVE-2024-3775 (aEnrich Technology a+HRD's functionality for downloading files using y ...) + TODO: check +CVE-2024-3774 (aEnrich Technology a+HRD's functionality for front-end retrieval of sy ...) + TODO: check +CVE-2024-3772 (Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 all ...) + TODO: check +CVE-2024-3771 (A vulnerability was found in PHPGurukul Student Record System 3.20 and ...) + TODO: check +CVE-2024-3770 (A vulnerability has been found in PHPGurukul Student Record System 3.2 ...) + TODO: check +CVE-2024-3769 (A vulnerability, which was classified as critical, was found in PHPGur ...) + TODO: check +CVE-2024-3768 (A vulnerability, which was classified as critical, has been found in P ...) + TODO: check +CVE-2024-3767 (A vulnerability classified as critical was found in PHPGurukul News Po ...) + TODO: check +CVE-2024-3766 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-3765 (A vulnerability classified as critical was found in Xiongmai AHB7804R- ...) + TODO: check +CVE-2024-3764 (A vulnerability classified as problematic has been found in Tuya Camer ...) + TODO: check +CVE-2024-3763 (A vulnerability was found in Emlog Pro 2.2.10. It has been rated as pr ...) + TODO: check +CVE-2024-3762 (A vulnerability was found in Emlog Pro 2.2.10. It has been declared as ...) + TODO: check +CVE-2024-3701 (The system application (com.transsion.kolun.aiservice) component does ...) + TODO: check +CVE-2024-3505 (JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to ...) + TODO: check +CVE-2024-32489 (TCPDF before 6.7.4 mishandles calls that use HTML syntax.) + TODO: check +CVE-2024-32488 (In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalati ...) + TODO: check +CVE-2024-32454 (Server-Side Request Forgery (SSRF) vulnerability in Wappointment Appoi ...) + TODO: check +CVE-2024-32453 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32452 (Cross-Site Request Forgery (CSRF) vulnerability in WP EasyCart.This is ...) + TODO: check +CVE-2024-32451 (Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages.T ...) + TODO: check +CVE-2024-32450 (Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team WpT ...) + TODO: check +CVE-2024-32449 (Cross-Site Request Forgery (CSRF) vulnerability in MagniGenie RestroPr ...) + TODO: check +CVE-2024-32448 (Cross-Site Request Forgery (CSRF) vulnerability in VideoYield.Com Ads. ...) + TODO: check +CVE-2024-32447 (Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Tea ...) + TODO: check +CVE-2024-32446 (Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet Sy ...) + TODO: check +CVE-2024-32445 (Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team We ...) + TODO: check +CVE-2024-32443 (Cross-Site Request Forgery (CSRF) vulnerability in IP2Location Downloa ...) + TODO: check +CVE-2024-32442 (Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This ...) + TODO: check +CVE-2024-32441 (Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This ...) + TODO: check +CVE-2024-32440 (Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgar ...) + TODO: check +CVE-2024-32439 (Cross-Site Request Forgery (CSRF) vulnerability in SwitchWP WP Client ...) + TODO: check +CVE-2024-32438 (Cross-Site Request Forgery (CSRF) vulnerability in cleverplugins.Com S ...) + TODO: check +CVE-2024-32431 (Deserialization of Untrusted Data vulnerability in WP All Import Impor ...) + TODO: check +CVE-2024-32430 (Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.Thi ...) + TODO: check +CVE-2024-32429 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32428 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32149 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 614a7d0c by security tracker role at 2024-04-14T20:11:57+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-24863 (In malidp_mw_connector_reset, new memory is allocated with kzalloc, bu ...) + TODO: check +CVE-2024-24862 (In function pci1_spi_probe, there is a potential null pointer that ...) + TODO: check CVE-2024-3740 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3739 (A vulnerability classified as critical was found in cym1102 nginxWebUI ...) @@ -3028,6 +3032,7 @@ CVE-2024-3296 (A timing-based side-channel flaw exists in the rust-openssl packa [bullseye] - rust-openssl (Minor issue) NOTE: https://github.com/sfackler/rust-openssl/issues/2171 CVE-2024-31309 (HTTP/2 CONTINUATIONDoS attack can cause Apache Traffic Server to consu ...) + {DSA-5659-1} - trafficserver 9.2.4+ds-1 (bug #1068417) NOTE: https://www.kb.cert.org/vuls/id/421644 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2269627 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/614a7d0cea5a8bce4d5287ba7e77a03f2e5b948e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/614a7d0cea5a8bce4d5287ba7e77a03f2e5b948e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 83cbcf8b by security tracker role at 2024-04-14T08:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-3740 (A vulnerability, which was classified as critical, has been found in c ...) + TODO: check CVE-2024-3739 (A vulnerability classified as critical was found in cym1102 nginxWebUI ...) NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3738 (A vulnerability classified as critical has been found in cym1102 nginx ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83cbcf8bebf55cf93cd4876de13a6f07521f938a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83cbcf8bebf55cf93cd4876de13a6f07521f938a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ef3140e7 by security tracker role at 2024-04-13T20:11:58+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,8 +1,28 @@ -CVE-2024-32487 [less(1) with LESSOPEN mishandles \n in paths] +CVE-2024-3739 (A vulnerability classified as critical was found in cym1102 nginxWebUI ...) + TODO: check +CVE-2024-3738 (A vulnerability classified as critical has been found in cym1102 nginx ...) + TODO: check +CVE-2024-3737 (A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has be ...) + TODO: check +CVE-2024-3736 (A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has be ...) + TODO: check +CVE-2024-3735 (A vulnerability was found in Smart Office up to 20240405. It has been ...) + TODO: check +CVE-2024-3721 (A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 ...) + TODO: check +CVE-2024-3720 (A vulnerability has been found in Tianwell Fire Intelligent Command Pl ...) + TODO: check +CVE-2024-3719 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-3662 (The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerab ...) + TODO: check +CVE-2023-6494 (The WPC Smart Quick View for WooCommerce plugin for WordPress is vulne ...) + TODO: check +CVE-2024-32487 (less through 653 allows OS command execution via a newline character i ...) - less (bug #1068938) NOTE: https://www.openwall.com/lists/oss-security/2024/04/12/5 NOTE: Fixed by: https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33 -CVE-2024-26817 [amdkfd: use calloc instead of kzalloc to avoid integer overflow] +CVE-2024-26817 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux NOTE: https://git.kernel.org/linus/3b0daecfeac0103aba8b293df07a0cbaf8b43f29 CVE-2024-3027 (The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef3140e7f28a017b0f3520ead8fc060756be20b7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef3140e7f28a017b0f3520ead8fc060756be20b7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 35bc06b6 by security tracker role at 2024-04-13T08:11:47+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,25 @@ +CVE-2024-3027 (The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized ...) + TODO: check +CVE-2024-32028 (OpenTelemetry dotnet is a dotnet telemetry framework. In affected vers ...) + TODO: check +CVE-2024-32019 (Netdata is an open source observability tool. In affected versions the ...) + TODO: check +CVE-2024-32005 (NiceGUI is an easy-to-use, Python-based UI framework. A local file inc ...) + TODO: check +CVE-2024-32003 (wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk ...) + TODO: check +CVE-2024-31462 (stable-diffusion-webui is a web interface for Stable Diffusion, implem ...) + TODO: check +CVE-2024-2583 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) + TODO: check +CVE-2024-29023 (Xibo is an Open Source Digital Signage platform with a web content man ...) + TODO: check +CVE-2024-29022 (Xibo is an Open Source Digital Signage platform with a web content man ...) + TODO: check +CVE-2024-28869 (Traefik is an HTTP reverse proxy and load balancer. In affected versio ...) + TODO: check +CVE-2024-1957 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...) + TODO: check CVE-2024-3707 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) NOT-FOR-US: OpenGnsys CVE-2024-3706 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) @@ -916,9 +938,11 @@ CVE-2021-47181 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/14651496a3de6807a17c310f63c894ea0c5d858e (5.16-rc1) CVE-2024-26816 (In the Linux kernel, the following vulnerability has been resolved: x ...) + {DSA-5658-1} - linux NOTE: https://git.kernel.org/linus/aaa8736370db1a78f0e8434344a484f9fd20be3b (6.9-rc1) CVE-2024-26815 (In the Linux kernel, the following vulnerability has been resolved: n ...) + {DSA-5658-1} - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) @@ -1824,6 +1848,7 @@ CVE-2023-41677 (A insufficiently protected credentials in Fortinet FortiProxy 7. CVE-2022-4965 (The Invitation Code Content Restriction Plugin from CreativeMinds plug ...) NOT-FOR-US: WordPress plugin CVE-2024-2201 [Native Branch History Injection] + {DSA-5658-1} - linux - xen [bullseye] - xen (EOLed in Bullseye) @@ -2093,6 +2118,7 @@ CVE-2014-125111 (A vulnerability was found in namithjawahar Wp-Insert up to 2.0. CVE-2011-10006 (A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has ...) NOT-FOR-US: WordPress plugin CVE-2024-26811 (In the Linux kernel, the following vulnerability has been resolved: k ...) + {DSA-5658-1} - linux NOTE: https://git.kernel.org/linus/a677ebd8ca2f2632ccdecbad7b87641274e15aac (6.9-rc3) CVE-2024-2511 (Issue summary: Some non-default TLS server configurations can cause un ...) @@ -2556,19 +2582,24 @@ CVE-2023-49965 (SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS v CVE-2023-48426 (u-boot bug that allows for u-boot shell and interrupt over UART) NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in Debian) CVE-2024-27437 (In the Linux kernel, the following vulnerability has been resolved: v ...) + {DSA-5658-1} - linux NOTE: https://git.kernel.org/linus/fe9a7082684eb059b925c535682e68c34d487d43 (6.9-rc1) CVE-2024-26814 (In the Linux kernel, the following vulnerability has been resolved: v ...) + {DSA-5658-1} - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7447d911af699a15f8d050dfcb7c680a86f87012 (6.9-rc1) CVE-2024-26813 (In the Linux kernel, the following vulnerability has been resolved: v ...) + {DSA-5658-1} - linux NOTE: https://git.kernel.org/linus/675daf435e9f8e5a5eab140a9864dfad6668b375 (6.9-rc1) CVE-2024-26812 (In the Linux kernel, the following vulnerability has been resolved: v ...) + {DSA-5658-1} - linux NOTE: https://git.kernel.org/linus/18c198c96a815c962adc2b9b77909eec0be7df4d (6.9-rc1) CVE-2024-26810 (In the Linux kernel, the following vulnerability has been resolved: v ...) + {DSA-5658-1} - linux NOTE: https://git.kernel.org/linus/810cd4bb53456d0503cc4e7934e063835152c1b7 (6.9-rc1) CVE-2024-24746 (Loop with Unreachable Exit Condition ('Infinite
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4567ee24 by security tracker role at 2024-04-12T20:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,194 @@ -CVE-2024-31391 +CVE-2024-3707 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) + TODO: check +CVE-2024-3706 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) + TODO: check +CVE-2024-3705 (Unrestricted file upload vulnerability in OpenGnsys affecting version ...) + TODO: check +CVE-2024-3704 (SQL Injection Vulnerability has been found on OpenGnsys product affect ...) + TODO: check +CVE-2024-3698 (A vulnerability was found in Campcodes House Rental Management System ...) + TODO: check +CVE-2024-3697 (A vulnerability was found in Campcodes House Rental Management System ...) + TODO: check +CVE-2024-3696 (A vulnerability was found in Campcodes House Rental Management System ...) + TODO: check +CVE-2024-3695 (A vulnerability has been found in SourceCodester Computer Laboratory M ...) + TODO: check +CVE-2024-3691 (A vulnerability, which was classified as critical, has been found in P ...) + TODO: check +CVE-2024-3690 (A vulnerability classified as critical was found in PHPGurukul Small C ...) + TODO: check +CVE-2024-3689 (A vulnerability classified as problematic has been found in Zhejiang L ...) + TODO: check +CVE-2024-3688 (A vulnerability was found in Xiamen Four-Faith RMP Router Management P ...) + TODO: check +CVE-2024-3687 (A vulnerability was found in bihell Dice 3.1.0 and classified as probl ...) + TODO: check +CVE-2024-3686 (A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified ...) + TODO: check +CVE-2024-3685 (A vulnerability, which was classified as critical, was found in DedeCM ...) + TODO: check +CVE-2024-3211 (The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-3054 (WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR ...) + TODO: check +CVE-2024-32000 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging ...) + TODO: check +CVE-2024-31839 (Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allo ...) + TODO: check +CVE-2024-31818 (Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote at ...) + TODO: check +CVE-2024-31372 (Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bo ...) + TODO: check +CVE-2024-31371 (Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Eve ...) + TODO: check +CVE-2024-31364 (Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX W ...) + TODO: check +CVE-2024-31363 (Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issu ...) + TODO: check +CVE-2024-31362 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGr ...) + TODO: check +CVE-2024-31360 (Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC ...) + TODO: check +CVE-2024-31354 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow ...) + TODO: check +CVE-2024-31305 (Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.T ...) + TODO: check +CVE-2024-31303 (Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign- ...) + TODO: check +CVE-2024-31301 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple ...) + TODO: check +CVE-2024-31293 (Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downlo ...) + TODO: check +CVE-2024-31289 (Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Ele ...) + TODO: check +CVE-2024-31279 (Cross-Site Request Forgery (CSRF) vulnerability in Catch Plugins Gener ...) + TODO: check +CVE-2024-31272 (Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ...) + TODO: check +CVE-2024-31271 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate ...) + TODO: check +CVE-2024-31269 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Goog ...) + TODO: check +CVE-2024-31268 (Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team App ...) + TODO: check +CVE-2024-31265 (Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This is ...) + TODO: check +CVE-2024-31264 (Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counte ...) + TODO: check +CVE-2024-31263 (Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repaymen ...) + TODO: check +CVE-2024-31262 (Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60b95ffd by security tracker role at 2024-04-12T08:11:50+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,47 @@ +CVE-2024-3400 (A command injection vulnerability in the GlobalProtect feature of Palo ...) + TODO: check +CVE-2024-30850 (An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to exe ...) + TODO: check +CVE-2024-30614 (An issue in Ametys CMS v4.5.0 and before allows attackers to obtain se ...) + TODO: check +CVE-2024-2801 (The Shopkeeper Extender plugin for WordPress is vulnerable to Stored C ...) + TODO: check +CVE-2024-2137 (The All-in-One Addons for Elementor \u2013 WidgetKit plugin for WordPr ...) + TODO: check +CVE-2024-29400 (An issue was discovered in RuoYi v4.5.1, allows attackers to obtain se ...) + TODO: check +CVE-2024-28458 (Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 al ...) + TODO: check +CVE-2024-27592 (Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows a ...) + TODO: check +CVE-2024-25376 (An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBA ...) + TODO: check +CVE-2024-22734 (An issue was discovered in AMCS Group Trux Waste Management Software b ...) + TODO: check +CVE-2024-22526 (Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows loca ...) + TODO: check +CVE-2024-22357 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6 ...) + TODO: check +CVE-2023-50307 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6 ...) + TODO: check +CVE-2023-49528 (Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, al ...) + TODO: check +CVE-2023-48865 (An issue discovered in Reportico Till 8.1.0 allows attackers to obtain ...) + TODO: check +CVE-2023-45186 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6 ...) + TODO: check +CVE-2023-44857 (An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker ...) + TODO: check +CVE-2023-44856 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) + TODO: check +CVE-2023-44855 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) + TODO: check +CVE-2023-44854 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) + TODO: check +CVE-2023-44853 (\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a ...) + TODO: check +CVE-2023-44852 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) + TODO: check CVE-2024-1874 - php8.2 8.2.18-1 - php7.4 @@ -22,7 +66,7 @@ CVE-2024-2757 - php7.3 NOTE: Fixed in: 8.2.18 TODO: fill in with GHSA security advisory references and further details -CVE-2024-27309 +CVE-2024-27309 (While an Apache Kafka cluster is being migrated from ZooKeeper mode to ...) - kafka (bug #786460) CVE-2024-3344 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) NOT-FOR-US: WordPress plugin @@ -124,13 +168,13 @@ CVE-2023-32295 (Missing Authorization vulnerability in Alex Tselegidis Easy!Appo NOT-FOR-US: WordPress plugin CVE-2023-32228 (A firmware bug which may lead to misinterpretation of data in the AMC2 ...) NOT-FOR-US: Bosch -CVE-2024-3092 +CVE-2024-3092 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab -CVE-2024-2279 +CVE-2024-2279 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab -CVE-2023-6489 +CVE-2023-6489 (A denial of service vulnerability was identified in GitLab CE/EE, vers ...) - gitlab -CVE-2023-6678 +CVE-2023-6678 (An issue has been discovered in GitLab EE affecting all versions befor ...) - gitlab CVE-2024-3652 (The Libreswan Project was notified of an issue causing libreswan to re ...) - libreswan View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60b95ffd5838d72b879cc3f921af681abde47452 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60b95ffd5838d72b879cc3f921af681abde47452 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 95461784 by security tracker role at 2024-04-11T20:20:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,103 @@ +CVE-2024-3344 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) + TODO: check +CVE-2024-3343 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) + TODO: check +CVE-2024-32112 (Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. ...) + TODO: check +CVE-2024-32109 (Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / ...) + TODO: check +CVE-2024-32108 (Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Con ...) + TODO: check +CVE-2024-32107 (Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Li ...) + TODO: check +CVE-2024-32106 (Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Comp ...) + TODO: check +CVE-2024-32105 (Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX W ...) + TODO: check +CVE-2024-32083 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32080 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31937 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31936 (Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP ...) + TODO: check +CVE-2024-31935 (Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple ...) + TODO: check +CVE-2024-31934 (Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link W ...) + TODO: check +CVE-2024-31932 (Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Bloc ...) + TODO: check +CVE-2024-31931 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31930 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31929 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31928 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31927 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31926 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31925 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31861 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-31678 (Sourcecodester Loan Management System v1.0 is vulnerable to SQL Inject ...) + TODO: check +CVE-2024-31387 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31361 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31285 (Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress T ...) + TODO: check +CVE-2024-30273 (Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack- ...) + TODO: check +CVE-2024-30272 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...) + TODO: check +CVE-2024-30271 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...) + TODO: check +CVE-2024-29454 (An issue discovered in packages or nodes in ROS2 Humble Hawksbill with ...) + TODO: check +CVE-2024-25852 (Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution v ...) + TODO: check +CVE-2024-22722 (Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1. ...) + TODO: check +CVE-2024-22721 (Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 al ...) + TODO: check +CVE-2024-22719 (SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to ru ...) + TODO: check +CVE-2024-22718 (Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows at ...) + TODO: check +CVE-2024-22717 (Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows at ...) + TODO: check +CVE-2024-20798 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...) + TODO: check +CVE-2024-20797 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of- ...) + TODO: check +CVE-2024-20796 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of- ...) + TODO: check +CVE-2024-20795 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a813895 by security tracker role at 2024-04-11T08:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,111 @@ +CVE-2024-3652 (The Libreswan Project was notified of an issue causing libreswan to re ...) + TODO: check +CVE-2024-3621 (A vulnerability was found in SourceCodester Kortex Lite Advocate Offic ...) + TODO: check +CVE-2024-3620 (A vulnerability was found in SourceCodester Kortex Lite Advocate Offic ...) + TODO: check +CVE-2024-3619 (A vulnerability has been found in SourceCodester Kortex Lite Advocate ...) + TODO: check +CVE-2024-3618 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-3617 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-3616 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2024-3614 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2024-3613 (A vulnerability was found in SourceCodester Warehouse Management Syste ...) + TODO: check +CVE-2024-3612 (A vulnerability was found in SourceCodester Warehouse Management Syste ...) + TODO: check +CVE-2024-3285 (The Slider, Gallery, and Carousel by MetaSlider \u2013 Responsive Word ...) + TODO: check +CVE-2024-32001 (SpiceDB is a graph database purpose-built for storing and evaluating a ...) + TODO: check +CVE-2024-31999 (@festify/secure-session creates a secure stateless cookie session for ...) + TODO: check +CVE-2024-31997 (XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, ...) + TODO: check +CVE-2024-31996 (XWiki Platform is a generic wiki platform. Starting in version 3.0.1 a ...) + TODO: check +CVE-2024-31995 (`@digitalbazaar/zcap` provides JavaScript reference implementation for ...) + TODO: check +CVE-2024-31988 (XWiki Platform is a generic wiki platform. Starting in version 13.9-rc ...) + TODO: check +CVE-2024-31987 (XWiki Platform is a generic wiki platform. Starting in version 6.4-mil ...) + TODO: check +CVE-2024-31986 (XWiki Platform is a generic wiki platform. Starting in version 3.1 and ...) + TODO: check +CVE-2024-31985 (XWiki Platform is a generic wiki platform. Starting in version 3.1 and ...) + TODO: check +CVE-2024-30917 (An issue was discovered in eProsima FastDDS v.2.14.0 and before, allow ...) + TODO: check +CVE-2024-30916 (An issue was discovered in eProsima FastDDS v.2.14.0 and before, allow ...) + TODO: check +CVE-2024-30915 (An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de ...) + TODO: check +CVE-2024-30885 (Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, a ...) + TODO: check +CVE-2024-30884 (Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version ...) + TODO: check +CVE-2024-30883 (Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6. ...) + TODO: check +CVE-2024-30880 (Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6. ...) + TODO: check +CVE-2024-30879 (Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6. ...) + TODO: check +CVE-2024-30878 (A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allo ...) + TODO: check +CVE-2024-30728 (An issue was discovered in the default configurations of ROS (Robot Op ...) + TODO: check +CVE-2024-2966 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) + TODO: check +CVE-2024-29903 (Cosign provides code signing and transparency for containers and binar ...) + TODO: check +CVE-2024-29902 (Cosign provides code signing and transparency for containers and binar ...) + TODO: check +CVE-2024-29504 (Cross Site Scripting vulnerability in Summernote v.0.8.18 and before a ...) + TODO: check +CVE-2024-29460 (An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate th ...) + TODO: check +CVE-2024-29455 (An arbitrary file upload vulnerability has been discovered in ROS2 Hum ...) + TODO: check +CVE-2024-29452 (An insecure deserialization vulnerability has been identified in ROS2 ...) + TODO: check +CVE-2024-29450 (An issue has been discovered in the permission and access control comp ...) + TODO: check +CVE-2024-29449 (An issue was discovered in ROS2 Humble Hawksbill in ROS_VERSION 2 and ...) + TODO: check +CVE-2024-29448 (A buffer overflow vulnerability has been discovered in the C++ compone ...) + TODO: check +CVE-2024-29447 (An issue was discovered in the default configurations of ROS2 Humble H ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2611a4fb by security tracker role at 2024-04-10T20:11:54+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,173 +1,411 @@ -CVE-2021-47219 [scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()] +CVE-2024-3570 (A stored Cross-Site Scripting (XSS) vulnerability exists in the chat f ...) + TODO: check +CVE-2024-3569 (A Denial of Service (DoS) vulnerability exists in the mintplex-labs/an ...) + TODO: check +CVE-2024-3568 (The huggingface/transformers library is vulnerable to arbitrary code e ...) + TODO: check +CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in the upda ...) + TODO: check +CVE-2024-3566 (A command inject vulnerability allows an attacker to perform command i ...) + TODO: check +CVE-2024-3516 (Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 ...) + TODO: check +CVE-2024-3515 (Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowe ...) + TODO: check +CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In this v ...) + TODO: check +CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN ...) + TODO: check +CVE-2024-3387 (A weak (low bit strength) device certificate in Palo Alto Networks Pan ...) + TODO: check +CVE-2024-3386 (An incorrect string comparison vulnerability in Palo Alto Networks PAN ...) + TODO: check +CVE-2024-3385 (A packet processing mechanism in Palo Alto Networks PAN-OS software en ...) + TODO: check +CVE-2024-3384 (A vulnerability in Palo Alto Networks PAN-OS software enables a remote ...) + TODO: check +CVE-2024-3383 (A vulnerability in how Palo Alto Networks PAN-OS software processes da ...) + TODO: check +CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that enable ...) + TODO: check +CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with manage ...) + TODO: check +CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome prior to 1 ...) + TODO: check +CVE-2024-3101 (In mintplex-labs/anything-llm, an improper input validation vulnerabil ...) + TODO: check +CVE-2024-3098 (A vulnerability was identified in the `exec_utils` class of the `llama ...) + TODO: check +CVE-2024-3025 (mintplex-labs/anything-llm is vulnerable to path traversal attacks due ...) + TODO: check +CVE-2024-31984 (Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, an ...) + TODO: check +CVE-2024-31983 (XWiki Platform is a generic wiki platform. In multilingual wikis, tran ...) + TODO: check +CVE-2024-31982 (XWiki Platform is a generic wiki platform. Starting in version 2.4-mil ...) + TODO: check +CVE-2024-31981 (XWiki Platform is a generic wiki platform. Starting in version 3.0.1 a ...) + TODO: check +CVE-2024-31944 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerc ...) + TODO: check +CVE-2024-31943 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipp ...) + TODO: check +CVE-2024-31939 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any X ...) + TODO: check +CVE-2024-31924 (Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Im ...) + TODO: check +CVE-2024-31874 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninit ...) + TODO: check +CVE-2024-31873 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains ha ...) + TODO: check +CVE-2024-31872 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) + TODO: check +CVE-2024-31871 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) + TODO: check +CVE-2024-31819 (An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker ...) + TODO: check +CVE-2024-31492 (An external control of file name or path vulnerability [CWE-73] in Fo ...) + TODO: check +CVE-2024-31465 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...) + TODO: check +CVE-2024-31464 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...) + TODO: check +CVE-2024-31461 (Plane, an open-source project management tool, has a Server-Side Reque ...) + TODO: check +CVE-2024-31430 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...) + TODO: check +CVE-2024-31386 (Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X ...) + TODO: check +CVE-2024-31358 (Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating ...) + TODO: check +CVE-2024-31356
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84fde809 by security tracker role at 2024-04-10T08:12:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,147 @@ +CVE-2024-3556 + REJECTED +CVE-2024-3542 (A vulnerability classified as problematic was found in Campcodes Churc ...) + TODO: check +CVE-2024-3541 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-3540 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) + TODO: check +CVE-2024-3539 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) + TODO: check +CVE-2024-3538 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) + TODO: check +CVE-2024-3537 (A vulnerability was found in Campcodes Church Management System 1.0 an ...) + TODO: check +CVE-2024-3536 (A vulnerability has been found in Campcodes Church Management System 1 ...) + TODO: check +CVE-2024-3535 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-3534 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-3533 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-3532 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-3531 (A vulnerability was found in Campcodes Complete Online Student Managem ...) + TODO: check +CVE-2024-3530 (A vulnerability was found in Campcodes Complete Online Student Managem ...) + TODO: check +CVE-2024-3529 (A vulnerability was found in Campcodes Complete Online Student Managem ...) + TODO: check +CVE-2024-3528 (A vulnerability was found in Campcodes Complete Online Student Managem ...) + TODO: check +CVE-2024-3526 (A vulnerability has been found in Campcodes Online Event Management Sy ...) + TODO: check +CVE-2024-3525 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-3524 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-3523 (A vulnerability classified as critical was found in Campcodes Online E ...) + TODO: check +CVE-2024-3522 (A vulnerability classified as critical has been found in Campcodes Onl ...) + TODO: check +CVE-2024-3521 (A vulnerability was found in Byzoro Smart S80 Management Platform up t ...) + TODO: check +CVE-2024-3313 (SUBNET Solutions Inc. has identified vulnerabilities in third-party c ...) + TODO: check +CVE-2024-3235 (The Essential Grid Gallery WordPress Plugin plugin for WordPress is vu ...) + TODO: check +CVE-2024-3210 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) + TODO: check +CVE-2024-3120 (A stack-buffer overflow vulnerability exists in all versions of sngrep ...) + TODO: check +CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of sngrep since ...) + TODO: check +CVE-2024-3020 (The plugin is vulnerable to PHP Object Injection in versions up to and ...) + TODO: check +CVE-2024-30737 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) + TODO: check +CVE-2024-30736 (An insecure deserialization vulnerability has been identified in ROS K ...) + TODO: check +CVE-2024-30735 (An arbitrary file upload vulnerability has been discovered in ROS Kine ...) + TODO: check +CVE-2024-30733 (A buffer overflow vulnerability has been discovered in the C++ compone ...) + TODO: check +CVE-2024-30730 (An insecure logging vulnerability has been identified within ROS Kinet ...) + TODO: check +CVE-2024-30729 (An OS command injection vulnerability has been discovered in ROS Kinet ...) + TODO: check +CVE-2024-30727 (An issue was discovered in ROS Kinetic Kame in Kinetic Kame ROS_VERSIO ...) + TODO: check +CVE-2024-30726 (A shell injection vulnerability was discovered in ROS (Robot Operating ...) + TODO: check +CVE-2024-30724 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) + TODO: check +CVE-2024-30723 (An unauthorized node injection vulnerability has been identified in RO ...) + TODO: check +CVE-2024-30722 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) + TODO: check +CVE-2024-30721 (An arbitrary file upload vulnerability has been discovered in ROS2 Das ...) + TODO: check +CVE-2024-30719 (An insecure deserialization vulnerability has been identified in ROS2 ...) + TODO: check +CVE-2024-30718 (An issue was discovered in ROS2 Dashing Diademata in
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 088a99dd by security tracker role at 2024-04-09T20:12:02+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,741 @@ +CVE-2024-3545 (Improper permission handling in the vault offline cache feature in Dev ...) + TODO: check +CVE-2024-3514 (The Responsive Tabs plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-3512 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) + TODO: check +CVE-2024-3446 (A double free vulnerability was found in QEMU virtio devices (virtio-g ...) + TODO: check +CVE-2024-3281 (A vulnerability was discovered in the firmware builds after 8.0.2.3267 ...) + TODO: check +CVE-2024-3267 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-3266 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-3244 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) + TODO: check +CVE-2024-3214 (The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-3213 (The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-3208 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...) + TODO: check +CVE-2024-3167 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-3136 (The MasterStudy LMS plugin for WordPress is vulnerable to Local File I ...) + TODO: check +CVE-2024-3097 (The WordPress Gallery Plugin \u2013 NextGEN Gallery plugin for WordPre ...) + TODO: check +CVE-2024-3093 (The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-3064 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for ...) + TODO: check +CVE-2024-3053 (The Forminator \u2013 Contact Form, Payment Form & Custom Form Builder ...) + TODO: check +CVE-2024-3046 (In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4 ...) + TODO: check +CVE-2024-31978 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) + TODO: check +CVE-2024-31868 (Improper Encoding or Escaping of Output vulnerability in Apache Zeppel ...) + TODO: check +CVE-2024-31867 (Improper Input Validation vulnerability in Apache Zeppelin. The attac ...) + TODO: check +CVE-2024-31866 (Improper Encoding or Escaping of Output vulnerability in Apache Zeppel ...) + TODO: check +CVE-2024-31865 (Improper Input Validation vulnerability in Apache Zeppelin. The attac ...) + TODO: check +CVE-2024-31864 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-31863 (Authentication Bypass by Spoofing vulnerability by replacing to exsiti ...) + TODO: check +CVE-2024-31862 (Improper Input Validation vulnerability in Apache Zeppelin when creati ...) + TODO: check +CVE-2024-31860 (Improper Input Validation vulnerability in Apache Zeppelin. By adding ...) + TODO: check +CVE-2024-31544 (A stored cross-site scripting (XSS) vulnerability in Computer Laborato ...) + TODO: check +CVE-2024-31507 (Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL ...) + TODO: check +CVE-2024-31506 (Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL ...) + TODO: check +CVE-2024-31487 (A improper limitation of a pathname to a restricted directory ('path t ...) + TODO: check +CVE-2024-31457 (gin-vue-admin is a backstage management system based on vue and gin, w ...) + TODO: check +CVE-2024-31455 (Minder by Stacklok is an open source software supply chain security pl ...) + TODO: check +CVE-2024-31454 (PsiTransfer is an open source, self-hosted file sharing solution. Prio ...) + TODO: check +CVE-2024-31453 (PsiTransfer is an open source, self-hosted file sharing solution. Prio ...) + TODO: check +CVE-2024-31370 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-31369 (Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad ...) + TODO: check +CVE-2024-31368 (Missing Authorization vulnerability in PenciDesign Soledad.This issue ...) + TODO: check +CVE-2024-31367 (Missing Authorization vulnerability in PenciDesign Soledad.This issue ...) + TODO: check +CVE-2024-30706 (An issue was discovered in ROS2 Dashing Diademata versions ROS_VERSION ...) + TODO: check +CVE-2024-30704 (An insecure deserialization vulnerability has been identified in ROS2 ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dc9d4ef9 by security tracker role at 2024-04-09T08:11:47+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,97 @@ +CVE-2024-3466 (A vulnerability was found in SourceCodester Laundry Management System ...) + TODO: check +CVE-2024-3465 (A vulnerability was found in SourceCodester Laundry Management System ...) + TODO: check +CVE-2024-31366 (Missing Authorization vulnerability in Themify Post Type Builder (PTB) ...) + TODO: check +CVE-2024-31365 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31047 (An issue in Academy Software Foundation openexr v.3.2.3 and before all ...) + TODO: check +CVE-2024-30701 (An insecure logging vulnerability in ROS2 Galactic Geochelone ROS_VERS ...) + TODO: check +CVE-2024-30699 (A buffer overflow vulnerability has been discovered in the C++ compone ...) + TODO: check +CVE-2024-30697 (An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 a ...) + TODO: check +CVE-2024-30696 (OS command injection vulnerability in ROS2 Galactic Geochelone in ROS_ ...) + TODO: check +CVE-2024-30695 (An issue was discovered in the default configurations of ROS2 Galactic ...) + TODO: check +CVE-2024-30694 (A shell injection vulnerability was discovered in ROS2 (Robot Operatin ...) + TODO: check +CVE-2024-30692 (A issue was discovered in ROS2 Galactic Geochelone versions ROS_VERSIO ...) + TODO: check +CVE-2024-30691 (An issue was discovered in ROS2 Galactic Geochelone in version ROS_VER ...) + TODO: check +CVE-2024-30690 (An unauthorized node injection vulnerability has been identified in RO ...) + TODO: check +CVE-2024-30688 (An arbitrary file upload vulnerability has been discovered in ROS2 Iro ...) + TODO: check +CVE-2024-30687 (An insecure deserialization vulnerability has been identified in ROS2 ...) + TODO: check +CVE-2024-30686 (An issue was discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ...) + TODO: check +CVE-2024-30684 (An insecure logging vulnerability has been identified within ROS2 Iron ...) + TODO: check +CVE-2024-30683 (A buffer overflow vulnerability has been discovered in the C++ compone ...) + TODO: check +CVE-2024-30681 (An OS command injection vulnerability has been discovered in ROS2 Iron ...) + TODO: check +CVE-2024-30680 (Shell injection vulnerability was discovered in ROS2 (Robot Operating ...) + TODO: check +CVE-2024-30679 (An issue was discovered in the default configurations of ROS2 Iron Irw ...) + TODO: check +CVE-2024-30678 (An issue has been discovered in ROS2 Iron Irwini ROS_VERSION 2 and ROS ...) + TODO: check +CVE-2024-30676 (A Denial-of-Service (DoS) vulnerability exists in ROS2 Iron Irwini ver ...) + TODO: check +CVE-2024-30218 (The ABAP Application Server of SAP NetWeaver as well as ABAP Platforma ...) + TODO: check +CVE-2024-30217 (Cash Management in SAP S/4 HANA does not perform necessary authorizati ...) + TODO: check +CVE-2024-30216 (Cash Management in SAP S/4 HANA does not perform necessary authorizati ...) + TODO: check +CVE-2024-30215 (The Resource Settings page allows a high privilege attacker to load ex ...) + TODO: check +CVE-2024-30214 (The application allows a high privilege attacker to append a malicious ...) + TODO: check +CVE-2024-2975 (A race condition was identified through which privilege escalation was ...) + TODO: check +CVE-2024-28167 (SAP Group Reporting Data Collectiondoes not perform necessary authoriz ...) + TODO: check +CVE-2024-27901 (SAP Asset Accounting could allow a high privileged attacker to exploit ...) + TODO: check +CVE-2024-27899 (Self-Registrationand Modify your own profile in User Admin Application ...) + TODO: check +CVE-2024-27898 (SAP NetWeaver application, due to insufficient input validation, allow ...) + TODO: check +CVE-2024-27632 (An issue in GNU Savane v.3.12 and before allows a remote attacker to e ...) + TODO: check +CVE-2024-27631 (Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and befo ...) + TODO: check +CVE-2024-27630 (Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and befor ...) + TODO: check +CVE-2024-25646 (Due to improper validation,SAP BusinessObject Business Intelligence La ...) + TODO: check +CVE-2024-23584 (The NMAP Importer service may expose data store credentials to authori ...) + TODO: check +CVE-2024-23084 (Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsExce ...) + TODO: check +CVE-2024-23081 (ThreeTen Backport v1.6.8 was discovered to contain a NullPointerExcept
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 82289868 by security tracker role at 2024-04-08T20:12:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,159 @@ -CVE-2024-26811 [ksmbd: validate payload size in ipc response] +CVE-2024-3464 (A vulnerability was found in SourceCodester Laundry Management System ...) + TODO: check +CVE-2024-3463 (A vulnerability has been found in SourceCodester Laundry Management Sy ...) + TODO: check +CVE-2024-3458 (A vulnerability classified as critical was found in Netentsec NS-ASG A ...) + TODO: check +CVE-2024-3457 (A vulnerability classified as critical has been found in Netentsec NS- ...) + TODO: check +CVE-2024-3456 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) + TODO: check +CVE-2024-3455 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) + TODO: check +CVE-2024-3445 (A vulnerability was found in SourceCodester Laundry Management System ...) + TODO: check +CVE-2024-3444 (A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It ...) + TODO: check +CVE-2024-3443 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2024-3442 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-3441 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + TODO: check +CVE-2024-3440 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + TODO: check +CVE-2024-3439 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + TODO: check +CVE-2024-3438 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + TODO: check +CVE-2024-31817 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensi ...) + TODO: check +CVE-2024-31816 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensi ...) + TODO: check +CVE-2024-31815 (In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the c ...) + TODO: check +CVE-2024-31814 (TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login ...) + TODO: check +CVE-2024-31813 (TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authenticati ...) + TODO: check +CVE-2024-31812 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensi ...) + TODO: check +CVE-2024-31811 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...) + TODO: check +CVE-2024-31809 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...) + TODO: check +CVE-2024-31808 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...) + TODO: check +CVE-2024-31807 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...) + TODO: check +CVE-2024-31806 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Deni ...) + TODO: check +CVE-2024-31805 (TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Te ...) + TODO: check +CVE-2024-31447 (Shopware 6 is an open commerce platform based on Symfony Framework and ...) + TODO: check +CVE-2024-31442 (Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In al ...) + TODO: check +CVE-2024-31375 (Missing Authorization vulnerability in Saleswonder.Biz Team WP2LEADS.T ...) + TODO: check +CVE-2024-31357 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31224 (GPT Academic provides interactive interfaces for large language models ...) + TODO: check +CVE-2024-31221 (Sunshine is a self-hosted game stream host for Moonlight. Starting in ...) + TODO: check +CVE-2024-31205 (Saleor is an e-commerce platform. Starting in version 3.10.0 and prior ...) + TODO: check +CVE-2024-30269 (DataEase, an open source data visualization and analysis tool, has a d ...) + TODO: check +CVE-2024-2834 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified ...) + TODO: check +CVE-2024-28732 (An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu ver ...) + TODO: check +CVE-2024-28270 (An issue discovered in web-flash v3.0 allows attackers to reset passwo ...) + TODO: check +CVE-2024-28224 (Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadve ...) + TODO: check +CVE-2024-28066 (In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a h ...) + TODO: check +CVE-2024-27897 (Input verification vulnerability in the call module. Impact: Successfu ...) + TODO: check +CVE-2024-27896 (Input verification
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f72ca01 by security tracker role at 2024-04-08T08:11:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,101 @@ +CVE-2024-3437 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + TODO: check +CVE-2024-3436 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + TODO: check +CVE-2024-3434 (A vulnerability classified as critical was found in CP Plus Wi-Fi Came ...) + TODO: check +CVE-2024-3433 (A vulnerability classified as problematic has been found in PuneethRed ...) + TODO: check +CVE-2024-3432 (A vulnerability was found in PuneethReddyHC Event Management 1.0. It h ...) + TODO: check +CVE-2024-3431 (A vulnerability was found in EyouCMS 1.6.5. It has been declared as cr ...) + TODO: check +CVE-2024-3430 (A vulnerability was found in QKSMS up to 3.9.4 on Android. It has been ...) + TODO: check +CVE-2024-31951 (In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, ...) + TODO: check +CVE-2024-31950 (In FRRouting (FRR) through 9.1, there can be a buffer overflow and dae ...) + TODO: check +CVE-2024-31949 (In FRRouting (FRR) through 9.1, an infinite loop can occur when receiv ...) + TODO: check +CVE-2024-31948 (In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix S ...) + TODO: check +CVE-2024-31022 (An issue was discovered in CandyCMS version 1.0.0, allows remote attac ...) + TODO: check +CVE-2024-30675 (Unauthorized node injection vulnerability in ROS2 Iron Irwini in ROS_V ...) + TODO: check +CVE-2024-30674 (Unauthorized access vulnerability in ROS2 Iron Irwini in ROS_VERSION i ...) + TODO: check +CVE-2024-30672 (Arbitrary file upload vulnerability in ROS (Robot Operating System) Me ...) + TODO: check +CVE-2024-30667 (Insecure deserialization vulnerability in ROS (Robot Operating System) ...) + TODO: check +CVE-2024-30666 (A buffer overflow vulnerability has been discovered in the C++ compone ...) + TODO: check +CVE-2024-30665 (An OS command injection vulnerability has been discovered in ROS (Robo ...) + TODO: check +CVE-2024-30663 (An issue was discovered in the default configurations of ROS (Robot Op ...) + TODO: check +CVE-2024-30662 (An issue was discovered in ROS (Robot Operating System) Melodic Moreni ...) + TODO: check +CVE-2024-30661 (An unauthorized access vulnerability has been discovered in ROS Melodi ...) + TODO: check +CVE-2024-30659 (Shell Injection vulnerability in ROS (Robot Operating System) Melodic ...) + TODO: check +CVE-2024-28744 (The password is empty in the initial configuration of ACERA 9010-08 fi ...) + TODO: check +CVE-2024-27488 (Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 thro ...) + TODO: check +CVE-2024-23658 (In camera driver, there is a possible use after free due to a logic er ...) + TODO: check +CVE-2024-1958 (The wpb-show-core WordPress plugin before 2.7 does not sanitise and es ...) + TODO: check +CVE-2024-1956 (The wpb-show-core WordPress plugin before 2.7 does not sanitise and es ...) + TODO: check +CVE-2024-1752 (The Font Farsi WordPress plugin through 1.6.6 does not sanitise and es ...) + TODO: check +CVE-2024-1589 (The SendPress Newsletters WordPress plugin through 1.23.11.6 does not ...) + TODO: check +CVE-2024-1588 (The SendPress Newsletters WordPress plugin through 1.23.11.6 does not ...) + TODO: check +CVE-2024-1292 (The wpb-show-core WordPress plugin before 2.6 does not sanitise and es ...) + TODO: check +CVE-2023-52536 (In faceid service, there is a possible out of bounds read due to a mis ...) + TODO: check +CVE-2023-52535 (In vsp driver, there is a possible missing verification incorrect inpu ...) + TODO: check +CVE-2023-52534 (In ngmm, there is a possible undefined behavior due to incorrect error ...) + TODO: check +CVE-2023-52533 (In modem-ps-nas-ngmm, there is a possible undefined behavior due to in ...) + TODO: check +CVE-2023-52352 (In Network Adapter Service, there is a possible missing permission che ...) + TODO: check +CVE-2023-52351 (In ril service, there is a possible out of bounds write due to a missi ...) + TODO: check +CVE-2023-52350 (In ril service, there is a possible out of bounds write due to a missi ...) + TODO: check +CVE-2023-52349 (In ril service, there is a possible out of bounds write due to a missi ...) + TODO: check +CVE-2023-52348 (In ril service, there is a possible out of bounds write due to a missi ...) + TODO: check +CVE-2023-52347 (In ril service, there is a possible out of bounds write due to a missi ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 49c2eef2 by security tracker role at 2024-04-07T20:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,93 @@ +CVE-2024-3428 (A vulnerability has been found in SourceCodester Online Courseware 1.0 ...) + TODO: check +CVE-2024-3427 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check +CVE-2024-3426 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-3425 (A vulnerability classified as critical was found in SourceCodester Onl ...) + TODO: check +CVE-2024-3424 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-3423 (A vulnerability was found in SourceCodester Online Courseware 1.0. It ...) + TODO: check +CVE-2024-3422 (A vulnerability was found in SourceCodester Online Courseware 1.0. It ...) + TODO: check +CVE-2024-3421 (A vulnerability was found in SourceCodester Online Courseware 1.0. It ...) + TODO: check +CVE-2024-3420 (A vulnerability was found in SourceCodester Online Courseware 1.0 and ...) + TODO: check +CVE-2024-3419 (A vulnerability has been found in SourceCodester Online Courseware 1.0 ...) + TODO: check +CVE-2024-3418 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-31349 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31348 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31346 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31345 (Unrestricted Upload of File with Dangerous Type vulnerability in Sukhc ...) + TODO: check +CVE-2024-31344 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31308 (Deserialization of Untrusted Data vulnerability in VJInfotech WP Impor ...) + TODO: check +CVE-2024-31306 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31296 (Authorization Bypass Through User-Controlled Key vulnerability in Repu ...) + TODO: check +CVE-2024-31292 (Unrestricted Upload of File with Dangerous Type vulnerability in Moove ...) + TODO: check +CVE-2024-31291 (Authorization Bypass Through User-Controlled Key vulnerability in Meta ...) + TODO: check +CVE-2024-31288 (Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoa ...) + TODO: check +CVE-2024-31286 (Unrestricted Upload of File with Dangerous Type vulnerability in J.N. ...) + TODO: check +CVE-2024-31280 (Unrestricted Upload of File with Dangerous Type vulnerability in Andy ...) + TODO: check +CVE-2024-31277 (Deserialization of Untrusted Data vulnerability in PickPlugins Product ...) + TODO: check +CVE-2024-31260 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-31258 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31257 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31256 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31255 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31241 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-31236 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31234 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-31233 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30418 (Vulnerability of insufficient permission verification in the app manag ...) + TODO: check +CVE-2024-30417 (Path traversal vulnerability in the Bluetooth-based sharing module. Im ...) + TODO: check +CVE-2024-30416 (Use After Free (UAF) vulnerability in the underlying driver module. Im ...) + TODO: check +CVE-2024-22155 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooComme ...) + TODO: check +CVE-2023-52717 (Permission verification vulnerability in the lock screen module. Impac ...) + TODO: check +CVE-2023-52716 (Vulnerability of starting activities in the background in the Activity ...) + TODO: check +CVE-2023-52715 (The SystemUI module has a vulnerability in permission management. Impa ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c92c5df7 by security tracker role at 2024-04-07T08:12:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2024-3417 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-3416 (A vulnerability classified as critical was found in SourceCodester Onl ...) + TODO: check +CVE-2024-3415 (A vulnerability was found in SourceCodester Human Resource Information ...) + TODO: check +CVE-2024-3414 (A vulnerability was found in SourceCodester Human Resource Information ...) + TODO: check +CVE-2024-30415 (Vulnerability of improper permission control in the window management ...) + TODO: check +CVE-2024-30414 (Command injection vulnerability in the AccountManager module. Impact: ...) + TODO: check +CVE-2024-30413 (Vulnerability of improper permission control in the window management ...) + TODO: check +CVE-2023-6877 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...) + TODO: check CVE-2024-3413 (A vulnerability has been found in SourceCodester Human Resource Inform ...) NOT-FOR-US: SourceCodester Human Resource Information System CVE-2024-3378 (A vulnerability has been found in iboss Secure Web Gateway up to 10.1 ...) @@ -373,7 +389,7 @@ CVE-2024-28871 (LibHTP is a security-aware parser for the HTTP protocol and the NOTE: https://redmine.openinfosecfoundation.org/issues/6757 CVE-2024-28787 (IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application G ...) NOT-FOR-US: IBM -CVE-2024-27575 (Directory Traversal vulnerability in INOTEC Sicherheitstechnik GmbH IN ...) +CVE-2024-27575 (INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote a ...) NOT-FOR-US: INOTEC CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is ...) NOT-FOR-US: IBM @@ -3243,7 +3259,7 @@ CVE-2023-39311 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion F CVE-2023-34020 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in U ...) NOT-FOR-US: WordPress plugin CVE-2024-28085 (wall in util-linux through 2.40, often installed with setgid tty permi ...) - {DSA-5650-1} + {DSA-5650-1 DLA-3782-1} - util-linux 2.39.3-11 (bug #1067849) NOTE: https://www.openwall.com/lists/oss-security/2024/03/27/5 NOTE: https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253 (v2.40) @@ -11791,6 +11807,7 @@ CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF li CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Ser ...) NOT-FOR-US: Tencent Blueking CMDB CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 SSL con ...) + {DLA-3780-1} - jetty9 9.4.54-1 (bug #1064923) NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 NOTE: https://github.com/jetty/jetty.project/issues/11256 @@ -16484,6 +16501,7 @@ CVE-2023-52426 (libexpat through 2.5.0 allows recursive XML Entity Expansion if NOTE: CVE is for fixing billion laughs attacks for users compiling *without* XML_DTD defined, NOTE: which is not the case for Debian. CVE-2023-52425 (libexpat through 2.5.0 allows a denial of service (resource consumptio ...) + {DLA-3783-1} - expat 2.6.0-1 (bug #1063238) NOTE: https://github.com/libexpat/libexpat/pull/789 NOTE: Merge commit: https://github.com/libexpat/libexpat/commit/34b598c5f594b015c513c73f06e7ced3323edbf1 @@ -186668,6 +186686,7 @@ CVE-2021-40814 (The Customer Photo Gallery addon before 2.9.4 for PrestaShop is CVE-2021-40813 (A cross-site scripting (XSS) vulnerability in the "Zip content" featur ...) NOT-FOR-US: Element-IT HTTP Commander CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...) + {DLA-3781-1} - libgd2 2.3.3-1 [bullseye] - libgd2 (Minor issue) [stretch] - libgd2 (Minor issue) @@ -193584,6 +193603,7 @@ CVE-2021-38117 CVE-2021-38116 RESERVED CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) thr ...) + {DLA-3781-1} - libgd2 2.3.3-1 (bug #991912) [bullseye] - libgd2 (Minor issue) [stretch] - libgd2 (Minor issue) @@ -195059,6 +195079,7 @@ CVE-2021-37599 (The exporter/Login.aspx login form in the Exporter in Nuance Win CVE-2021-3668 RESERVED CVE-2021-37600 (An integer overflow in util-linux through 2.37.1 can potentially cause ...) + {DLA-3782-1} - util-linux 2.36.1-8 (low; bug #991619) [stretch] -
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1842a9d7 by security tracker role at 2024-04-06T20:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,33 @@ +CVE-2024-3413 (A vulnerability has been found in SourceCodester Human Resource Inform ...) + TODO: check +CVE-2024-3378 (A vulnerability has been found in iboss Secure Web Gateway up to 10.1 ...) + TODO: check +CVE-2024-3377 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2024-3376 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-3369 (A vulnerability, which was classified as critical, has been found in c ...) + TODO: check +CVE-2024-3366 (A vulnerability classified as problematic was found in Xuxueli xxl-job ...) + TODO: check +CVE-2024-3365 (A vulnerability was found in SourceCodester Online Library System 1.0. ...) + TODO: check +CVE-2024-3364 (A vulnerability was found in SourceCodester Online Library System 1.0. ...) + TODO: check +CVE-2024-3363 (A vulnerability was found in SourceCodester Online Library System 1.0. ...) + TODO: check +CVE-2024-2296 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...) + TODO: check +CVE-2024-2132 (The Ultimate Bootstrap Elements for Elementor plugin for WordPress is ...) + TODO: check +CVE-2024-28741 (Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 a ...) + TODO: check +CVE-2024-27620 (An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to o ...) + TODO: check +CVE-2024-25029 (IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows s ...) + TODO: check +CVE-2024-22328 (IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attack ...) + TODO: check CVE-2024- [RUSTSEC-2024-0332: Degradation of service in h2 servers with CONTINUATION Flood] - rust-h2 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0332.html @@ -204,7 +234,7 @@ CVE-2024-26812 (In the Linux kernel, the following vulnerability has been resolv CVE-2024-26810 (In the Linux kernel, the following vulnerability has been resolved: v ...) - linux NOTE: https://git.kernel.org/linus/810cd4bb53456d0503cc4e7934e063835152c1b7 (6.9-rc1) -CVE-2024-24746 +CVE-2024-24746 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...) NOT-FOR-US: Apache NimBLE CVE-2024-3321 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester eLearning System @@ -1448,17 +1478,17 @@ CVE-2023-35764 (Insufficient verification of data authenticity issue in Survey M NOT-FOR-US: Survey Maker CVE-2023-34423 (Survey Maker prior to 3.6.4 contains a stored cross-site scripting vul ...) NOT-FOR-US: Survey Maker -CVE-2024-3159 +CVE-2024-3159 (Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312 ...) {DSA-5654-1} - chromium 123.0.6312.105-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-3158 +CVE-2024-3158 (Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 a ...) {DSA-5654-1} - chromium 123.0.6312.105-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-3156 +CVE-2024-3156 (Inappropriate implementation in V8 in Google Chrome prior to 123.0.631 ...) {DSA-5654-1} - chromium 123.0.6312.105-1 [bullseye] - chromium (see #1061268) @@ -16321,7 +16351,7 @@ CVE-2023-47355 (The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quic NOT-FOR-US: com.eypcnnapps.quickreboot application CVE-2021-4436 (The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any aut ...) NOT-FOR-US: WordPress plugin -CVE-2024-0406 +CVE-2024-0406 (A flaw was discovered in the mholt/archiver package. This flaw allows ...) NOT-FOR-US: mholt/archiver Go package CVE-2024-25089 (Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows r ...) NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1842a9d767012a4ffeaf4a1ecfd330af962a8624 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1842a9d767012a4ffeaf4a1ecfd330af962a8624 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 79cafbdf by security tracker role at 2024-04-06T08:11:48+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,63 @@ +CVE-2024-3362 (A vulnerability was found in SourceCodester Online Library System 1.0 ...) + TODO: check +CVE-2024-3361 (A vulnerability has been found in SourceCodester Online Library System ...) + TODO: check +CVE-2024-3360 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-3359 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-3358 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2024-3357 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2024-3356 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) + TODO: check +CVE-2024-3355 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) + TODO: check +CVE-2024-3245 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) + TODO: check +CVE-2024-3216 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...) + TODO: check +CVE-2024-30977 (An issue in Secnet Security Network Intelligent AC Management System v ...) + TODO: check +CVE-2024-2950 (The BoldGrid Easy SEO \u2013 Simple and Effective SEO plugin for WordP ...) + TODO: check +CVE-2024-2949 (The Carousel, Slider, Gallery by WP Carousel \u2013 Image Carousel & P ...) + TODO: check +CVE-2024-2656 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) + TODO: check +CVE-2024-2471 (The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-2458 (The Powerkit \u2013 Supercharge your WordPress Site plugin for WordPre ...) + TODO: check +CVE-2024-2444 (The Inline Related Posts WordPress plugin before 3.5.0 does not saniti ...) + TODO: check +CVE-2024-27912 (A denial of service vulnerability was reported in some Lenovo Printers ...) + TODO: check +CVE-2024-27911 (A vulnerability was reported in some Lenovo Printers that could allow ...) + TODO: check +CVE-2024-27910 (A vulnerability was reported in some Lenovo Printers that could allow ...) + TODO: check +CVE-2024-27909 (A denial of service vulnerability was reported in the HTTPS service of ...) + TODO: check +CVE-2024-27908 (A buffer overflow vulnerability was reported in the HTTPS service of s ...) + TODO: check +CVE-2024-23592 (An authentication bypass vulnerability was reported in Lenovo devices ...) + TODO: check +CVE-2024-21506 (Versions of the package pymongo before 4.6.3 are vulnerable to Out-of- ...) + TODO: check +CVE-2024-1994 (The Image Watermark plugin for WordPress is vulnerable to unauthorized ...) + TODO: check +CVE-2024-1428 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) + TODO: check +CVE-2024-1385 (The WP-Stateless \u2013 Google Cloud Storage plugin for WordPress is v ...) + TODO: check +CVE-2024-0837 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) + TODO: check +CVE-2023-5912 (A potential memory leakage vulnerability was reported in some Lenovo N ...) + TODO: check +CVE-2023-4605 (A valid authenticated Lenovo XClarity Administrator (LXCA) user can po ...) + TODO: check CVE-2024-3354 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3353 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) @@ -6827,6 +6887,7 @@ CVE-2024-24693 (Improper access control in the installer for Zoom Rooms Client f CVE-2024-24692 (Race condition in the installer for Zoom Rooms Client for Windows befo ...) NOT-FOR-US: Zoom CVE-2024-24549 (Denial of Service due to improper input validation vulnerability for H ...) + {DLA-3779-1} - tomcat10 (bug #1066878) - tomcat9 9.0.70-2 NOTE: https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg @@ -6834,6 +6895,7 @@ CVE-2024-24549 (Denial of Service due to improper input validation vulnerability NOTE: https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0 (9.0.86) NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version CVE-2024-23672 (Denial of Service via incomplete cleanup vulnerability in Apache Tomca ...) + {DLA-3779-1} - tomcat10 (bug #1066877) - tomcat9 9.0.70-2
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5467c830 by security tracker role at 2024-04-05T20:12:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,17 +1,135 @@ -CVE-2024-27437 [vfio/pci: Disable auto-enable of exclusive INTx IRQ] +CVE-2024-3354 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) + TODO: check +CVE-2024-3353 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) + TODO: check +CVE-2024-3352 (A vulnerability has been found in SourceCodester Aplaya Beach Resort O ...) + TODO: check +CVE-2024-3351 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-3350 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-3349 (A vulnerability classified as critical was found in SourceCodester Apl ...) + TODO: check +CVE-2024-3348 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-3347 (A vulnerability was found in SourceCodester Airline Ticket Reservation ...) + TODO: check +CVE-2024-3346 (A vulnerability was found in Byzro Smart S80 up to 20240328. It has be ...) + TODO: check +CVE-2024-31852 (LLVM before 18.1.3 generates code in which the LR register can be over ...) + TODO: check +CVE-2024-31851 (A path traversal vulnerability exists in the Java version of CData Syn ...) + TODO: check +CVE-2024-31850 (A path traversal vulnerability exists in the Java version of CData Arc ...) + TODO: check +CVE-2024-31849 (A path traversal vulnerability exists in the Java version of CData Con ...) + TODO: check +CVE-2024-31848 (A path traversal vulnerability exists in the Java version of CData API ...) + TODO: check +CVE-2024-31220 (Sunshine is a self-hosted game stream host for Moonlight. Starting in ...) + TODO: check +CVE-2024-31218 (Webhood is a self-hosted URL scanner used analyzing phishing and malic ...) + TODO: check +CVE-2024-31213 (InstantCMS is a free and open source content management system. An ope ...) + TODO: check +CVE-2024-2499 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vul ...) + TODO: check +CVE-2024-2447 (Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x bef ...) + TODO: check +CVE-2024-2380 (Stored XSS in graph rendering in Checkmk <2.3.0b4.) + TODO: check +CVE-2024-2312 (GRUB2 does not call the module fini functions on exit, leading to Debi ...) + TODO: check +CVE-2024-29783 (In tmu_get_tr_thresholds, there is a possible out of bounds read due t ...) + TODO: check +CVE-2024-29782 (In tmu_get_tr_num_thresholds of tmu.c, there is a possible out of boun ...) + TODO: check +CVE-2024-29757 (there is a possible permission bypass due to Debug certs being allowli ...) + TODO: check +CVE-2024-29756 (In afe_callback of q6afe.c, there is a possible out of bounds write du ...) + TODO: check +CVE-2024-29755 (In tmu_get_pi of tmu.c, there is a possible out of bounds read due to ...) + TODO: check +CVE-2024-29754 (In TMU_IPC_GET_TABLE, there is a possible out of bounds read due to a ...) + TODO: check +CVE-2024-29753 (In tmu_set_control_temp_step of tmu.c, there is a possible out of boun ...) + TODO: check +CVE-2024-29752 (In tmu_set_tr_num_thresholds of tmu.c, there is a possible out of boun ...) + TODO: check +CVE-2024-29751 (In asn1_ec_pkey_parse_p384 of asn1_common.c, there is a possible OOB R ...) + TODO: check +CVE-2024-29750 (In km_exp_did_inner of kmv.c, there is a possible out of bounds read d ...) + TODO: check +CVE-2024-29749 (In tmu_set_tr_thresholds of tmu.c, there is a possible out of bounds w ...) + TODO: check +CVE-2024-29748 (there is a possible way to bypass due to a logic error in the code. T ...) + TODO: check +CVE-2024-29747 (In _dvfs_get_lv of dvfs.c, there is a possible out of bounds read due ...) + TODO: check +CVE-2024-29746 (In lpm_req_handler of lpm.c, there is a possible out of bounds write d ...) + TODO: check +CVE-2024-29745 (there is a possible Information Disclosure due to uninitialized data. ...) + TODO: check +CVE-2024-29744 (In tmu_get_gov_time_windows, there is a possible out of bounds read du ...) + TODO: check +CVE-2024-29743 (In tmu_set_temp_lut of tmu.c, there is a possible out of bounds write ...) + TODO: check +CVE-2024-29742 (In apply_minlock_constraint of dvfs.c, there is a possible out of boun ...) + TODO: check +CVE-2024-29741 (In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass du ...) + TODO: check +CVE-2024-29740 (In tmu_set_table of tmu.c, there is a
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad12f23c by security tracker role at 2024-04-05T08:11:40+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,63 @@ +CVE-2024-3321 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2024-3320 (A vulnerability was found in SourceCodester eLearning System 1.0. It h ...) + TODO: check +CVE-2024-3316 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) + TODO: check +CVE-2024-3315 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) + TODO: check +CVE-2024-3314 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) + TODO: check +CVE-2024-3311 (A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been de ...) + TODO: check +CVE-2024-3217 (The WP Directory Kit plugin for WordPress is vulnerable to SQL Injecti ...) + TODO: check +CVE-2024-31498 (ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge ...) + TODO: check +CVE-2024-31212 (InstantCMS is a free and open source content management system. A SQL ...) + TODO: check +CVE-2024-31211 (WordPress is an open publishing platform for the Web. Unserialization ...) + TODO: check +CVE-2024-31210 (WordPress is an open publishing platform for the Web. It's possible fo ...) + TODO: check +CVE-2024-31206 (dectalk-tts is a Node package to interact with the aeiou Dectalk web A ...) + TODO: check +CVE-2024-31204 (mailcow: dockerized is an open source groupware/email suite based on d ...) + TODO: check +CVE-2024-30891 (A command injection vulnerability exists in /goform/exeCommand in Tend ...) + TODO: check +CVE-2024-30849 (Arbitrary file upload vulnerability in Sourcecodester Complete E-Comme ...) + TODO: check +CVE-2024-30270 (mailcow: dockerized is an open source groupware/email suite based on d ...) + TODO: check +CVE-2024-30264 (Typebot is an open-source chatbot builder. A reflected cross-site scri ...) + TODO: check +CVE-2024-2509 (The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 ...) + TODO: check +CVE-2024-2115 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-29981 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + TODO: check +CVE-2024-29863 (A race condition in the installer executable in Qlik Qlikview before v ...) + TODO: check +CVE-2024-29672 (Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 al ...) + TODO: check +CVE-2024-29049 (Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability) + TODO: check +CVE-2024-27981 (A Command Injection vulnerability found in a Self-Hosted UniFi Network ...) + TODO: check +CVE-2024-27448 (MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Con ...) + TODO: check +CVE-2024-26329 (Chilkat before v9.5.0.98, allows attackers to obtain sensitive informa ...) + TODO: check +CVE-2024-22363 (SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expre ...) + TODO: check +CVE-2024-21894 (A heap overflow vulnerability in IPSec component of Ivanti Connect Sec ...) + TODO: check +CVE-2023-5973 (Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 doe ...) + TODO: check +CVE-2023-52235 (SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish ...) + TODO: check CVE-2024-3299 (Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free ...) NOT-FOR-US: Solidworks CVE-2024-3298 (Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the fi ...) @@ -7,7 +67,7 @@ CVE-2024-3262 (Information exposure vulnerability in RT software affecting versi - request-tracker5 NOTE: https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a NOTE: https://github.com/bestpractical/rt/commit/468f86bd3e82c3b5b5ef7087d416a7509d4b1abe -CVE-2024-3250 (It was discovered that Pebble's read-file API and the associated pebbl ...) +CVE-2024-3250 (It was discovered that Canonical's Pebble service manager read-file AP ...) TODO: check CVE-2024-3116 (pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerabi ...) - pgadmin4 (bug #834129) @@ -374,7 +434,7 @@ CVE-2024-1418 (The CGC Maintenance Mode plugin for WordPress is vulnerable to Se NOT-FOR-US: WordPress plugin CVE-2023-52043 (An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home M ...) NOT-FOR-US: D-Link -CVE-2023-45288 +CVE-2023-45288 (An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of ...) - golang-1.22
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3224f85c by security tracker role at 2024-04-04T20:12:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,167 +1,277 @@ -CVE-2024-26809 [netfilter: nft_set_pipapo: release elements in clone only from destroy path] +CVE-2024-3299 (Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free ...) + TODO: check +CVE-2024-3298 (Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the fi ...) + TODO: check +CVE-2024-3262 (Information exposure vulnerability in RT software affecting version 4. ...) + TODO: check +CVE-2024-3250 (It was discovered that Pebble's read-file API and the associated pebbl ...) + TODO: check +CVE-2024-3116 (pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerabi ...) + TODO: check +CVE-2024-31215 (Mobile Security Framework (MobSF) is a security research platform for ...) + TODO: check +CVE-2024-31209 (oidcc is the OpenID Connect client library for Erlang. Denial of Servi ...) + TODO: check +CVE-2024-31207 (Vite (French word for "quick", pronounced /vit/, like "veet") is a fro ...) + TODO: check +CVE-2024-30565 (An issue was discovered in SeaCMS version 12.9, allows remote attacker ...) + TODO: check +CVE-2024-30266 (wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime ...) + TODO: check +CVE-2024-30263 (macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. ...) + TODO: check +CVE-2024-30261 (Undici is an HTTP/1.1 client, written from scratch for Node.js. An att ...) + TODO: check +CVE-2024-30260 (Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici ...) + TODO: check +CVE-2024-30254 (MesonLSP is an unofficial, unendorsed language server for meson writte ...) + TODO: check +CVE-2024-30252 (Livemarks is a browser extension that provides RSS feed bookmark folde ...) + TODO: check +CVE-2024-30250 (Astro-Shield is an integration to enhance website security with SubRes ...) + TODO: check +CVE-2024-30249 (Cloudburst Network provides network components used within Cloudburst ...) + TODO: check +CVE-2024-2759 (Improper access control vulnerability in Apaczka plugin for PrestaShop ...) + TODO: check +CVE-2024-2660 (Vault and Vault Enterprise TLS certificates auth method did not correc ...) + TODO: check +CVE-2024-2103 (Inclusion of undocumented features vulnerability accessible when logge ...) + TODO: check +CVE-2024-29387 (projeqtor up to 11.2.0 was discovered to contain a remote code executi ...) + TODO: check +CVE-2024-29386 (projeqtor up to 11.2.0 was discovered to contain a SQL injection vulne ...) + TODO: check +CVE-2024-29193 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...) + TODO: check +CVE-2024-29192 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...) + TODO: check +CVE-2024-29191 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...) + TODO: check +CVE-2024-29182 (Collabora Online is a collaborative online office suite based on Libre ...) + TODO: check +CVE-2024-28871 (LibHTP is a security-aware parser for the HTTP protocol and the relate ...) + TODO: check +CVE-2024-28787 (IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application G ...) + TODO: check +CVE-2024-27575 (Directory Traversal vulnerability in INOTEC Sicherheitstechnik GmbH IN ...) + TODO: check +CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is ...) + TODO: check +CVE-2024-25709 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) + TODO: check +CVE-2024-25708 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) + TODO: check +CVE-2024-25706 (There is an HTML injection vulnerability in Esri Portal for ArcGIS <=1 ...) + TODO: check +CVE-2024-25705 (There is a cross site scripting vulnerability in the Esri Portal for A ...) + TODO: check +CVE-2024-25704 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) + TODO: check +CVE-2024-25703 (There is a reflected cross site scripting vulnerability in the home ap ...) + TODO: check +CVE-2024-25700 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) + TODO: check +CVE-2024-25699 (There is a difficult to exploit improper authentication issue in the H ...) + TODO: check +CVE-2024-25698 (There is a reflected cross site scripting vulnerability in the home ap ...) + TODO: check +CVE-2024-25697 (There is a Cross-site Scripting vulnerabilityin Portal for ArcGIS in v ...) + TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a37013ee by security tracker role at 2024-04-04T08:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,65 @@ +CVE-2024-3274 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Li ...) + TODO: check +CVE-2024-3273 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + TODO: check +CVE-2024-3272 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + TODO: check +CVE-2024-3270 (A vulnerability classified as problematic was found in ThingsBoard up ...) + TODO: check +CVE-2024-3030 (The Announce from the Dashboard plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-3022 (The BookingPress plugin for WordPress is vulnerable to arbitrary file ...) + TODO: check +CVE-2024-31025 (SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain ...) + TODO: check +CVE-2024-30265 (Collabora Online is a collaborative online office suite based on Libre ...) + TODO: check +CVE-2024-2919 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) + TODO: check +CVE-2024-2868 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) + TODO: check +CVE-2024-2830 (The WordPress Tag and Category Manager \u2013 AI Autotagger plugin for ...) + TODO: check +CVE-2024-2803 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-2692 (SiYuan version 3.0.3 allows executing arbitrary commands on the server ...) + TODO: check +CVE-2024-2689 (Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, ...) + TODO: check +CVE-2024-2008 (The Modal Popup Box \u2013 Popup Builder, Show Offers And News in Popu ...) + TODO: check +CVE-2024-29413 (Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote ...) + TODO: check +CVE-2024-29375 (CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a re ...) + TODO: check +CVE-2024-29225 (WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier all ...) + TODO: check +CVE-2024-29167 (SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated ...) + TODO: check +CVE-2024-29008 (A problem has been identified in the CloudStack additional VM configur ...) + TODO: check +CVE-2024-29007 (The CloudStack management server and secondary storage VM could be tri ...) + TODO: check +CVE-2024-29006 (By default the CloudStack management server honours the x-forwarded-fo ...) + TODO: check +CVE-2024-28870 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) + TODO: check +CVE-2024-28520 (File Upload vulnerability in Byzoro Networks Smart multi-service secur ...) + TODO: check +CVE-2024-27706 (Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows a ...) + TODO: check +CVE-2024-27705 (Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers ...) + TODO: check +CVE-2024-26258 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlie ...) + TODO: check +CVE-2024-25568 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlie ...) + TODO: check +CVE-2024-25503 (Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17. ...) + TODO: check +CVE-2024-1418 (The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensiti ...) + TODO: check +CVE-2023-52043 (An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home M ...) + TODO: check CVE-2023-45288 - golang-1.22 1.22.2-1 - golang-1.21 1.21.9-1 @@ -1119,7 +1181,7 @@ CVE-2024-20850 (Use of Implicit Intent for Sensitive Communication in Samsung Pa NOT-FOR-US: Samsung CVE-2024-20849 (Out-of-bound Write vulnerability in chunk parsing implementation of li ...) NOT-FOR-US: Samsung -CVE-2024-20848 (Out-of-bound Write vulnerability in text parsing implementation of lib ...) +CVE-2024-20848 (Improper Input Validation vulnerability in text parsing implementation ...) NOT-FOR-US: Samsung CVE-2024-20847 (Improper Access Control vulnerability in StorageManagerService prior t ...) NOT-FOR-US: Samsung @@ -76513,10 +76575,10 @@ CVE-2023-25202 RESERVED CVE-2023-25201 (Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit A ...) NOT-FOR-US: MultiTech Conduit AP MTCAP2-L4E1 -CVE-2023-25200 - RESERVED -CVE-2023-25199 - RESERVED +CVE-2023-25200 (An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 ...) + TODO: check +CVE-2023-25199 (A reflected cross-site scripting (XSS) vulnerability
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3aac4063 by security tracker role at 2024-04-03T20:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,386 +1,584 @@ -CVE-2024-26779 [wifi: mac80211: fix race condition on enabling fast-xmit] +CVE-2024-3259 (A vulnerability was found in SourceCodester Internship Portal Manageme ...) + TODO: check +CVE-2024-3258 (A vulnerability was found in SourceCodester Internship Portal Manageme ...) + TODO: check +CVE-2024-3257 (A vulnerability was found in SourceCodester Internship Portal Manageme ...) + TODO: check +CVE-2024-3256 (A vulnerability has been found in SourceCodester Internship Portal Man ...) + TODO: check +CVE-2024-3255 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-3254 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-3253 (A vulnerability classified as critical was found in SourceCodester Int ...) + TODO: check +CVE-2024-3252 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-3251 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) + TODO: check +CVE-2024-3181 (Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8 ...) + TODO: check +CVE-2024-3180 (Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 ...) + TODO: check +CVE-2024-3179 (Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.1 ...) + TODO: check +CVE-2024-3178 (Concrete CMS versions 9 below 9.2.8 and versions below8.5.16 are vulne ...) + TODO: check +CVE-2024-31420 (A NULL pointer dereference flaw was found in KubeVirt. This flaw allow ...) + TODO: check +CVE-2024-31419 (An information disclosure flaw was found in OpenShift Virtualization. ...) + TODO: check +CVE-2024-31393 (Dragging Javascript URLs to the address bar could cause them to be loa ...) + TODO: check +CVE-2024-31392 (If an insecure element was added to a page after a delay, Firefox woul ...) + TODO: check +CVE-2024-31390 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-31380 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-30572 (Netgear R6850 1.1.0.88 was discovered to contain a command injection v ...) + TODO: check +CVE-2024-30571 (An information leak in the BRS_top.html component of Netgear R6850 v1. ...) + TODO: check +CVE-2024-30570 (An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows ...) + TODO: check +CVE-2024-30569 (An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 a ...) + TODO: check +CVE-2024-30568 (Netgear R6850 1.1.0.88 was discovered to contain a command injection v ...) + TODO: check +CVE-2024-30366 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30334 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) + TODO: check +CVE-2024-30333 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) + TODO: check +CVE-2024-30332 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) + TODO: check +CVE-2024-30331 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30330 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30329 (Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vuln ...) + TODO: check +CVE-2024-30328 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30327 (Foxit PDF Reader template Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30326 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) + TODO: check +CVE-2024-30325 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30324 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) + TODO: check +CVE-2024-30323 (Foxit PDF Reader template Out-Of-Bounds Read Remote Code Execution Vul ...) + TODO: check +CVE-2024-30322 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-2758 (Tempesta FW rate limits are not enabled by default. They are either se ...) + TODO: check +CVE-2024-2753 (Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5 ...) + TODO: check +CVE-2024-2653
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cbf589b9 by security tracker role at 2024-04-03T08:11:40+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,159 @@ +CVE-2024-3248 (In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads ...) + TODO: check +CVE-2024-3247 (In Xpdf 4.05 (and earlier), a PDF object loop in an object stream lead ...) + TODO: check +CVE-2024-3227 (A vulnerability was found in Panwei eoffice OA up to 9.5. It has been ...) + TODO: check +CVE-2024-3226 (A vulnerability was found in Campcodes Online Patient Record Managemen ...) + TODO: check +CVE-2024-3225 (A vulnerability was found in SourceCodester PHP Task Management System ...) + TODO: check +CVE-2024-3224 (A vulnerability has been found in SourceCodester PHP Task Management S ...) + TODO: check +CVE-2024-3223 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-3222 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-3221 (A vulnerability classified as critical was found in SourceCodester PHP ...) + TODO: check +CVE-2024-3218 (A vulnerability classified as critical has been found in Shibang Commu ...) + TODO: check +CVE-2024-3209 (A vulnerability was found in UPX up to 4.2.2. It has been rated as cri ...) + TODO: check +CVE-2024-3207 (A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been ...) + TODO: check +CVE-2024-3205 (A vulnerability was found in yaml libyaml up to 0.2.5 and classified a ...) + TODO: check +CVE-2024-3204 (A vulnerability has been found in c-blosc2 up to 2.13.2 and classified ...) + TODO: check +CVE-2024-3203 (A vulnerability, which was classified as critical, was found in c-blos ...) + TODO: check +CVE-2024-3202 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-3162 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-31013 (Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, all ...) + TODO: check +CVE-2024-31012 (An issue was discovered in SEMCMS v.4.8, allows remote attackers to ex ...) + TODO: check +CVE-2024-31011 (Arbitrary file write vulnerability in beescms v.4.0, allows a remote a ...) + TODO: check +CVE-2024-31010 (SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker ...) + TODO: check +CVE-2024-31009 (SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker ...) + TODO: check +CVE-2024-31008 (An issue was discovered in WUZHICMS version 4.1.0, allows an attacker ...) + TODO: check +CVE-2024-30998 (SQL Injection vulnerability in PHPGurukul Men Salon Management System ...) + TODO: check +CVE-2024-30371 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30370 (RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability ...) + TODO: check +CVE-2024-30367 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30365 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30364 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Discl ...) + TODO: check +CVE-2024-30363 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Discl ...) + TODO: check +CVE-2024-30362 (Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution ...) + TODO: check +CVE-2024-30361 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30360 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30359 (Foxit PDF Reader AcroForm 3D Out-Of-Bounds Read Remote Code Execution ...) + TODO: check +CVE-2024-30358 (Foxit PDF Reader AcroForm User-After-Free Remote Code Execution Vulner ...) + TODO: check +CVE-2024-30357 (Foxit PDF Reader AcroForm Annotation Type Confusion Remote Code Execut ...) + TODO: check +CVE-2024-30356 (Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vu ...) + TODO: check +CVE-2024-30355 (Foxit PDF Reader AcroForm Out-Of-Bounds Write Remote Code Execution Vu ...) + TODO: check +CVE-2024-30354 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-30353 (Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vul ...) + TODO: check +CVE-2024-30352 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: edaa68cc by security tracker role at 2024-04-02T20:11:54+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,89 @@ +CVE-2024-3151 (A vulnerability, which was classified as problematic, was found in Bdt ...) + TODO: check +CVE-2024-31109 (Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Wooc ...) + TODO: check +CVE-2024-31105 (Cross-Site Request Forgery (CSRF) vulnerability in Adam Bowen Tax Rate ...) + TODO: check +CVE-2024-30965 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-30946 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-30809 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) + TODO: check +CVE-2024-30808 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) + TODO: check +CVE-2024-30807 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) + TODO: check +CVE-2024-30806 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) + TODO: check +CVE-2024-30621 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName par ...) + TODO: check +CVE-2024-30620 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName pa ...) + TODO: check +CVE-2024-30532 (Server-Side Request Forgery (SSRF) vulnerability in Builderall Team Bu ...) + TODO: check +CVE-2024-30531 (Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nel ...) + TODO: check +CVE-2024-30335 (Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Di ...) + TODO: check +CVE-2024-30248 (Piccolo Admin is an admin interface/content management system for Pyth ...) + TODO: check +CVE-2024-2931 (The WPFront User Role Editor plugin for WordPress is vulnerable to Sen ...) + TODO: check +CVE-2024-2745 (Rapid7's InsightVM maintenance mode login page suffers from a sensitiv ...) + TODO: check +CVE-2024-2435 (For an attacker with pre-existing access to send a signal to a workflo ...) + TODO: check +CVE-2024-2389 (In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system c ...) + TODO: check +CVE-2024-29949 (There is a command injection vulnerability in some Hikvision NVRs. Thi ...) + TODO: check +CVE-2024-29948 (There is an out-of-bounds read vulnerability in some Hikvision NVRs. A ...) + TODO: check +CVE-2024-29947 (There is a NULL dereference pointer vulnerability in some Hikvision NV ...) + TODO: check +CVE-2024-29834 (This vulnerability allows authenticated users with produce or consume ...) + TODO: check +CVE-2024-29514 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...) + TODO: check +CVE-2024-28287 (A DOM-based open redirection in the returnUrl parameter of INSTINCT UI ...) + TODO: check +CVE-2024-24888 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenbe ...) + TODO: check +CVE-2024-22780 (Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows a r ...) + TODO: check +CVE-2024-22248 (VMware SD-WAN Orchestrator contains an open redirect vulnerability. A ...) + TODO: check +CVE-2024-22247 (VMware SD-WAN Edge contains a missing authentication and protection me ...) + TODO: check +CVE-2024-22246 (VMware SD-WAN Edge contains an unauthenticated command injection vulne ...) + TODO: check +CVE-2024-1946 (The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross- ...) + TODO: check +CVE-2024-1807 (The Product Sort and Display for WooCommerce plugin for WordPress is v ...) + TODO: check +CVE-2024-1732 (The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for ...) + TODO: check +CVE-2023-6951 (A Use of Weak Credentials vulnerability affecting the Wi-Fi network ge ...) + TODO: check +CVE-2023-6950 (An Improper Input Validation vulnerability affecting the FTP service r ...) + TODO: check +CVE-2023-6949 (A Missing Authentication for Critical Function issue affecting the HTT ...) + TODO: check +CVE-2023-6948 (A Buffer Copy without Checking Size of Input issue affecting the v2_sd ...) + TODO: check +CVE-2023-51456 (A Improper Input Validation issue affecting the v2_sdk_service running ...) + TODO: check +CVE-2023-51455 (A Improper Validation of Array Index issue affecting the v2_sdk_servic ...) + TODO: check +CVE-2023-51454 (A Out-of-bounds Write issue affecting the v2_sdk_service running on a ...) + TODO: check +CVE-2023-51453 (A Improper Input Validation issue affecting the v2_sdk_service running ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 861da87f by security tracker role at 2024-04-02T08:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,227 @@ +CVE-2024-3165 (System->Maintenance-> Log Files in dotCMS dashboard is providing the u ...) + TODO: check +CVE-2024-3164 (In dotCMS dashboard, the Tools and Log Files tabs under System \u2192 ...) + TODO: check +CVE-2024-3160 (** DISPUTED ** A vulnerability, which was classified as problematic, w ...) + TODO: check +CVE-2024-3148 (A vulnerability, which was classified as critical, has been found in D ...) + TODO: check +CVE-2024-3147 (A vulnerability classified as problematic was found in DedeCMS 5.7. Th ...) + TODO: check +CVE-2024-3146 (A vulnerability classified as problematic has been found in DedeCMS 5. ...) + TODO: check +CVE-2024-3145 (A vulnerability was found in DedeCMS 5.7. It has been rated as problem ...) + TODO: check +CVE-2024-3144 (A vulnerability was found in DedeCMS 5.7. It has been declared as prob ...) + TODO: check +CVE-2024-3143 (A vulnerability was found in DedeCMS 5.7. It has been classified as pr ...) + TODO: check +CVE-2024-3142 (A vulnerability was found in Clavister E10 and E80 up to 20240323 and ...) + TODO: check +CVE-2024-3141 (A vulnerability has been found in Clavister E10 and E80 up to 20240323 ...) + TODO: check +CVE-2024-3140 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check +CVE-2024-3139 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-3138 (** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS ...) + TODO: check +CVE-2024-3137 (Improper Privilege Management in uvdesk/community-skeleton) + TODO: check +CVE-2024-31005 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...) + TODO: check +CVE-2024-31004 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...) + TODO: check +CVE-2024-31003 (Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a rem ...) + TODO: check +CVE-2024-31002 (Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a rem ...) + TODO: check +CVE-2024-2925 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) + TODO: check +CVE-2024-2924 (The Creative Addons for Elementor plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-2839 (The Colibri Page Builder plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-2791 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) + TODO: check +CVE-2024-2369 (The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does ...) + TODO: check +CVE-2024-29276 (An issue was discovered in seeyonOA version 8, allows remote attackers ...) + TODO: check +CVE-2024-29086 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause ...) + TODO: check +CVE-2024-29074 (in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitr ...) + TODO: check +CVE-2024-28951 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) + TODO: check +CVE-2024-28226 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause ...) + TODO: check +CVE-2024-27334 (Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclo ...) + TODO: check +CVE-2024-27333 (Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclo ...) + TODO: check +CVE-2024-27332 (PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27331 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27330 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27329 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27328 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27327 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Ex ...) + TODO: check +CVE-2024-27326 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27325 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27324 (PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27323 (PDF-XChange Editor Updater Improper Certificate Validation Remote Code ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7c23b22d by security tracker role at 2024-04-01T20:12:31+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,103 @@ -CVE-2024-26655 [Fix memory leak in posix_clock_open()] +CVE-2024-3135 (The web server lacked CSRF tokens allowing an attacker to host malicio ...) + TODO: check +CVE-2024-3131 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) + TODO: check +CVE-2024-3130 (Hard-coded Credentialsin CoolKit eWeLlink app are before 5.4.x on Andr ...) + TODO: check +CVE-2024-3129 (A vulnerability was found in SourceCodester Image Accordion Gallery Ap ...) + TODO: check +CVE-2024-3128 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + TODO: check +CVE-2024-3125 (A vulnerability classified as problematic was found in Zebra ZTC GK420 ...) + TODO: check +CVE-2024-3124 (A vulnerability classified as problematic has been found in fridgecow ...) + TODO: check +CVE-2024-31099 (Missing Authorization vulnerability in Averta Shortcodes and extra fea ...) + TODO: check +CVE-2024-30872 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /include/authr ...) + TODO: check +CVE-2024-30871 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/appl ...) + TODO: check +CVE-2024-30870 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/address ...) + TODO: check +CVE-2024-30868 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_get ...) + TODO: check +CVE-2024-30867 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_vi ...) + TODO: check +CVE-2024-30866 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/menu.php.) + TODO: check +CVE-2024-30865 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_us ...) + TODO: check +CVE-2024-30864 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ ...) + TODO: check +CVE-2024-30863 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/hist ...) + TODO: check +CVE-2024-30862 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/index.php.) + TODO: check +CVE-2024-30861 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configg ...) + TODO: check +CVE-2024-30860 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_ ...) + TODO: check +CVE-2024-30859 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ ...) + TODO: check +CVE-2024-30858 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fi ...) + TODO: check +CVE-2024-29435 (An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary ...) + TODO: check +CVE-2024-29433 (A deserialization vulnerability in the FASTJSON component of Alldata v ...) + TODO: check +CVE-2024-28232 (Go package IceWhaleTech/CasaOS-UserService provides user management fu ...) + TODO: check +CVE-2024-25574 (SQL injection vulnerability exists in GetDIAE_usListParameters.) + TODO: check +CVE-2024-25080 (WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attac ...) + TODO: check +CVE-2024-21473 (Memory corruption while redirecting log file to any file location with ...) + TODO: check +CVE-2024-21472 (Memory corruption in Kernel while handling GPU operations.) + TODO: check +CVE-2024-21470 (Memory corruption while allocating memory for graphics.) + TODO: check +CVE-2024-21468 (Memory corruption when there is failed unmap operation in GPU.) + TODO: check +CVE-2024-21463 (Memory corruption while processing Codec2 during v13k decoder pitch sy ...) + TODO: check +CVE-2024-21454 (Transient DOS while decoding the ToBeSignedMessage in Automotive Telem ...) + TODO: check +CVE-2024-21453 (Transient DOS while decoding message of size that exceeds the availabl ...) + TODO: check +CVE-2024-21452 (Transient DOS while decoding an ASN.1 OER message containing a SEQUENC ...) + TODO: check +CVE-2023-6154 (A configuration setting issue in seccenter.exe as used in Bitdefender ...) + TODO: check +CVE-2023-48906 (Stack Overflow vulnerability in Btstack 1.6 and earlier allows attacke ...) + TODO: check +CVE-2023-43515 (Memory corruption in HLOS while running kernel address sanitizers (syz ...) + TODO: check +CVE-2023-33115 (Memory corruption while processing buffer initialization, when trusted ...) + TODO: check +CVE-2023-33111 (Information disclosure when VI calibration state set by ADSP is greate ...) + TODO: check +CVE-2023-33101 (Transient DOS while processing DL NAS TRANSPORT message with payload l ...) + TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 48e029f9 by security tracker role at 2024-04-01T08:11:38+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,57 @@ +CVE-2024-31033 (JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus ...) + TODO: check +CVE-2024-2278 (Themify WordPress plugin before 1.4.4 does not sanitise and escape so ...) + TODO: check +CVE-2024-2263 (Themify WordPress plugin before 1.4.4 does not sanitise and escape a ...) + TODO: check +CVE-2024-2262 (Themify WordPress plugin before 1.4.4 does not have CSRF check in its ...) + TODO: check +CVE-2024-28895 ('Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' A ...) + TODO: check +CVE-2024-27609 (Bonita before 2023.2-u2 allows stored XSS via a UI screen in the admin ...) + TODO: check +CVE-2024-20055 (In imgsys, there is a possible information disclosure due to a missing ...) + TODO: check +CVE-2024-20054 (In gnss, there is a possible escalation of privilege due to a missing ...) + TODO: check +CVE-2024-20053 (In flashc, there is a possible out of bounds write due to an uncaught ...) + TODO: check +CVE-2024-20052 (In flashc, there is a possible information disclosure due to an uncaug ...) + TODO: check +CVE-2024-20051 (In flashc, there is a possible system crash due to an uncaught excepti ...) + TODO: check +CVE-2024-20050 (In flashc, there is a possible information disclosure due to an uncaug ...) + TODO: check +CVE-2024-20049 (In flashc, there is a possible information disclosure due to an uncaug ...) + TODO: check +CVE-2024-20048 (In flashc, there is a possible information disclosure due to an uncaug ...) + TODO: check +CVE-2024-20047 (In battery, there is a possible out of bounds read due to an integer o ...) + TODO: check +CVE-2024-20046 (In battery, there is a possible escalation of privilege due to an inte ...) + TODO: check +CVE-2024-20045 (In audio, there is a possible out of bounds read due to an incorrect c ...) + TODO: check +CVE-2024-20044 (In da, there is a possible out of bounds write due to a missing bounds ...) + TODO: check +CVE-2024-20043 (In da, there is a possible out of bounds write due to a missing bounds ...) + TODO: check +CVE-2024-20042 (In da, there is a possible out of bounds write due to a missing bounds ...) + TODO: check +CVE-2024-20041 (In da, there is a possible out of bounds read due to a missing bounds ...) + TODO: check +CVE-2024-20040 (In wlan firmware, there is a possible out of bounds write due to impro ...) + TODO: check +CVE-2024-20039 (In modem protocol, there is a possible out of bounds write due to a mi ...) + TODO: check +CVE-2024-1526 (The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that u ...) + TODO: check +CVE-2023-51803 (LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons tha ...) + TODO: check +CVE-2016-15038 (A vulnerability, which was classified as critical, was found in NUUO N ...) + TODO: check +CVE-2014-125110 (A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on ...) + TODO: check CVE-2024-31123 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31122 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -15796,7 +15850,7 @@ CVE-2022-48622 (In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Wi [bullseye] - gdk-pixbuf (Revisit once fixed upstream) [buster] - gdk-pixbuf (Minor issue, recheck when fixed upstream) NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202 -CVE-2024-24399 (An arbitrary file upload vulnerability in LeptonCMS v7.0.0 allows auth ...) +CVE-2024-24399 (An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authent ...) NOT-FOR-US: LeptonCMS CVE-2024-23630 (An arbitrary firmware upload vulnerability exists in the Motorola MR2 ...) NOT-FOR-US: Motorola View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48e029f998289f54754651f75175f22d56b9d2fa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48e029f998289f54754651f75175f22d56b9d2fa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: adf940b4 by security tracker role at 2024-03-31T20:12:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,119 @@ +CVE-2024-31123 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31122 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31121 (Contributor Cross Site Scripting (XSS) in HeartThis <= 0.1.0 versions.) + TODO: check +CVE-2024-31120 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31117 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31116 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-31115 (Unrestricted Upload of File with Dangerous Type vulnerability in Quant ...) + TODO: check +CVE-2024-31114 (Unrestricted Upload of File with Dangerous Type vulnerability in biplo ...) + TODO: check +CVE-2024-31112 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31110 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31108 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31107 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31106 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31104 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31103 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31101 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31100 (Cross-Site Request Forgery (CSRF) vulnerability in Festi-Team Popup Ca ...) + TODO: check +CVE-2024-31097 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31096 (Cross-Site Request Forgery (CSRF) vulnerability in kopatheme Nictitate ...) + TODO: check +CVE-2024-31095 (Authorization Bypass Through User-Controlled Key vulnerability in Rica ...) + TODO: check +CVE-2024-31094 (Deserialization of Untrusted Data vulnerability in Filter Custom Field ...) + TODO: check +CVE-2024-31092 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31091 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31090 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31089 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31087 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31085 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-31084 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30561 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30559 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30558 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30556 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30555 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30553 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30552 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30551 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30550 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30549 (Improper Neutralization of Input During Web Page Generation ('Cross-si
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 080cff02 by security tracker role at 2024-03-31T08:12:08+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2024-3118 (A vulnerability, which was classified as critical, has been found in D ...) + TODO: check +CVE-2024-3117 (A vulnerability classified as critical was found in YouDianCMS up to 9 ...) + TODO: check +CVE-2023-46808 (An file upload vulnerability in Ivanti ITSM before 2023.4, allows an a ...) + TODO: check +CVE-2023-41724 (A command injection vulnerability in Ivanti Sentry prior to 9.19.0 all ...) + TODO: check +CVE-2015-10131 (A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on W ...) + TODO: check CVE-2024-3091 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3090 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/080cff02f8f8f2ccfa07ed4a79def530e6aaf4f9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/080cff02f8f8f2ccfa07ed4a79def530e6aaf4f9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eb7a0829 by security tracker role at 2024-03-30T20:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,23 @@ +CVE-2024-3091 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) + TODO: check +CVE-2024-3090 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) + TODO: check +CVE-2024-3089 (A vulnerability has been found in PHPGurukul Emergency Ambulance Hirin ...) + TODO: check +CVE-2024-3088 (A vulnerability, which was classified as critical, was found in PHPGur ...) + TODO: check +CVE-2024-3087 (A vulnerability, which was classified as critical, has been found in P ...) + TODO: check +CVE-2024-3086 (A vulnerability classified as problematic was found in PHPGurukul Emer ...) + TODO: check +CVE-2024-3085 (A vulnerability classified as critical has been found in PHPGurukul Em ...) + TODO: check +CVE-2024-3018 (The Essential Addons for Elementor plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-2491 (The PowerPack Addons for Elementor plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-1522 (I have activated the CORS because I had a development ui that uses ano ...) + TODO: check CVE-2024-3084 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-2948 (The Favorites plugin for WordPress is vulnerable to Stored Cross-Site ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb7a082949ae1cc6713e00730e0d2bed1e837f4b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb7a082949ae1cc6713e00730e0d2bed1e837f4b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ab34b9c7 by security tracker role at 2024-03-30T08:11:35+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,35 @@ +CVE-2024-3084 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) + TODO: check +CVE-2024-2948 (The Favorites plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-2794 (The Gutenberg Block Editor Toolkit \u2013 EditorsKit plugin for WordPr ...) + TODO: check +CVE-2024-2144 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) + TODO: check +CVE-2024-2143 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) + TODO: check +CVE-2024-2142 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) + TODO: check +CVE-2024-2141 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) + TODO: check +CVE-2024-2140 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) + TODO: check +CVE-2024-2086 (The Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Pla ...) + TODO: check +CVE-2024-2047 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-29278 (funboot v1.1 is vulnerable to Cross Site Scripting (XSS) via the title ...) + TODO: check +CVE-2024-28288 (Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when re ...) + TODO: check +CVE-2024-1692 (The BoldGrid Easy SEO \u2013 Simple and Effective SEO plugin for WordP ...) + TODO: check +CVE-2024-1238 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-1051 (The List category posts plugin for WordPress is vulnerable to Stored C ...) + TODO: check +CVE-2024-0367 (The Unlimited Elements For Elementor plugin for WordPress is vulnerabl ...) + TODO: check CVE-2024-3081 (A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has be ...) NOT-FOR-US: EasyCorp EasyAdmin CVE-2024-3078 (A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab34b9c706ad80293c730ec13a63efccaa40fae1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab34b9c706ad80293c730ec13a63efccaa40fae1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 097b175d by security tracker role at 2024-03-29T20:18:40+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,329 @@ -CVE-2024-3094 +CVE-2024-3081 (A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has be ...) + TODO: check +CVE-2024-3078 (A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classi ...) + TODO: check +CVE-2024-3077 (An malicious BLE device can crash BLE victim device by sending malform ...) + TODO: check +CVE-2024-3061 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...) + TODO: check +CVE-2024-31032 (An issue in Huashi Private Cloud CDN Live Streaming Acceleration Serve ...) + TODO: check +CVE-2024-30645 (Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability v ...) + TODO: check +CVE-2024-30639 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the p ...) + TODO: check +CVE-2024-30638 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the ...) + TODO: check +CVE-2024-30637 (Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in t ...) + TODO: check +CVE-2024-30636 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the ...) + TODO: check +CVE-2024-30635 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located ...) + TODO: check +CVE-2024-30634 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the ...) + TODO: check +CVE-2024-30633 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...) + TODO: check +CVE-2024-30632 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...) + TODO: check +CVE-2024-30631 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...) + TODO: check +CVE-2024-30630 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the t ...) + TODO: check +CVE-2024-30629 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the l ...) + TODO: check +CVE-2024-30628 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the p ...) + TODO: check +CVE-2024-30627 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the d ...) + TODO: check +CVE-2024-30626 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...) + TODO: check +CVE-2024-30625 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the e ...) + TODO: check +CVE-2024-30624 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the u ...) + TODO: check +CVE-2024-30623 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the p ...) + TODO: check +CVE-2024-30622 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the m ...) + TODO: check +CVE-2024-30613 (Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time ...) + TODO: check +CVE-2024-30521 (Cross-Site Request Forgery (CSRF) vulnerability in Landingi Landingi L ...) + TODO: check +CVE-2024-30520 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30519 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30518 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custo ...) + TODO: check +CVE-2024-30514 (Insertion of Sensitive Information into Log File vulnerability in Paid ...) + TODO: check +CVE-2024-30513 (Authorization Bypass Through User-Controlled Key vulnerability in Meta ...) + TODO: check +CVE-2024-30511 (Insertion of Sensitive Information into Log File vulnerability in Fr\x ...) + TODO: check +CVE-2024-30510 (Unrestricted Upload of File with Dangerous Type vulnerability in Salon ...) + TODO: check +CVE-2024-30508 (Missing Authorization vulnerability in ThimPress WP Hotel Booking.This ...) + TODO: check +CVE-2024-30507 (Authorization Bypass Through User-Controlled Key vulnerability in Molo ...) + TODO: check +CVE-2024-30506 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30505 (Missing Authorization vulnerability in Andy Moyle Church Admin.This is ...) + TODO: check +CVE-2024-30504 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30503 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30502 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30501 (Improper Neutralization of Special Elements used in an SQL
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5439ffb8 by security tracker role at 2024-03-28T20:12:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,169 @@ +CVE-2024-3042 (A vulnerability was found in SourceCodester Simple Subscription Websit ...) + TODO: check +CVE-2024-3041 (A vulnerability has been found in Netentsec NS-ASG Application Securit ...) + TODO: check +CVE-2024-3040 (A vulnerability, which was classified as critical, was found in Netent ...) + TODO: check +CVE-2024-3039 (A vulnerability classified as critical has been found in Shanghai Brad ...) + TODO: check +CVE-2024-3019 (A flaw was found in PCP. The default pmproxy configuration exposes the ...) + TODO: check +CVE-2024-31140 (In JetBrains TeamCity before 2024.03 server administrators could remov ...) + TODO: check +CVE-2024-31139 (In JetBrains TeamCity before 2024.03 xXE was possible in the Maven bui ...) + TODO: check +CVE-2024-31138 (In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distri ...) + TODO: check +CVE-2024-31137 (In JetBrains TeamCity before 2024.03 reflected XSS was possible via Sp ...) + TODO: check +CVE-2024-31136 (In JetBrains TeamCity before 2024.03 2FA could be bypassed by providin ...) + TODO: check +CVE-2024-31135 (In JetBrains TeamCity before 2024.03 open redirect was possible on the ...) + TODO: check +CVE-2024-31134 (In JetBrains TeamCity before 2024.03 authenticated users without admin ...) + TODO: check +CVE-2024-31065 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) + TODO: check +CVE-2024-31064 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) + TODO: check +CVE-2024-31063 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) + TODO: check +CVE-2024-31062 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) + TODO: check +CVE-2024-31061 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) + TODO: check +CVE-2024-30612 (Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the dev ...) + TODO: check +CVE-2024-30607 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the device ...) + TODO: check +CVE-2024-30606 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page p ...) + TODO: check +CVE-2024-30604 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 ...) + TODO: check +CVE-2024-30603 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls p ...) + TODO: check +CVE-2024-30602 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedS ...) + TODO: check +CVE-2024-30601 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time p ...) + TODO: check +CVE-2024-30600 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedE ...) + TODO: check +CVE-2024-30599 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the device ...) + TODO: check +CVE-2024-30598 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in t ...) + TODO: check +CVE-2024-30597 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in t ...) + TODO: check +CVE-2024-30596 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30595 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30594 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30593 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located ...) + TODO: check +CVE-2024-30592 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30591 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30590 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30589 (Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerabilit ...) + TODO: check +CVE-2024-30588 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30587 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30586 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30585 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) + TODO: check +CVE-2024-30584 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6328760a by security tracker role at 2024-03-28T08:11:37+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,209 @@ +CVE-2024-3024 (A vulnerability was found in appneta tcpreplay up to 4.4.4. It has bee ...) + TODO: check +CVE-2024-3015 (A vulnerability classified as critical was found in SourceCodester Sim ...) + TODO: check +CVE-2024-3014 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-3013 (A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated ...) + TODO: check +CVE-2024-3012 (A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been de ...) + TODO: check +CVE-2024-3011 (A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been cl ...) + TODO: check +CVE-2024-3010 (A vulnerability was found in Tenda FH1205 2.0.0.7(775) and classified ...) + TODO: check +CVE-2024-3009 (A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classi ...) + TODO: check +CVE-2024-3008 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-3007 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-3006 (A vulnerability classified as critical was found in Tenda FH1205 2.0.0 ...) + TODO: check +CVE-2024-3004 (A vulnerability was found in code-projects Online Book System 1.0 and ...) + TODO: check +CVE-2024-3003 (A vulnerability has been found in code-projects Online Book System 1.0 ...) + TODO: check +CVE-2024-3002 (A vulnerability, which was classified as critical, was found in code-p ...) + TODO: check +CVE-2024-3001 (A vulnerability, which was classified as critical, has been found in c ...) + TODO: check +CVE-2024-3000 (A vulnerability classified as critical was found in code-projects Onli ...) + TODO: check +CVE-2024-30245 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30244 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30243 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30242 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30241 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30240 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30239 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30237 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30236 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30230 (Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoice ...) + TODO: check +CVE-2024-30229 (Deserialization of Untrusted Data vulnerability in GiveWP.This issue a ...) + TODO: check +CVE-2024-30228 (Deserialization of Untrusted Data vulnerability in Hercules Design Her ...) + TODO: check +CVE-2024-30227 (Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo ...) + TODO: check +CVE-2024-30226 (Deserialization of Untrusted Data vulnerability in WPDeveloper BetterD ...) + TODO: check +CVE-2024-30225 (Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP M ...) + TODO: check +CVE-2024-30224 (Deserialization of Untrusted Data vulnerability in Wholesale Team Whol ...) + TODO: check +CVE-2024-30223 (Deserialization of Untrusted Data vulnerability in Repute Infosystems ...) + TODO: check +CVE-2024-30222 (Deserialization of Untrusted Data vulnerability in Repute Infosystems ...) + TODO: check +CVE-2024-30221 (Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshin ...) + TODO: check +CVE-2024-30200 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-2999 (A vulnerability classified as critical has been found in Campcodes Onl ...) + TODO: check +CVE-2024-2998 (A vulnerability was found in Bdtask Multi-Store Inventory Management S ...) + TODO: check +CVE-2024-2997 (A vulnerability was found in Bdtask Multi-Store Inventory Management S ...) + TODO: check +CVE-2024-2890 (Unrestricted Upload of File with Dangerous Type vulnerability in Tumul ...) + TODO: check +CVE-2024-2818 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) + TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 75bcd492 by security tracker role at 2024-03-27T20:12:37+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,17 +1,287 @@ -CVE-2024-28085 [escape sequence Injection in wall] +CVE-2024-30238 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-30186 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30185 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30184 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30183 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30182 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30181 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30180 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30179 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30178 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30177 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-2996 (A vulnerability was found in Bdtask Multi-Store Inventory Management S ...) + TODO: check +CVE-2024-2995 (A vulnerability was found in NUUO Camera up to 20240319 and classified ...) + TODO: check +CVE-2024-2994 (A vulnerability was found in Tenda FH1203 2.0.1.6. It has been declare ...) + TODO: check +CVE-2024-2993 (A vulnerability was found in Tenda FH1203 2.0.1.6. It has been classif ...) + TODO: check +CVE-2024-2992 (A vulnerability was found in Tenda FH1203 2.0.1.6 and classified as cr ...) + TODO: check +CVE-2024-2991 (A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified ...) + TODO: check +CVE-2024-2990 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-2989 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-2988 (A vulnerability classified as critical was found in Tenda FH1203 2.0.1 ...) + TODO: check +CVE-2024-2987 (A vulnerability classified as critical has been found in Tenda FH1202 ...) + TODO: check +CVE-2024-2986 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been r ...) + TODO: check +CVE-2024-2985 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been d ...) + TODO: check +CVE-2024-2984 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been c ...) + TODO: check +CVE-2024-2983 (A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified ...) + TODO: check +CVE-2024-2982 (A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and class ...) + TODO: check +CVE-2024-2981 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-2980 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-2979 (A vulnerability classified as critical was found in Tenda F1203 2.0.1. ...) + TODO: check +CVE-2024-2978 (A vulnerability classified as critical has been found in Tenda F1203 2 ...) + TODO: check +CVE-2024-2977 (A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as ...) + TODO: check +CVE-2024-2976 (A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared ...) + TODO: check +CVE-2024-2962 (The Networker - Tech News WordPress Theme with Dark Mode theme for Wor ...) + TODO: check +CVE-2024-29946 (In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashb ...) + TODO: check +CVE-2024-29945 (In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the softw ...) + TODO: check +CVE-2024-29936 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29935 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29933 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29932 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29931 (Improper Neutralization of Input During
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eb60c7f7 by security tracker role at 2024-03-27T08:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,283 @@ +CVE-2024-30201 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30199 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30198 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30197 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30196 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30194 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30193 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30192 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-2971 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negat ...) + TODO: check +CVE-2024-2956 (The Simple Ajax Chat \u2013 Add a Fast, Secure Chat Box plugin for Wor ...) + TODO: check +CVE-2024-2954 (The Action Network plugin for WordPress is vulnerable to SQL Injection ...) + TODO: check +CVE-2024-2945 (A vulnerability was found in Campcodes Online Examination System 1.0. ...) + TODO: check +CVE-2024-2944 (A vulnerability was found in Campcodes Online Examination System 1.0 a ...) + TODO: check +CVE-2024-2943 (A vulnerability has been found in Campcodes Online Examination System ...) + TODO: check +CVE-2024-2942 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-2941 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-2940 (A vulnerability classified as problematic was found in Campcodes Onlin ...) + TODO: check +CVE-2024-2939 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-2938 (A vulnerability was found in Campcodes Online Examination System 1.0. ...) + TODO: check +CVE-2024-2935 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-2934 (A vulnerability classified as critical was found in SourceCodester Tod ...) + TODO: check +CVE-2024-2932 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-2930 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...) + TODO: check +CVE-2024-2927 (A vulnerability was found in code-projects Mobile Shop 1.0. It has bee ...) + TODO: check +CVE-2024-2917 (A vulnerability was found in Campcodes House Rental Management System ...) + TODO: check +CVE-2024-2916 (A vulnerability was found in Campcodes House Rental Management System ...) + TODO: check +CVE-2024-2911 (A vulnerability, which was classified as problematic, was found in Tia ...) + TODO: check +CVE-2024-2910 (A vulnerability, which was classified as critical, has been found in R ...) + TODO: check +CVE-2024-2909 (A vulnerability classified as critical was found in Ruijie RG-EG350 up ...) + TODO: check +CVE-2024-2903 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been classi ...) + TODO: check +CVE-2024-2781 (The Elementor Website Builder Pro plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-2466 (libcurl did not check the server certificate of TLS connections done t ...) + TODO: check +CVE-2024-2398 (When an application tells libcurl it wants to allow HTTP/2 server push ...) + TODO: check +CVE-2024-2379 (libcurl skips the certificate verification for a QUIC connection under ...) + TODO: check +CVE-2024-2244 (REST service authentication anomaly with \u201cvalid username/no passw ...) + TODO: check +CVE-2024-2210 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-2209 (A user with administrative privileges can create a compromised dll fil ...) + TODO: check +CVE-2024-2206 (The /proxy route allows a user to proxy arbitrary urls including poten ...) + TODO: check +CVE-2024-2203 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-2139 (The Master Addons for Elementor plugin for WordPress is vulnerable to ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bfa62c8e by security tracker role at 2024-03-26T20:12:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,175 @@ +CVE-2024-30235 (Missing Authorization vulnerability in Themeisle Multiple Page Generat ...) + TODO: check +CVE-2024-30234 (Missing Authorization vulnerability in Wholesale Team WholesaleX.This ...) + TODO: check +CVE-2024-30233 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-30232 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-30231 (Unrestricted Upload of File with Dangerous Type vulnerability in WebTo ...) + TODO: check +CVE-2024-2955 (T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 a ...) + TODO: check +CVE-2024-2951 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Registrat ...) + TODO: check +CVE-2024-2929 (A memory corruption vulnerability in Rockwell Automation Arena Simulat ...) + TODO: check +CVE-2024-2921 (Improper access control in PAM vault permissions in Devolutions Server ...) + TODO: check +CVE-2024-2915 (Improper access control in PAM JIT elevation in Devolutions Server 202 ...) + TODO: check +CVE-2024-2906 (Missing Authorization vulnerability in SoftLab Radio Player.This issue ...) + TODO: check +CVE-2024-2904 (Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calli ...) + TODO: check +CVE-2024-2902 (A vulnerability was found in Tenda AC7 15.03.06.44 and classified as c ...) + TODO: check +CVE-2024-2901 (A vulnerability has been found in Tenda AC7 15.03.06.44 and classified ...) + TODO: check +CVE-2024-2900 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-2899 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-2898 (A vulnerability classified as critical was found in Tenda AC7 15.03.06 ...) + TODO: check +CVE-2024-2897 (A vulnerability classified as critical has been found in Tenda AC7 15. ...) + TODO: check +CVE-2024-2896 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated ...) + TODO: check +CVE-2024-2895 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been declar ...) + TODO: check +CVE-2024-2894 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been classi ...) + TODO: check +CVE-2024-2893 (A vulnerability was found in Tenda AC7 15.03.06.44 and classified as c ...) + TODO: check +CVE-2024-2892 (A vulnerability has been found in Tenda AC7 15.03.06.44 and classified ...) + TODO: check +CVE-2024-2891 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-2802 + REJECTED +CVE-2024-2452 (In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control ...) + TODO: check +CVE-2024-2214 (In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in th ...) + TODO: check +CVE-2024-2212 (In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() ...) + TODO: check +CVE-2024-29883 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...) + TODO: check +CVE-2024-29881 (TinyMCE is an open source rich text editor. A cross-site scripting (X ...) + TODO: check +CVE-2024-29833 (The image upload component allows SVG files and the regular expression ...) + TODO: check +CVE-2024-29832 (The current_url parameter of the AJAX call to the GalleryBox action of ...) + TODO: check +CVE-2024-29810 (The thumb_url parameter of the AJAX call to the editimage_bwg action o ...) + TODO: check +CVE-2024-29809 (The image_url parameter of the AJAX call to the editimage_bwg action o ...) + TODO: check +CVE-2024-29808 (The image_id parameter of the AJAX call to the editimage_bwg action of ...) + TODO: check +CVE-2024-29684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-29644 (Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before al ...) + TODO: check +CVE-2024-29401 (xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which ...) + TODO: check +CVE-2024-29203 (TinyMCE is an open source rich text editor. Across-site scripting (XSS ...) + TODO: check +CVE-2024-29197 (Pimcore is an Open Source Data & Experience Management Platform. Any c ...) + TODO: check +CVE-2024-28442 (Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows ...) + TODO: check +CVE-2024-28131 (EasyRange Ver 1.41 contains an issue with the executable
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 11a4c047 by security tracker role at 2024-03-26T08:11:50+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,63 @@ +CVE-2024-2889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-2888 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-2873 (A vulnerability was found in wolfSSH's server-side state machine befor ...) + TODO: check +CVE-2024-2732 (The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-2427 (A denial-of-service vulnerability exists in the Rockwell Automation Po ...) + TODO: check +CVE-2024-2426 (A denial-of-service vulnerability exists in the Rockwell Automation Po ...) + TODO: check +CVE-2024-2425 (A denial-of-service vulnerability exists in the Rockwell Automation Po ...) + TODO: check +CVE-2024-2303 (The Easy Textillate plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-2170 (The VK All in One Expansion Unit plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-29442 (An unauthorized access vulnerability has been discovered in ROS2 Humbl ...) + TODO: check +CVE-2024-29440 (An unauthorized access vulnerability has been discovered in ROS2 Humbl ...) + TODO: check +CVE-2024-29303 (The delete admin users function of SourceCodester PHP Task Management ...) + TODO: check +CVE-2024-29302 (SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Inj ...) + TODO: check +CVE-2024-29301 (SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Inj ...) + TODO: check +CVE-2024-29199 (Nautobot is a Network Source of Truth and Network Automation Platform. ...) + TODO: check +CVE-2024-29196 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) + TODO: check +CVE-2024-29195 (The azure-c-shared-utility is a C library for AMQP/MQTT communication ...) + TODO: check +CVE-2024-29189 (PyAnsys Geometry is a Python client library for the Ansys Geometry ser ...) + TODO: check +CVE-2024-29179 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) + TODO: check +CVE-2024-29041 (Express.js minimalist web framework for node. Versions of Express.js p ...) + TODO: check +CVE-2024-28421 (SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to ...) + TODO: check +CVE-2024-21914 (A vulnerability exists in the affected product that allows a malicious ...) + TODO: check +CVE-2024-1973 (By leveraging the vulnerability, lower-privileged users of Content Man ...) + TODO: check +CVE-2024-1745 (The Testimonial Slider WordPress plugin before 2.3.7 does not properly ...) + TODO: check +CVE-2024-0901 (Remotely executed SEGV and out of bounds read allows malicious packet ...) + TODO: check +CVE-2024-0866 (The Check & Log Email plugin for WordPress is vulnerable to Unauthenti ...) + TODO: check +CVE-2023-7232 (The Backup and Restore WordPress WordPress plugin through 1.45 does n ...) + TODO: check +CVE-2023-51416 (Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple Env\x ...) + TODO: check +CVE-2023-49839 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2023-47430 (Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 al ...) + TODO: check CVE-2024-30205 (In Emacs before 29.3, Org mode considers contents of remote files to b ...) - emacs 1:29.3+1-1 (bug #1067630) - org-mode (bug #1067663) @@ -26839,7 +26899,7 @@ CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel API [bullseye] - linux 5.10.197-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cfaa80c91f6f99b9342b6557f0f0e1143e434066 (6.6-rc2) -CVE-2023-6175 [NetScreen file parser crash] +CVE-2023-6175 (NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to ...) {DSA-5559-1 DLA-3746-1} - wireshark 4.0.11-1 [bullseye] - wireshark (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11a4c04707fe79ef9416e378eda7b315f67344b3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11a4c04707fe79ef9416e378eda7b315f67344b3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 72c71dc6 by security tracker role at 2024-03-25T20:12:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,200 +1,264 @@ -CVE-2021-47180 [NFC: nci: fix memory leak in nci_allocate_device] +CVE-2024-30205 (In Emacs before 29.3, Org mode considers contents of remote files to b ...) + TODO: check +CVE-2024-30204 (In Emacs before 29.3, LaTeX preview is enabled by default for e-mail a ...) + TODO: check +CVE-2024-30203 (In Emacs before 29.3, Gnus treats inline MIME contents as trusted.) + TODO: check +CVE-2024-30202 (In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turn ...) + TODO: check +CVE-2024-2865 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-2864 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29666 (Insecure Permissions vulnerability in Vehicle Monitoring platform syst ...) + TODO: check +CVE-2024-29650 (An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker ...) + TODO: check +CVE-2024-29515 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...) + TODO: check +CVE-2024-29025 (Netty is an asynchronous event-driven network application framework fo ...) + TODO: check +CVE-2024-28850 (WP Crontrol controls the cron events on WordPress websites. WP Crontr ...) + TODO: check +CVE-2024-28435 (The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file u ...) + TODO: check +CVE-2024-28434 (The CRM platform Twenty is vulnerable to stored cross site scripting v ...) + TODO: check +CVE-2024-28393 (SQL injection vulnerability in scalapay v.1.2.41 and before allows a r ...) + TODO: check +CVE-2024-28387 (An issue in axonaut v.3.1.23 and before allows a remote attacker to ob ...) + TODO: check +CVE-2024-28386 (An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remo ...) + TODO: check +CVE-2024-28246 (KaTeX is a JavaScript library for TeX math rendering on the web. Code ...) + TODO: check +CVE-2024-28245 (KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...) + TODO: check +CVE-2024-28244 (KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...) + TODO: check +CVE-2024-28243 (KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...) + TODO: check +CVE-2024-28183 (ESP-IDF is the development framework for Espressif SoCs supported on W ...) + TODO: check +CVE-2024-28108 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) + TODO: check +CVE-2024-28107 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) + TODO: check +CVE-2024-28106 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) + TODO: check +CVE-2024-28105 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) + TODO: check +CVE-2024-27300 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) + TODO: check +CVE-2024-27299 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) + TODO: check +CVE-2024-25964 (Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing ...) + TODO: check +CVE-2024-25175 (An issue in Kickdler before v1.107.0 allows attackers to provide an XS ...) + TODO: check +CVE-2024-25002 (Command Injection in the diagnostics interface of the Bosch Network Sy ...) + TODO: check +CVE-2023-48296 (OroPlatform is a PHP Business Application Platform (BAP). Navigation ...) + TODO: check +CVE-2023-45824 (OroPlatform is a PHP Business Application Platform (BAP). A logged in ...) + TODO: check +CVE-2021-47180 (In the Linux kernel, the following vulnerability has been resolved: N ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/e0652f8bb44d6294eeeac06d703185357f25d50b (5.13-rc4) -CVE-2021-47179 [NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()] +CVE-2021-47179 (In the Linux kernel, the following vulnerability has been resolved: N ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/a421d218603ffa822a0b8045055c03eae394a7eb (5.13-rc4) -CVE-2021-47178 [scsi: target: core: Avoid smp_processor_id() in preemptible code] +CVE-2021-47178 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.14.6-1 [buster] - linux (Vulnerable code not present)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d55976a by security tracker role at 2024-03-25T08:12:02+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,53 @@ +CVE-2024-2863 (This vulnerability allows remote attackers to traverse paths via file ...) + TODO: check +CVE-2024-2862 (This vulnerability allows remote attackers to reset the password of an ...) + TODO: check +CVE-2024-29216 (Exposed IOCTL with insufficient access control issue exists in cg6kwin ...) + TODO: check +CVE-2024-29194 (OneUptime is a solution for monitoring and managing online services. T ...) + TODO: check +CVE-2024-29188 (WiX toolset lets developers create installers for Windows Installer, t ...) + TODO: check +CVE-2024-29187 (WiX toolset lets developers create installers for Windows Installer, t ...) + TODO: check +CVE-2024-29071 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of week creden ...) + TODO: check +CVE-2024-29034 (CarrierWave is a solution for file uploads for Rails, Sinatra and othe ...) + TODO: check +CVE-2024-29009 (Cross-site request forgery (CSRF) vulnerability in easy-popup-show all ...) + TODO: check +CVE-2024-28041 (HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent una ...) + TODO: check +CVE-2024-24899 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) + TODO: check +CVE-2024-24897 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + TODO: check +CVE-2024-24892 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) + TODO: check +CVE-2024-24890 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) + TODO: check +CVE-2024-21865 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of week creden ...) + TODO: check +CVE-2024-21505 (Versions of the package web3-utils before 4.2.1 are vulnerable to Prot ...) + TODO: check +CVE-2024-1962 (The CM Download Manager WordPress plugin before 2.9.1 does not have C ...) + TODO: check +CVE-2024-1564 (The wp-schema-pro WordPress plugin before 2.7.16 does not validate pos ...) + TODO: check +CVE-2024-1232 (The CM Download Manager WordPress plugin before 2.9.0 does not have C ...) + TODO: check +CVE-2024-1231 (The CM Download Manager WordPress plugin before 2.9.0 does not have C ...) + TODO: check +CVE-2023-37886 (Missing Authorization vulnerability in InspiryThemes RealHomes.This is ...) + TODO: check +CVE-2023-37885 (Missing Authorization vulnerability in InspiryThemes RealHomes.This is ...) + TODO: check +CVE-2023-33923 (Missing Authorization vulnerability in HashThemes Viral News, HashThem ...) + TODO: check +CVE-2020-36826 (A vulnerability was found in AwesomestCode LiveBot. It has been classi ...) + TODO: check +CVE-2020-36825 (A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and ...) + TODO: check CVE-2024-27281 [RCE vulnerability with .rdoc_options in RDoc] - ruby3.2 - ruby3.1 @@ -62,7 +112,7 @@ CVE-2018-25100 (The Mojolicious module before 7.66 for Perl may leak cookies in NOTE: https://github.com/mojolicious/mojo/pull/1192 NOTE: https://github.com/mojolicious/mojo/issues/1185 NOTE: https://github.com/mojolicious/mojo/commit/c16a56a9d6575ddc53d15e76d58f0ebcb0eeb149 (v7.66) -CVE-2024-30187 [possibility to reset password for suspended accounts] +CVE-2024-30187 (Anope before 2.0.15 does not prevent resetting the password of a suspe ...) - anope 2.0.15-1 NOTE: https://github.com/anope/anope/issues/351 NOTE: https://github.com/anope/anope/commit/2b7872139c40ea5b0ca96c1d6595b7d5f9fa60a5 (2.0.15) @@ -1068,6 +1118,7 @@ CVE-2024-1145 (User enumeration vulnerability in Devklan's Alma Blog that affect CVE-2024-1144 (Improper access control vulnerability in Devklan's Alma Blog that affe ...) NOT-FOR-US: Devklan's Alma Blog CVE-2024-0450 (An issue was found in the CPython `zipfile` module affecting versions ...) + {DLA-3772-1 DLA-3771-1} - python3.12 3.12.2-1 - python3.11 3.11.8-1 - python3.10 @@ -1084,6 +1135,7 @@ CVE-2024-0450 (An issue was found in the CPython `zipfile` module affecting vers NOTE: https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51 (v3.9.19) NOTE: https://mail.python.org/archives/list/security-annou...@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/ CVE-2023-6597 (An issue was found in the CPython `tempfile.TemporaryDirectory` class ...) + {DLA-3772-1} - python3.12 3.12.1-1 - python3.11 3.11.8-1 - python3.10 @@ -19756,7 +19808,7 @@ CVE-2023-49356 (A stack
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c348e186 by security tracker role at 2024-03-24T08:11:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,29 @@ +CVE-2024-30161 (In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may acce ...) + TODO: check +CVE-2024-30156 (Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 L ...) + TODO: check +CVE-2024-2856 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-2855 (A vulnerability classified as critical was found in Tenda AC15 15.03.0 ...) + TODO: check +CVE-2024-2854 (A vulnerability classified as critical has been found in Tenda AC18 15 ...) + TODO: check +CVE-2024-2853 (A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It h ...) + TODO: check +CVE-2024-2852 (A vulnerability was found in Tenda AC15 15.03.20_multi. It has been de ...) + TODO: check +CVE-2024-2851 (A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It ...) + TODO: check +CVE-2024-2850 (A vulnerability was found in Tenda AC15 15.03.05.18 and classified as ...) + TODO: check +CVE-2024-24725 (Gibbon through 26.0.00 allows remote authenticated users to conduct PH ...) + TODO: check +CVE-2024-23755 (ClickUp Desktop before 3.3.77 on macOS and Windows allows code injecti ...) + TODO: check +CVE-2020-36827 (The XAO::Web module before 1.84 for Perl mishandles < and > characters ...) + TODO: check +CVE-2018-25100 (The Mojolicious module before 7.66 for Perl may leak cookies in certai ...) + TODO: check CVE-2024- [possibility to reset password for suspended accounts] - anope 2.0.15-1 NOTE: https://github.com/anope/anope/commit/2b7872139c40ea5b0ca96c1d6595b7d5f9fa60a5 (2.0.15) @@ -9,7 +35,7 @@ CVE-2024-24835 (Missing Authorization vulnerability in realmag777 BEAR.This issu NOT-FOR-US: WordPress plugin CVE-2024-24832 (Missing Authorization vulnerability in Metagauss EventPrime.This issue ...) NOT-FOR-US: WordPress plugin -CVE-2024-1603 (confirmed) +CVE-2024-1603 (paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision ...) TODO: check CVE-2024-2832 (A vulnerability classified as problematic was found in Campcodes Onlin ...) NOT-FOR-US: Campcodes Online Shopping System View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c348e186a10afd1123d022f2450bdf99a8741b2e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c348e186a10afd1123d022f2450bdf99a8741b2e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 54d00f8b by security tracker role at 2024-03-23T20:11:48+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2024-2849 (A vulnerability classified as critical was found in SourceCodester Sim ...) + TODO: check +CVE-2024-24840 (Missing Authorization vulnerability in BdThemes Element Pack Elementor ...) + TODO: check +CVE-2024-24835 (Missing Authorization vulnerability in realmag777 BEAR.This issue affe ...) + TODO: check +CVE-2024-24832 (Missing Authorization vulnerability in Metagauss EventPrime.This issue ...) + TODO: check +CVE-2024-1603 (confirmed) + TODO: check CVE-2024-2832 (A vulnerability classified as problematic was found in Campcodes Onlin ...) NOT-FOR-US: Campcodes Online Shopping System CVE-2024-2688 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) @@ -66,6 +76,7 @@ CVE-2024-2228 (This vulnerability allows an authenticated user to perform a Life CVE-2024-2227 (This vulnerability allows access to arbitrary files in the application ...) NOT-FOR-US: Sailpoint CVE-2024-29944 (An attacker was able to inject an event handler into a privileged obje ...) + {DSA-5645-1} - firefox 124.0.1-1 (bug #1067523) - firefox-esr 115.9.1esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29944 @@ -1047,7 +1058,7 @@ CVE-2024-27439 (An error in the evaluation of the fetch metadata headers could a CVE-2024-24683 (Improper Input Validation vulnerability in Apache Hop Engine.This issu ...) NOT-FOR-US: Apache Hop Engine CVE-2024-2616 (To harden ICU against exploitation, the behavior for out-of-memory con ...) - {DSA-5644-1 DSA-5643-1} + {DSA-5644-1 DSA-5643-1 DLA-3769-1} - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2616 @@ -1056,7 +1067,7 @@ CVE-2024-2615 (Memory safety bugs present in Firefox 123. Some of these bugs sho - firefox 124.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2615 CVE-2024-2614 (Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thun ...) - {DSA-5644-1 DSA-5643-1} + {DSA-5644-1 DSA-5643-1 DLA-3769-1} - firefox 124.0-1 - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 @@ -1067,7 +1078,7 @@ CVE-2024-2613 (Data was not properly sanitized when decoding a QUIC ACK frame; t - firefox 124.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2613 CVE-2024-2612 (If an attacker could find a way to trigger a particular code path in ` ...) - {DSA-5644-1 DSA-5643-1} + {DSA-5644-1 DSA-5643-1 DLA-3769-1} - firefox 124.0-1 - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 @@ -1075,7 +1086,7 @@ CVE-2024-2612 (If an attacker could find a way to trigger a particular code path NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2612 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2612 CVE-2024-2611 (A missing delay on when pointer lock was used could have allowed a mal ...) - {DSA-5644-1 DSA-5643-1} + {DSA-5644-1 DSA-5643-1 DLA-3769-1} - firefox 124.0-1 - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 @@ -1083,7 +1094,7 @@ CVE-2024-2611 (A missing delay on when pointer lock was used could have allowed NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2611 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2611 CVE-2024-2610 (Using a markup injection an attacker could have stolen nonce values. T ...) - {DSA-5644-1 DSA-5643-1} + {DSA-5644-1 DSA-5643-1 DLA-3769-1} - firefox 124.0-1 - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 @@ -1094,7 +1105,7 @@ CVE-2024-2609 (The permission prompt input delay could have expired while the wi - firefox 124.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609 CVE-2024-2608 (`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and ...) - {DSA-5644-1 DSA-5643-1} + {DSA-5644-1 DSA-5643-1 DLA-3769-1} - firefox 124.0-1 - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 @@ -1102,7 +1113,7 @@ CVE-2024-2608 (`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding() NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2608 NOTE:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d28d28e5 by security tracker role at 2024-03-23T08:11:48+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,29 @@ +CVE-2024-2832 (A vulnerability classified as problematic was found in Campcodes Onlin ...) + TODO: check +CVE-2024-2688 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) + TODO: check +CVE-2024-2468 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) + TODO: check +CVE-2024-2326 (The Pretty Links \u2013 Affiliate Links, Link Branding, Link Tracking ...) + TODO: check +CVE-2024-2202 (The Page Builder by SiteOrigin plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-2131 (The Move Addons for Elementor plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-2025 (The "BuddyPress WooCommerce My Account Integration. Create WooCommerce ...) + TODO: check +CVE-2024-29190 (Mobile Security Framework (MobSF) is a pen-testing, malware analysis a ...) + TODO: check +CVE-2024-29059 (.NET Framework Information Disclosure Vulnerability) + TODO: check +CVE-2024-29057 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + TODO: check +CVE-2024-26247 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) + TODO: check +CVE-2024-1697 (The Custom WooCommerce Checkout Fields Editor plugin for WordPress is ...) + TODO: check +CVE-2024-1049 (The Page Builder Gutenberg Blocks \u2013 CoBlocks plugin for WordPress ...) + TODO: check CVE-2024-2828 (A vulnerability, which was classified as critical, was found in lakern ...) NOT-FOR-US: lakernote EasyAdmin CVE-2024-2827 (A vulnerability, which was classified as critical, has been found in l ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d28d28e51d511ea97fa9ab342677ddcc080fe417 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d28d28e51d511ea97fa9ab342677ddcc080fe417 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b2e733d0 by security tracker role at 2024-03-22T20:12:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,87 @@ +CVE-2024-2828 (A vulnerability, which was classified as critical, was found in lakern ...) + TODO: check +CVE-2024-2827 (A vulnerability, which was classified as critical, has been found in l ...) + TODO: check +CVE-2024-2826 (A vulnerability classified as problematic was found in lakernote EasyA ...) + TODO: check +CVE-2024-2825 (A vulnerability classified as critical has been found in lakernote Eas ...) + TODO: check +CVE-2024-2824 (A vulnerability was found in Matthias-Wandel jhead 3.08 and classified ...) + TODO: check +CVE-2024-2823 (A vulnerability has been found in DedeCMS 5.7 and classified as proble ...) + TODO: check +CVE-2024-2822 (A vulnerability, which was classified as problematic, was found in Ded ...) + TODO: check +CVE-2024-2821 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-2820 (A vulnerability classified as problematic was found in DedeCMS 5.7. Af ...) + TODO: check +CVE-2024-2728 (Information exposure vulnerability in the CIGESv2 system. This vulnera ...) + TODO: check +CVE-2024-2727 (HTML injection vulnerability affecting the CIGESv2 system, which allow ...) + TODO: check +CVE-2024-2726 (Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the C ...) + TODO: check +CVE-2024-2725 (Information exposure vulnerability in the CIGESv2 system. A remote att ...) + TODO: check +CVE-2024-2724 (SQL injection vulnerability in the CIGESv2 system, through/ajaxServici ...) + TODO: check +CVE-2024-2723 (SQL injection vulnerability in the CIGESv2 system, through/ajaxSubServ ...) + TODO: check +CVE-2024-2722 (SQL injection vulnerability in the CIGESv2 system, through/ajaxConfigT ...) + TODO: check +CVE-2024-2449 (A cross-site request forgery vulnerability has been identified in Load ...) + TODO: check +CVE-2024-2448 (An OS command injection vulnerability has been identified in LoadMaste ...) + TODO: check +CVE-2024-2228 (This vulnerability allows an authenticated user to perform a Lifecycle ...) + TODO: check +CVE-2024-2227 (This vulnerability allows access to arbitrary files in the application ...) + TODO: check +CVE-2024-29944 (An attacker was able to inject an event handler into a privileged obje ...) + TODO: check +CVE-2024-29943 (An attacker was able to perform an out-of-bounds read or write on a Ja ...) + TODO: check +CVE-2024-29865 (Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page ...) + TODO: check +CVE-2024-29499 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...) + TODO: check +CVE-2024-29385 (DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execu ...) + TODO: check +CVE-2024-29366 (A command injection vulnerability exists in the cgibin binary in DIR-8 ...) + TODO: check +CVE-2024-29338 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...) + TODO: check +CVE-2024-29186 (Bref is an open-source project that helps users go serverless on Amazo ...) + TODO: check +CVE-2024-29185 (FreeScout is a self-hosted help desk and shared mailbox. Versions prio ...) + TODO: check +CVE-2024-29184 (FreeScout is a self-hosted help desk and shared mailbox. A Stored Cros ...) + TODO: check +CVE-2024-29042 (Translate is a package that allows users to convert text to different ...) + TODO: check +CVE-2024-28861 (Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a P ...) + TODO: check +CVE-2024-28824 (Least privilege violation and reliance on untrusted inputs in the mk_i ...) + TODO: check +CVE-2024-28593 (The Chat activity in Moodle 4.3.3 allows students to insert a potentia ...) + TODO: check +CVE-2024-28560 (SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows ...) + TODO: check +CVE-2024-28559 (SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows ...) + TODO: check +CVE-2024-25168 (SQL injection vulnerability in snow snow v.2.0.0 allows a remote attac ...) + TODO: check +CVE-2024-1848 (Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out ...) + TODO: check +CVE-2024-1742 (Invocation of the sqlplus command with sensitive information in the co ...) + TODO: check +CVE-2024-0638 (Least privilege violation in the Checkmk agent plugins mk_oracle, mk_o ...) + TODO: check +CVE-2023-4063 (Certain HP OfficeJet Pro printers are potentially vulnerable to a Deni ...) + TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 80f3dc92 by security tracker role at 2024-03-22T08:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,125 @@ +CVE-2024-2817 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-2816 (A vulnerability classified as problematic was found in Tenda AC15 15.0 ...) + TODO: check +CVE-2024-2815 (A vulnerability classified as critical has been found in Tenda AC15 15 ...) + TODO: check +CVE-2024-2814 (A vulnerability was found in Tenda AC15 15.03.20_multi. It has been ra ...) + TODO: check +CVE-2024-2813 (A vulnerability was found in Tenda AC15 15.03.20_multi. It has been de ...) + TODO: check +CVE-2024-2812 (A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It ...) + TODO: check +CVE-2024-2811 (A vulnerability was found in Tenda AC15 15.03.20_multi and classified ...) + TODO: check +CVE-2024-2810 (A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_mult ...) + TODO: check +CVE-2024-2809 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-2808 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-2807 (A vulnerability classified as critical was found in Tenda AC15 15.03.0 ...) + TODO: check +CVE-2024-2806 (A vulnerability classified as critical has been found in Tenda AC15 15 ...) + TODO: check +CVE-2024-2805 (A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It ...) + TODO: check +CVE-2024-2780 (A vulnerability was found in Campcodes Online Marriage Registration Sy ...) + TODO: check +CVE-2024-2779 (A vulnerability was found in Campcodes Online Marriage Registration Sy ...) + TODO: check +CVE-2024-2778 (A vulnerability was found in Campcodes Online Marriage Registration Sy ...) + TODO: check +CVE-2024-2777 (A vulnerability has been found in Campcodes Online Marriage Registrati ...) + TODO: check +CVE-2024-2776 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-2775 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-2774 (A vulnerability classified as critical was found in Campcodes Online M ...) + TODO: check +CVE-2024-2773 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-2770 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...) + TODO: check +CVE-2024-2769 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...) + TODO: check +CVE-2024-2768 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...) + TODO: check +CVE-2024-2767 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...) + TODO: check +CVE-2024-2766 (A vulnerability has been found in Campcodes Complete Online Beauty Par ...) + TODO: check +CVE-2024-2764 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-2763 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-2500 (The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Sc ...) + TODO: check +CVE-2024-2453 (There is an SQL injection vulnerability in Advantech WebAccess/SCADA s ...) + TODO: check +CVE-2024-2392 (The Blocksy Companion plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-2080 (The LiquidPoll \u2013 Polls, Surveys, NPS and Feedback Reviews plugin ...) + TODO: check +CVE-2024-29275 (SQL injection vulnerability in SeaCMS version 12.9, allows remote unau ...) + TODO: check +CVE-2024-29273 (There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 ...) + TODO: check +CVE-2024-29272 (Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, a ...) + TODO: check +CVE-2024-29271 (Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before v ...) + TODO: check +CVE-2024-29031 (Meshery is an open source, cloud native manager that enables the desig ...) + TODO: check +CVE-2024-28891 (SQL injection vulnerability exists in the script Handler_CFG.ashx.) + TODO: check +CVE-2024-28863 (node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no ...) + TODO: check +CVE-2024-28756 (The SolarEdge mySolarEdge application before 2.20.1 for Android has a ...) + TODO: check +CVE-2024-28521 (SQL Injection vulnerability in Netcome NS-ASG Application Security Gat ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 86f41086 by security tracker role at 2024-03-21T20:12:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,30 +1,162 @@ -CVE-2024-26643 [netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout] +CVE-2024-2742 (Operating system command injection vulnerability in Planet IGS-4215-16 ...) + TODO: check +CVE-2024-2741 (Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T ...) + TODO: check +CVE-2024-2740 (Information exposure vulnerability in Planet IGS-4215-16T2S, affecting ...) + TODO: check +CVE-2024-2580 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-2579 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-2578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-2494 (A flaw was found in the RPC library APIs of libvirt. The RPC server de ...) + TODO: check +CVE-2024-2465 (Open redirection vulnerability in CDeX applicationallows to redirect u ...) + TODO: check +CVE-2024-2464 (This issue occurs during password recovery, where a difference in mess ...) + TODO: check +CVE-2024-2463 (Weak password recovery mechanism in CDeX application allows to retriev ...) + TODO: check +CVE-2024-29937 (NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and Free ...) + TODO: check +CVE-2024-29916 (The dormakaba Saflok system before the November 2023 software update a ...) + TODO: check +CVE-2024-29880 (In JetBrains TeamCity before 2023.11 users with access to the agent ma ...) + TODO: check +CVE-2024-29879 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through / ...) + TODO: check +CVE-2024-29878 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through / ...) + TODO: check +CVE-2024-29877 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through / ...) + TODO: check +CVE-2024-29876 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/in ...) + TODO: check +CVE-2024-29875 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/ind ...) + TODO: check +CVE-2024-29874 (SQL injection vulnerability in Sentrifugo 3.2, through/sentrifugo/inde ...) + TODO: check +CVE-2024-29873 (SQL injection vulnerability in Sentrifugo 3.2, through/sentrifugo/inde ...) + TODO: check +CVE-2024-29872 (SQL injection vulnerability in Sentrifugo 3.2, through/sentrifugo/inde ...) + TODO: check +CVE-2024-29871 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/ind ...) + TODO: check +CVE-2024-29870 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/ind ...) + TODO: check +CVE-2024-29866 (Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Inco ...) + TODO: check +CVE-2024-29732 (A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewe ...) + TODO: check +CVE-2024-29374 (A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3. ...) + TODO: check +CVE-2024-29244 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discover ...) + TODO: check +CVE-2024-29243 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discover ...) + TODO: check +CVE-2024-29180 (Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware ...) + TODO: check +CVE-2024-29019 (ESPHome is a system to control microcontrollers remotely through Home ...) + TODO: check +CVE-2024-28402 (TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-s ...) + TODO: check +CVE-2024-27995 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27994 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27993 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27992 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27991 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27990 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27989 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27988 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27985 (Deserialization of Untrusted Data vulnerability in PropertyHive.This i ...) + TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9e28796b by security tracker role at 2024-03-21T08:11:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,79 @@ +CVE-2024-2754 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-2748 (A Cross Site Request Forgery vulnerability was identified in GitHub En ...) + TODO: check +CVE-2024-2720 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-2719 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-2718 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) + TODO: check +CVE-2024-2717 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) + TODO: check +CVE-2024-2469 (An attacker with an Administrator role in GitHub Enterprise Server cou ...) + TODO: check +CVE-2024-2443 (A command injection vulnerability was identified in GitHub Enterprise ...) + TODO: check +CVE-2024-2162 (An OS Command Injection vulnerability in Kiloview NDI allows a low-pri ...) + TODO: check +CVE-2024-2161 (Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated ...) + TODO: check +CVE-2024-29864 (Distrobox before 1.7.0.1 allows attackers to execute arbitrary code vi ...) + TODO: check +CVE-2024-29862 (The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4. ...) + TODO: check +CVE-2024-29859 (In MISP before 2.4.187, add_misp_export in app/Controller/EventsContro ...) + TODO: check +CVE-2024-29858 (In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsCo ...) + TODO: check +CVE-2024-29474 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) + TODO: check +CVE-2024-29473 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) + TODO: check +CVE-2024-29472 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) + TODO: check +CVE-2024-29471 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) + TODO: check +CVE-2024-29470 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) + TODO: check +CVE-2024-29469 (A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 al ...) + TODO: check +CVE-2024-29037 (datahub-helm provides the Kubernetes Helm charts for deploying Datahub ...) + TODO: check +CVE-2024-29036 (Saleor Storefront is software for building e-commerce experiences. Pri ...) + TODO: check +CVE-2024-29033 (OAuthenticator provides plugins for JupyterHub to use common OAuth pro ...) + TODO: check +CVE-2024-29032 (Qiskit IBM Runtime is an environment that streamlines quantum computat ...) + TODO: check +CVE-2024-29026 (Owncast is an open source, self-hosted, decentralized, single user liv ...) + TODO: check +CVE-2024-29018 (Moby is an open source container framework that is a key component of ...) + TODO: check +CVE-2024-28916 (Xbox Gaming Services Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-28835 (A flaw has been discovered in GnuTLS where an application crash can be ...) + TODO: check +CVE-2024-28635 (Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v. ...) + TODO: check +CVE-2024-25294 (An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sens ...) + TODO: check +CVE-2024-24050 (Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Jou ...) + TODO: check +CVE-2024-22724 (An issue was discovered in osCommerce v4, allows local attackers to by ...) + TODO: check +CVE-2024-1538 (The File Manager plugin for WordPress is vulnerable to Cross-Site Requ ...) + TODO: check +CVE-2024-1148 (Weak access control in OpenText PVCS Version Manager allows potential ...) + TODO: check +CVE-2024-1147 (Weak access control in OpenText PVCS Version Manager allows potential ...) + TODO: check +CVE-2023-48903 (Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpre ...) + TODO: check +CVE-2023-48902 (An issue was discovered in tramyardg autoexpress version 1.3.0, allows ...) + TODO: check +CVE-2023-48901 (A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, ...) + TODO: check CVE-2024-2721 (Deserialization of Untrusted Data vulnerability in Social Media Share ...) NOT-FOR-US: WordPress plugin CVE-2024-2716 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) View it on GitLab:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7e10c034 by security tracker role at 2024-03-20T20:12:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,28 +1,142 @@ -CVE-2024-2631 +CVE-2024-2721 (Deserialization of Untrusted Data vulnerability in Social Media Share ...) + TODO: check +CVE-2024-2716 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) + TODO: check +CVE-2024-2715 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) + TODO: check +CVE-2024-2714 (A vulnerability has been found in Campcodes Complete Online DJ Booking ...) + TODO: check +CVE-2024-2713 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-2712 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-2711 (A vulnerability was found in Tenda AC10U 15.03.06.48. It has been rate ...) + TODO: check +CVE-2024-2710 (A vulnerability was found in Tenda AC10U 15.03.06.49. It has been decl ...) + TODO: check +CVE-2024-2709 (A vulnerability was found in Tenda AC10U 15.03.06.49. It has been clas ...) + TODO: check +CVE-2024-2708 (A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as ...) + TODO: check +CVE-2024-2707 (A vulnerability has been found in Tenda AC10U 15.03.06.49 and classifi ...) + TODO: check +CVE-2024-2706 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-2705 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-2704 (A vulnerability classified as critical was found in Tenda AC10U 15.03. ...) + TODO: check +CVE-2024-2703 (A vulnerability classified as critical has been found in Tenda AC10U 1 ...) + TODO: check +CVE-2024-2702 (Missing Authorization vulnerability in Olive Themes Olive One Click De ...) + TODO: check +CVE-2024-2690 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...) + TODO: check +CVE-2024-2687 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...) + TODO: check +CVE-2024-2686 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...) + TODO: check +CVE-2024-2685 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-2684 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-2683 (A vulnerability classified as problematic was found in Campcodes Onlin ...) + TODO: check +CVE-2024-2291 (In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.1 ...) + TODO: check +CVE-2024-29419 (There is a Cross-site scripting (XSS) vulnerability in the Wireless se ...) + TODO: check +CVE-2024-28868 (Umbraco is an ASP.NET content management system. Umbraco 10 prior to 1 ...) + TODO: check +CVE-2024-28735 (An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 ...) + TODO: check +CVE-2024-28396 (An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a r ...) + TODO: check +CVE-2024-28395 (SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and befo ...) + TODO: check +CVE-2024-28392 (SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and befor ...) + TODO: check +CVE-2024-28286 (In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was de ...) + TODO: check +CVE-2024-28231 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) + TODO: check +CVE-2024-28179 (Jupyter Server Proxy allows users to run arbitrary external processes ...) + TODO: check +CVE-2024-27286 (Zulip is an open-source team collaboration. When a user moves a Zulip ...) + TODO: check +CVE-2024-27105 (Frappe is a full-stack web application framework. Prior to versions 14 ...) + TODO: check +CVE-2024-24813 (Frappe is a full-stack web application framework. Prior to versions 14 ...) + TODO: check +CVE-2024-23821 (GeoServer is an open source software server written in Java that allow ...) + TODO: check +CVE-2024-23819 (GeoServer is an open source software server written in Java that allow ...) + TODO: check +CVE-2024-23818 (GeoServer is an open source software server written in Java that allow ...) + TODO: check +CVE-2024-23721 (A Directory Traversal issue was discovered in process_post on Draytek ...) + TODO: check +CVE-2024-23643 (GeoServer is an open source software server written in Java that allow ...) + TODO: check +CVE-2024-23642 (GeoServer is an open source software server written in Java that allow ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f0d7d465 by security tracker role at 2024-03-20T08:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,183 @@ +CVE-2024-2682 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-2681 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) + TODO: check +CVE-2024-2680 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) + TODO: check +CVE-2024-2679 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) + TODO: check +CVE-2024-2678 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...) + TODO: check +CVE-2024-2677 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...) + TODO: check +CVE-2024-2676 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-2675 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-2674 (A vulnerability classified as critical was found in Campcodes Online J ...) + TODO: check +CVE-2024-2673 (A vulnerability classified as critical has been found in Campcodes Onl ...) + TODO: check +CVE-2024-2672 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) + TODO: check +CVE-2024-2671 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) + TODO: check +CVE-2024-2670 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) + TODO: check +CVE-2024-2669 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...) + TODO: check +CVE-2024-2668 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...) + TODO: check +CVE-2024-2649 (A vulnerability has been found in Netentsec NS-ASG Application Securit ...) + TODO: check +CVE-2024-2648 (A vulnerability, which was classified as problematic, was found in Net ...) + TODO: check +CVE-2024-2647 (A vulnerability, which was classified as critical, has been found in N ...) + TODO: check +CVE-2024-2646 (A vulnerability classified as critical was found in Netentsec NS-ASG A ...) + TODO: check +CVE-2024-2645 (A vulnerability classified as problematic has been found in Netentsec ...) + TODO: check +CVE-2024-2644 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) + TODO: check +CVE-2024-2642 (A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It h ...) + TODO: check +CVE-2024-2641 (A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It h ...) + TODO: check +CVE-2024-2538 (The Permalink Manager Lite plugin for WordPress is vulnerable to unaut ...) + TODO: check +CVE-2024-2474 (The Standout Color Boxes and Buttons plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-2460 (The GamiPress \u2013 Button plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2024-2459 (The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) + TODO: check +CVE-2024-2387 (The Advanced Form Integration \u2013 Connect WooCommerce and Contact F ...) + TODO: check +CVE-2024-2384 (The WooCommerce POS plugin for WordPress is vulnerable to information ...) + TODO: check +CVE-2024-2304 (The Animated Headline plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-2255 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) + TODO: check +CVE-2024-2197 (Chirp Access improperly stores credentials within its source code, pot ...) + TODO: check +CVE-2024-2129 (The WPBITS Addons For Elementor Page Builder plugin for WordPress is v ...) + TODO: check +CVE-2024-2124 (The Translate WordPress and go Multilingual \u2013 Weglot plugin for W ...) + TODO: check +CVE-2024-28715 (Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows ...) + TODO: check +CVE-2024-28584 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...) + TODO: check +CVE-2024-28583 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) + TODO: check +CVE-2024-28582 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) + TODO: check +CVE-2024-28581 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) + TODO: check +CVE-2024-28580 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) + TODO: check +CVE-2024-28579 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e34bca1c by security tracker role at 2024-03-19T20:12:33+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,67 +1,235 @@ -CVE-2024-27439 +CVE-2024-2639 (A vulnerability was found in Bdtask Wholesale Inventory Management Sys ...) + TODO: check +CVE-2024-2636 (An Unrestricted Upload of File vulnerability has been found on Cegid M ...) + TODO: check +CVE-2024-2635 (The configuration pages available are not intended to be placed on an ...) + TODO: check +CVE-2024-2634 (A Cross-Site Scripting Vulnerability has been found on Meta4 HR affect ...) + TODO: check +CVE-2024-2633 (A Cross-Site Scripting Vulnerability has been found on Meta4 HR affect ...) + TODO: check +CVE-2024-2632 (A Information Exposure Vulnerability has been found on Meta4 HR. This ...) + TODO: check +CVE-2024-2545 + REJECTED +CVE-2024-2442 (Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path ...) + TODO: check +CVE-2024-2307 (A flaw was found in osbuild-composer. A condition can be triggered tha ...) + TODO: check +CVE-2024-2169 (Implementations of UDP application protocol are vulnerable to network ...) + TODO: check +CVE-2024-29143 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29142 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29141 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29140 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29139 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29138 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29137 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29136 (Deserialization of Untrusted Data vulnerability in Themefic Tourfic.Th ...) + TODO: check +CVE-2024-29135 (Unrestricted Upload of File with Dangerous Type vulnerability in Tourf ...) + TODO: check +CVE-2024-29134 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29130 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29129 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29128 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29127 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29126 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29125 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29124 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29123 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29122 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29121 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29118 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29117 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29116 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29115 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29114 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29113 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29112 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29111 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29110 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29109 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29108 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-29107 (Improper Neutralization of
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3e2f4d37 by security tracker role at 2024-03-19T08:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,61 @@ +CVE-2024-2622 (A vulnerability was found in Fujian Kelixin Communication Command and ...) + TODO: check +CVE-2024-2621 (A vulnerability was found in Fujian Kelixin Communication Command and ...) + TODO: check +CVE-2024-2620 (A vulnerability has been found in Fujian Kelixin Communication Command ...) + TODO: check +CVE-2024-2604 (A vulnerability was found in SourceCodester File Manager App 1.0. It h ...) + TODO: check +CVE-2024-28865 (django-wiki is a wiki system for Django. Installations of django-wiki ...) + TODO: check +CVE-2024-28864 (SecureProps is a PHP library designed to simplify the encryption and d ...) + TODO: check +CVE-2024-28855 (ZITADEL, open source authentication management software, uses Go templ ...) + TODO: check +CVE-2024-28447 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discove ...) + TODO: check +CVE-2024-28446 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discove ...) + TODO: check +CVE-2024-28250 (Cilium is a networking, observability, and security solution with an e ...) + TODO: check +CVE-2024-28249 (Cilium is a networking, observability, and security solution with an e ...) + TODO: check +CVE-2024-28248 (Cilium is a networking, observability, and security solution with an e ...) + TODO: check +CVE-2024-28237 (OctoPrint provides a web interface for controlling consumer 3D printer ...) + TODO: check +CVE-2024-26369 (An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x ...) + TODO: check +CVE-2024-25942 (Dell PowerEdge Server BIOS contains an Improper SMM communication buff ...) + TODO: check +CVE-2024-24578 (RaspberryMatic is an open-source operating system for HomeMatic intern ...) + TODO: check +CVE-2024-24043 (Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and befo ...) + TODO: check +CVE-2024-24042 (Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and bef ...) + TODO: check +CVE-2024-2 (LDAP Account Manager (LAM) is a webfrontend for managing entries store ...) + TODO: check +CVE-2024-22453 (Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulne ...) + TODO: check +CVE-2024-22412 (ClickHouse is an open-source column-oriented database management syste ...) + TODO: check +CVE-2024-21504 (Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 ...) + TODO: check +CVE-2024-21503 (Versions of the package black before 24.3.0 are vulnerable to Regular ...) + TODO: check +CVE-2024-0055 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...) + TODO: check +CVE-2024-0054 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...) + TODO: check +CVE-2023-40280 (An issue was discovered in OpenClinic GA 5.247.01. An attacker can per ...) + TODO: check +CVE-2023-40277 (An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-S ...) + TODO: check +CVE-2023-40276 (An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated ...) + TODO: check +CVE-2023-40275 (An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval ...) + TODO: check CVE-2024-2599 (File upload restriction evasion vulnerability in AMSS++ version 4.31. ...) NOT-FOR-US: AMSS++ CVE-2024-2598 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) @@ -6502,7 +6560,7 @@ CVE-2024-26594 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/92e470163d96df8db6c4fa0f484e4a229edb903d (6.8-rc1) -CVE-2024-22025 +CVE-2024-22025 (A vulnerability in Node.js has been identified, allowing for a Denial ...) - nodejs 18.19.1+dfsg-1 NOTE: https://nodejs.org/en/blog/release/v18.19.1 NOTE: https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda (v18.x) @@ -8112,7 +8170,7 @@ CVE-2023-46809 NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#nodejs-is-vulnerable-to-the-marvin-attack-timing-variant-of-the-bleichenbacher-attack-against-pkcs1-v15-padding-cve-2023-46809---medium NOTE: https://github.com/nodejs/node/commit/d3d357ab096884f10f5d2f164149727eea875635 (v18.x) NOTE: https://github.com/nodejs/node/commit/54cd268059626800dbe1e02a88b28d9538cf5587 (main) -CVE-2024-22017 +CVE-2024-22017 (setuid() does not
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ee66efae by security tracker role at 2024-03-18T20:12:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,97 +1,345 @@ -CVE-2024-26641 [ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()] +CVE-2024-2599 (File upload restriction evasion vulnerability in AMSS++ version 4.31. ...) + TODO: check +CVE-2024-2598 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) + TODO: check +CVE-2024-2597 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) + TODO: check +CVE-2024-2596 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) + TODO: check +CVE-2024-2595 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) + TODO: check +CVE-2024-2594 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) + TODO: check +CVE-2024-2593 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) + TODO: check +CVE-2024-2592 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) + TODO: check +CVE-2024-2591 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) + TODO: check +CVE-2024-2590 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) + TODO: check +CVE-2024-2589 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) + TODO: check +CVE-2024-2588 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) + TODO: check +CVE-2024-2587 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) + TODO: check +CVE-2024-2586 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) + TODO: check +CVE-2024-2585 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) + TODO: check +CVE-2024-2584 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) + TODO: check +CVE-2024-2390 (As a part of Tenable\u2019s vulnerability disclosure program, a vulner ...) + TODO: check +CVE-2024-2229 (CWE-502: Deserialization of Untrusted Data vulnerability exists that c ...) + TODO: check +CVE-2024-2052 (CWE-552: Files or Directories Accessible to External Parties vulnerabi ...) + TODO: check +CVE-2024-2051 (CWE-307: Improper Restriction of Excessive Authentication Attempts vul ...) + TODO: check +CVE-2024-2050 (CWE-79: Improper Neutralization of Input During Web Page Generation (\ ...) + TODO: check +CVE-2024-28550 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the file ...) + TODO: check +CVE-2024-28547 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the fire ...) + TODO: check +CVE-2024-28537 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page ...) + TODO: check +CVE-2024-28039 (Improper restriction of XML external entity references vulnerability e ...) + TODO: check +CVE-2024-27937 (GLPI is a Free Asset and IT Management Software package, Data center m ...) + TODO: check +CVE-2024-27930 (GLPI is a Free Asset and IT Management Software package, Data center m ...) + TODO: check +CVE-2024-27914 (GLPI is a Free Asset and IT Management Software package, Data center m ...) + TODO: check +CVE-2024-27774 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...) + TODO: check +CVE-2024-27773 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...) + TODO: check +CVE-2024-27772 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...) + TODO: check +CVE-2024-27771 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...) + TODO: check +CVE-2024-27770 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CW ...) + TODO: check +CVE-2024-27769 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CW ...) + TODO: check +CVE-2024-27768 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE- ...) + TODO: check +CVE-2024-27767 (CWE-287: Improper Authentication may allow Authentication Bypass) + TODO: check +CVE-2024-27104 (GLPI is a Free Asset and IT Management Software package, Data center m ...) + TODO: check +CVE-2024-27098 (GLPI is a Free Asset and IT Management Software package, Data center m ...) + TODO: check +CVE-2024-27096 (GLPI is a Free Asset and IT Management Software package, Data center m ...) + TODO: check +CVE-2024-26125 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) + TODO: check +CVE-2024-26124 (Adobe Experience
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 71b05686 by security tracker role at 2024-03-18T08:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,77 @@ +CVE-2024-2581 (A vulnerability was found in Tenda AC10 16.03.10.13 and classified as ...) + TODO: check +CVE-2024-2577 (A vulnerability has been found in SourceCodester Employee Task Managem ...) + TODO: check +CVE-2024-2576 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-2575 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-2574 (A vulnerability classified as critical was found in SourceCodester Emp ...) + TODO: check +CVE-2024-2573 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-2572 (A vulnerability was found in SourceCodester Employee Task Management S ...) + TODO: check +CVE-2024-2571 (A vulnerability was found in SourceCodester Employee Task Management S ...) + TODO: check +CVE-2024-2570 (A vulnerability was found in SourceCodester Employee Task Management S ...) + TODO: check +CVE-2024-2569 (A vulnerability was found in SourceCodester Employee Task Management S ...) + TODO: check +CVE-2024-2568 (A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classifi ...) + TODO: check +CVE-2024-2567 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + TODO: check +CVE-2024-29156 (In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, th ...) + TODO: check +CVE-2024-29154 (danielmiessler fabric through 1.3.0 allows installer/client/gui/static ...) + TODO: check +CVE-2024-29151 (Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which doe ...) + TODO: check +CVE-2024-28745 (Improper export of Android application components issue exists in 'ABE ...) + TODO: check +CVE-2024-28128 (Cross-site scripting vulnerability exists in FitNesse releases prior t ...) + TODO: check +CVE-2024-28125 (FitNesse all releases allows a remote authenticated attacker to execut ...) + TODO: check +CVE-2024-27974 (Cross-site request forgery vulnerability in FUJIFILM printers which im ...) + TODO: check +CVE-2024-27757 (flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XS ...) + TODO: check +CVE-2024-24539 (FusionPBX before 5.2.0 does not validate a session.) + TODO: check +CVE-2024-24230 (Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vul ...) + TODO: check +CVE-2024-23604 (Cross-site scripting vulnerability exists in FitNesse all releases, wh ...) + TODO: check +CVE-2024-23139 (An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1. ...) + TODO: check +CVE-2024-23138 (A maliciously crafted DWG file when parsed through Autodesk DWG TrueVi ...) + TODO: check +CVE-2024-22475 (Cross-site request forgery vulnerability in multiple printers and scan ...) + TODO: check +CVE-2024-21824 (Improper authentication vulnerability in exists in multiple printers a ...) + TODO: check +CVE-2023-52159 (A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x ...) + TODO: check +CVE-2023-40747 (Directory traversal vulnerability exists in A.K.I Software's PMailServ ...) + TODO: check +CVE-2023-40160 (Directory traversal vulnerability exists in Mailing List Search CGI (p ...) + TODO: check +CVE-2023-39933 (Insufficient verification vulnerability exists in Broadcast Mail CGI ( ...) + TODO: check +CVE-2023-39223 (Stored cross-site scripting vulnerability exists in CGIs included in A ...) + TODO: check +CVE-2021-47157 (The Kossy module before 0.60 for Perl allows JSON hijacking because of ...) + TODO: check +CVE-2021-47156 (The Net::IPAddress::Util module before 5.000 for Perl does not properl ...) + TODO: check +CVE-2021-47155 (The Net::IPV4Addr module 0.10 for Perl does not properly consider extr ...) + TODO: check +CVE-2021-47154 (The Net::CIDR::Lite module before 0.22 for Perl does not properly cons ...) + TODO: check +CVE-2018-25099 (In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and c ...) + TODO: check CVE-2024-2566 (A vulnerability was found in Fujian Kelixin Communication Command and ...) NOT-FOR-US: Fujian Kelixin Communication Command and Dispatch Platform CVE-2024-2565 (A vulnerability was found in PandaXGO PandaX up to 20240310. It has be ...) @@ -6309,29 +6383,29 @@ CVE-2024-25124 (Fiber is a web framework written in go. Prior to version 2.52.1, NOT-FOR-US: Fiber CVE-2024-23654 (discourse-ai is the AI plugin for the open-source
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c993eb1f by security tracker role at 2024-03-17T20:12:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,41 @@ +CVE-2024-2566 (A vulnerability was found in Fujian Kelixin Communication Command and ...) + TODO: check +CVE-2024-2565 (A vulnerability was found in PandaXGO PandaX up to 20240310. It has be ...) + TODO: check +CVE-2024-2564 (A vulnerability was found in PandaXGO PandaX up to 20240310 and classi ...) + TODO: check +CVE-2024-2563 (A vulnerability has been found in PandaXGO PandaX up to 20240310 and c ...) + TODO: check +CVE-2024-2562 (A vulnerability, which was classified as critical, was found in PandaX ...) + TODO: check +CVE-2024-2561 (A vulnerability, which was classified as critical, has been found in 7 ...) + TODO: check +CVE-2024-2560 (A vulnerability classified as problematic was found in Tenda AC18 15.0 ...) + TODO: check +CVE-2024-2559 (A vulnerability classified as problematic has been found in Tenda AC18 ...) + TODO: check +CVE-2024-2558 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated ...) + TODO: check +CVE-2024-2557 (A vulnerability was found in kishor-23 Food Waste Management System 1. ...) + TODO: check +CVE-2024-27961 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27960 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27959 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27958 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27957 (Unrestricted Upload of File with Dangerous Type vulnerability in Pie R ...) + TODO: check +CVE-2024-25933 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-25903 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-25591 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-24867 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check CVE-2024-2556 (A vulnerability was found in SourceCodester Employee Task Management S ...) NOT-FOR-US: SourceCodester Employee Task Management System CVE-2024-2555 (A vulnerability was found in SourceCodester Employee Task Management S ...) @@ -64150,6 +64188,7 @@ CVE-2023-27535 (An authentication bypass vulnerability exists in libcurl <8.0.0 NOTE: Introduced by: https://github.com/curl/curl/commit/177dbc7be07125582ddb7416dba7140b88ab9f62 (curl-7_13_0) NOTE: Fixed by: https://github.com/curl/curl/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1 (curl-8_0_0) CVE-2023-27534 (A path traversal vulnerability exists in curl <8.0.0 SFTP implementati ...) + {DLA-3763-1} - curl 7.88.1-7 [bullseye] - curl 7.74.0-1.3+deb11u8 NOTE: https://curl.se/docs/CVE-2023-27534.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c993eb1f6201e587bfeba4a4050748fd13d94d07 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c993eb1f6201e587bfeba4a4050748fd13d94d07 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bc306969 by security tracker role at 2024-03-17T08:12:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,27 @@ +CVE-2024-2556 (A vulnerability was found in SourceCodester Employee Task Management S ...) + TODO: check +CVE-2024-2555 (A vulnerability was found in SourceCodester Employee Task Management S ...) + TODO: check +CVE-2024-2554 (A vulnerability has been found in SourceCodester Employee Task Managem ...) + TODO: check +CVE-2024-2553 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check +CVE-2024-2547 (A vulnerability was found in Tenda AC18 15.03.05.05 and classified as ...) + TODO: check +CVE-2024-2546 (A vulnerability has been found in Tenda AC18 15.13.07.09 and classifie ...) + TODO: check +CVE-2024-2535 (A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall ...) + TODO: check +CVE-2024-2534 (A vulnerability, which was classified as critical, was found in MAGESH ...) + TODO: check +CVE-2024-2533 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-2532 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...) + TODO: check +CVE-2024-2531 (A vulnerability classified as critical has been found in MAGESH-K21 On ...) + TODO: check +CVE-2024-2530 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) + TODO: check CVE-2024-2529 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2528 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc30696983bcac8039b51df8fd546260194a4794 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc30696983bcac8039b51df8fd546260194a4794 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e42d6681 by security tracker role at 2024-03-16T20:12:40+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,35 @@ +CVE-2024-2529 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) + TODO: check +CVE-2024-2528 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) + TODO: check +CVE-2024-2527 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) + TODO: check +CVE-2024-2526 (A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall ...) + TODO: check +CVE-2024-2525 (A vulnerability, which was classified as problematic, was found in MAG ...) + TODO: check +CVE-2024-2524 (A vulnerability, which was classified as critical, has been found in M ...) + TODO: check +CVE-2024-2523 (A vulnerability classified as problematic was found in MAGESH-K21 Onli ...) + TODO: check +CVE-2024-2522 (A vulnerability classified as critical has been found in MAGESH-K21 On ...) + TODO: check +CVE-2024-2521 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) + TODO: check +CVE-2024-2520 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) + TODO: check +CVE-2024-2519 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) + TODO: check +CVE-2024-2518 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) + TODO: check +CVE-2024-2517 (A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall ...) + TODO: check +CVE-2024-2516 (A vulnerability, which was classified as critical, was found in MAGESH ...) + TODO: check +CVE-2024-2515 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-1857 (The Ultimate Gift Cards for WooCommerce \u2013 Create, Redeem & Manage ...) + TODO: check CVE-2024-2467 [Crypt-OpenSSL-RSA vulnerable to the Marvin Attack] - libcrypt-openssl-rsa-perl (bug #1066969) [buster] - libcrypt-openssl-rsa-perl (Minor issue; side-channel timing attack) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e42d6681de4eea3ab6545ae0659cdc470c6e74ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e42d6681de4eea3ab6545ae0659cdc470c6e74ec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d52480e8 by security tracker role at 2024-03-16T08:12:04+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,97 +1,163 @@ -CVE-2021-47135 [mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report] +CVE-2024-2514 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...) + TODO: check +CVE-2024-2308 (The ElementInvader Addons for Elementor plugin for WordPress is vulner ...) + TODO: check +CVE-2024-2294 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...) + TODO: check +CVE-2024-2042 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-28862 (The Ruby One Time Password library (ROTP) is an open source library fo ...) + TODO: check +CVE-2024-28859 (Symfony1 is a community fork of symfony 1.4 with DIC, form enhancement ...) + TODO: check +CVE-2024-28640 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...) + TODO: check +CVE-2024-28639 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...) + TODO: check +CVE-2024-28070 (A vulnerability in the legacy chat component of Mitel MiContact Center ...) + TODO: check +CVE-2024-28069 (A vulnerability in the legacy chat component of Mitel MiContact Center ...) + TODO: check +CVE-2024-27197 (Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows ...) + TODO: check +CVE-2024-27195 (Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Waterm ...) + TODO: check +CVE-2024-27194 (Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Font ...) + TODO: check +CVE-2024-24845 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-24156 (Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github ...) + TODO: check +CVE-2024-23523 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-23298 (A logic issue was addressed with improved state management.) + TODO: check +CVE-2024-22513 (djangorestframework-simplejwt version 5.3.1 and before is vulnerable t ...) + TODO: check +CVE-2024-22259 (Applications that use UriComponentsBuilder in Spring Frameworkto parse ...) + TODO: check +CVE-2024-1733 (The Word Replacer Pro plugin for WordPress is vulnerable to unauthoriz ...) + TODO: check +CVE-2024-1685 (The Social Media Share Buttons plugin for WordPress is vulnerable to P ...) + TODO: check +CVE-2024-1239 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2023-6525 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2023-51521 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...) + TODO: check +CVE-2023-51512 (Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table b ...) + TODO: check +CVE-2023-51510 (Cross-Site Request Forgery (CSRF) vulnerability in Atlas Gondal Export ...) + TODO: check +CVE-2023-51491 (Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Sli ...) + TODO: check +CVE-2023-51489 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Cr ...) + TODO: check +CVE-2023-51487 (Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream ...) + TODO: check +CVE-2023-51486 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce ...) + TODO: check +CVE-2023-51474 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu TerraClass ...) + TODO: check +CVE-2023-51407 (Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Spl ...) + TODO: check +CVE-2023-36483 (An authorization bypass was discovered in the Carrier MASmobile Classi ...) + TODO: check +CVE-2021-47135 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d874e6c06952382897d35bf4094193cd44ae91bd (5.13-rc5) -CVE-2021-47134 [efi/fdt: fix panic when no valid fdt found] +CVE-2021-47134 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/668a84c1bfb2b3fd5a10847825a854d63fac7baa (5.13-rc5) -CVE-2021-47133 [HID: amd_sfh: Fix memory leak in amd_sfh_work] +CVE-2021-47133 (In the Linux kernel, the following vulnerability has been resolved: H ...) - linux (Vulnerable code not present) NOTE:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad06b912 by security tracker role at 2024-03-15T20:12:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,141 @@ +CVE-2024-2537 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...) + TODO: check +CVE-2024-2497 (A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified ...) + TODO: check +CVE-2024-2495 (Cryptographic key vulnerability encoded in the FriendlyWrt firmware af ...) + TODO: check +CVE-2024-2490 (A vulnerability classified as critical was found in Tenda AC18 15.03.0 ...) + TODO: check +CVE-2024-2489 (A vulnerability classified as critical has been found in Tenda AC18 15 ...) + TODO: check +CVE-2024-2488 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated ...) + TODO: check +CVE-2024-2487 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been decla ...) + TODO: check +CVE-2024-2450 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x bef ...) + TODO: check +CVE-2024-2446 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x bef ...) + TODO: check +CVE-2024-2445 (Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x ...) + TODO: check +CVE-2024-28854 (tls-listener is a rust lang wrapper around a connection listener to su ...) + TODO: check +CVE-2024-28851 (The Snowflake Hive metastore connector provides an easy way to query H ...) + TODO: check +CVE-2024-28848 (OpenMetadata is a unified platform for discovery, observability, and g ...) + TODO: check +CVE-2024-28847 (OpenMetadata is a unified platform for discovery, observability, and g ...) + TODO: check +CVE-2024-28404 (TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-s ...) + TODO: check +CVE-2024-28403 (TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Si ...) + TODO: check +CVE-2024-28401 (TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-si ...) + TODO: check +CVE-2024-28319 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out ...) + TODO: check +CVE-2024-28318 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out ...) + TODO: check +CVE-2024-28255 (OpenMetadata is a unified platform for discovery, observability, and g ...) + TODO: check +CVE-2024-28254 (OpenMetadata is a unified platform for discovery, observability, and g ...) + TODO: check +CVE-2024-28253 (OpenMetadata is a unified platform for discovery, observability, and g ...) + TODO: check +CVE-2024-28252 (CoreWCF is a port of the service side of Windows Communication Foundat ...) + TODO: check +CVE-2024-28242 (Discourse is an open source platform for community discussion. In affe ...) + TODO: check +CVE-2024-28053 (Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 ...) + TODO: check +CVE-2024-27987 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27920 (projectdiscovery/nuclei is a fast and customisable vulnerability scann ...) + TODO: check +CVE-2024-27196 (Cross Site Scripting (XSS) vulnerability in Joel Starnes postMash \u20 ...) + TODO: check +CVE-2024-27193 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27192 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27189 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27100 (Discourse is an open source platform for community discussion. In affe ...) + TODO: check +CVE-2024-27085 (Discourse is an open source platform for community discussion. In affe ...) + TODO: check +CVE-2024-25936 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-25934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-25921 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-25919 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-25916 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-25598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-25597 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-25596 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 39cbb059 by security tracker role at 2024-03-15T08:11:37+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,73 @@ +CVE-2024-2486 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been class ...) + TODO: check +CVE-2024-2485 (A vulnerability was found in Tenda AC18 15.03.05.05 and classified as ...) + TODO: check +CVE-2024-2483 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-2482 (A vulnerability has been found in Surya2Developer Hostel Management Se ...) + TODO: check +CVE-2024-2481 (A vulnerability, which was classified as critical, was found in Surya2 ...) + TODO: check +CVE-2024-2480 (A vulnerability classified as critical was found in MHA Sistemas arMHA ...) + TODO: check +CVE-2024-2479 (A vulnerability classified as problematic has been found in MHA Sistem ...) + TODO: check +CVE-2024-2478 (A vulnerability was found in BradWenqiang HR 2.0. It has been rated as ...) + TODO: check +CVE-2024-2399 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-2256 (The oik plugin for WordPress is vulnerable to Stored Cross-Site Script ...) + TODO: check +CVE-2024-2249 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) + TODO: check +CVE-2024-2204 (Zemana AntiLogger v2.74.204.664 is vulnerable to a Denial of Service ( ...) + TODO: check +CVE-2024-2180 (Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information ...) + TODO: check +CVE-2024-28354 (There is a command injection vulnerability in the TRENDnet TEW-827DRU ...) + TODO: check +CVE-2024-28353 (There is a command injection vulnerability in the TRENDnet TEW-827DRU ...) + TODO: check +CVE-2024-27756 (An issue in GLPI v.10.0.12 and before allows a remote attacker to exec ...) + TODO: check +CVE-2024-26540 (A heap-based buffer overflow in Clmg before 3.3.3 can occur via a craf ...) + TODO: check +CVE-2024-26503 (Unrestricted File Upload vulnerability in Greek Universities Network O ...) + TODO: check +CVE-2024-26475 (An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5 ...) + TODO: check +CVE-2024-26454 (A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7 ...) + TODO: check +CVE-2024-26246 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) + TODO: check +CVE-2024-26163 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) + TODO: check +CVE-2024-25227 (SQL Injection vulnerability in ABO.CMS version 5.8, allows remote atta ...) + TODO: check +CVE-2024-1917 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) + TODO: check +CVE-2024-1916 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) + TODO: check +CVE-2024-1915 (Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corpora ...) + TODO: check +CVE-2024-1853 (Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process ...) + TODO: check +CVE-2024-1796 (The HUSKY \u2013 Products Filter for WooCommerce Professional plugin f ...) + TODO: check +CVE-2024-1795 (The HUSKY \u2013 Products Filter for WooCommerce Professional plugin f ...) + TODO: check +CVE-2024-1713 (A user who can create objects in a database with plv8 3.2.1 installed ...) + TODO: check +CVE-2024-0860 (The affected product is vulnerable to a cleartext transmission of sens ...) + TODO: check +CVE-2024-0803 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) + TODO: check +CVE-2024-0802 (Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corpora ...) + TODO: check +CVE-2023-50677 (An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attac ...) + TODO: check +CVE-2023-42286 (There is a PHP file inclusion vulnerability in the template configurat ...) + TODO: check CVE-2024-28054 - amavisd-new 1:2.13.0-5 [bookworm] - amavisd-new (Minor issue; will be fixed via point release) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39cbb05978b0cbe9d5df4be5f4f3dfcc5a7cf49f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39cbb05978b0cbe9d5df4be5f4f3dfcc5a7cf49f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0dcb2655 by security tracker role at 2024-03-14T20:12:38+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,65 @@ +CVE-2024-2438 + REJECTED +CVE-2024-2437 + REJECTED +CVE-2024-28849 (follow-redirects is an open source, drop-in replacement for Node's `ht ...) + TODO: check +CVE-2024-28425 (greykite v1.0.0 was discovered to contain an arbitrary file upload vul ...) + TODO: check +CVE-2024-28424 (zenml v0.55.4 was discovered to contain an arbitrary file upload vulne ...) + TODO: check +CVE-2024-28423 (Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file up ...) + TODO: check +CVE-2024-28418 (Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition ...) + TODO: check +CVE-2024-28417 (Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/ ...) + TODO: check +CVE-2024-28383 (Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflo ...) + TODO: check +CVE-2024-28323 (The bwdates-report-result.php file in Phpgurukul User Registration & L ...) + TODO: check +CVE-2024-28181 (turbo_boost-commands is a set of commands to help you build robust rea ...) + TODO: check +CVE-2024-27986 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-27301 (Support App is an opensource application specialized in managing Apple ...) + TODO: check +CVE-2024-27266 (IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External ...) + TODO: check +CVE-2024-27265 (IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cr ...) + TODO: check +CVE-2024-25156 (A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 ...) + TODO: check +CVE-2024-25139 (In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary ...) + TODO: check +CVE-2024-24770 (vantage6 is an open source framework built to enable, manage and deplo ...) + TODO: check +CVE-2024-24562 (vantage6-UI is the official user interface for the vantage6 server. In ...) + TODO: check +CVE-2024-23823 (vantage6 is an open source framework built to enable, manage and deplo ...) + TODO: check +CVE-2024-22346 (Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a loca ...) + TODO: check +CVE-2024-1998 + REJECTED +CVE-2024-1623 (Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone ...) + TODO: check +CVE-2024-0313 (A malicious insider exploiting this vulnerability can circumvent exist ...) + TODO: check +CVE-2024-0312 (A malicious insider can uninstall Skyhigh Client Proxy without a valid ...) + TODO: check +CVE-2024-0311 (A malicious insider can bypass the existing policy of Skyhigh Client P ...) + TODO: check +CVE-2023-50168 (Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF G ...) + TODO: check +CVE-2023-42938 (A logic issue was addressed with improved checks. This issue is fixed ...) + TODO: check +CVE-2023-35191 (Uncontrolled resource consumption for some Intel(R) SPS firmware versi ...) + TODO: check +CVE-2023-32633 (Improper input validation in the Intel(R) CSME installer software befo ...) + TODO: check +CVE-2023-28389 (Incorrect default permissions in some Intel(R) CSME installer software ...) + TODO: check CVE-2024-25395 NOT-FOR-US: RT-Thread CVE-2024-25394 @@ -18,7 +80,7 @@ CVE-2024-24335 NOT-FOR-US: RT-Thread CVE-2024-24334 NOT-FOR-US: RT-Thread -CVE-2024-28746 +CVE-2024-28746 (Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that ...) - airflow (bug #819700) CVE-2024-2242 (The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cro ...) NOT-FOR-US: WordPress plugin @@ -120,7 +182,7 @@ CVE-2024-2286 (The Sky Addons for Elementor (Free Templates Library, Live Copy, NOT-FOR-US: WordPress plugin CVE-2024-2252 (The Droit Elementor Addons \u2013 Widgets, Blocks, Templates Library F ...) NOT-FOR-US: WordPress plugin -CVE-2024-2247 (JFrog Artifactory versions below 7.77.7, are vulnerable to DOM-based c ...) +CVE-2024-2247 (JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM ...) NOT-FOR-US: JFrog Artifactory CVE-2024-2239 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin @@ -862,31 +924,31 @@ CVE-2024-2182 (A flaw was found in the Open Virtual Network (OVN). In OVN cluste [bookworm] - ovn (Minor issue) NOTE: https://bugs.launchpad.net/bugs/2053113 NOTE: https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 21838b5e by security tracker role at 2024-03-14T08:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,81 @@ +CVE-2024-2242 (The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cro ...) + TODO: check +CVE-2024-2079 (The WPBakery Page Builder Addons by Livemesh plugin for WordPress is v ...) + TODO: check +CVE-2024-28662 (A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 sc ...) + TODO: check +CVE-2024-28391 (SQL injection vulnerability in FME Modules quickproducttable module fo ...) + TODO: check +CVE-2024-28390 (An issue in Advanced Plugins ultimateimagetool module for PrestaShop b ...) + TODO: check +CVE-2024-28388 (SQL injection vulnerability in SunnyToo stproductcomments module for P ...) + TODO: check +CVE-2024-28251 (Querybook is a Big Data Querying UI, combining collocated table metada ...) + TODO: check +CVE-2024-28193 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) + TODO: check +CVE-2024-28192 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) + TODO: check +CVE-2024-28175 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + TODO: check +CVE-2024-27703 (Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote a ...) + TODO: check +CVE-2024-27102 (Wings is the server control plane for Pterodactyl Panel. This vulnerab ...) + TODO: check +CVE-2024-27097 (A user endpoint didn't perform filtering on an incoming parameter, whi ...) + TODO: check +CVE-2024-25653 (Broken Access Control in the Report functionality of Delinea PAM Secre ...) + TODO: check +CVE-2024-25652 (In Delinea PAM Secret Server 11.4, it is possible for a user (with acc ...) + TODO: check +CVE-2024-25651 (User enumeration can occur in the Authentication REST API in Delinea P ...) + TODO: check +CVE-2024-25650 (Insecure key exchange between Delinea PAM Secret Server 11.4 and the D ...) + TODO: check +CVE-2024-25649 (In Delinea PAM Secret Server 11.4, it is possible for an attacker (wit ...) + TODO: check +CVE-2024-25250 (SQL Injection vulnerability in code-projects Agro-School Management Sy ...) + TODO: check +CVE-2024-25228 (Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authentic ...) + TODO: check +CVE-2024-24105 (SQL Injection vulnerability in Code-projects Computer Science Time Tab ...) + TODO: check +CVE-2024-22398 (An improper Limitation of a Pathname to a Restricted Directory (Path T ...) + TODO: check +CVE-2024-22397 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-22396 (An Integer-based buffer overflow vulnerability in the SonicOS via IPSe ...) + TODO: check +CVE-2024-22167 (A potential DLL hijacking vulnerability in the SanDisk PrivateAccess a ...) + TODO: check +CVE-2024-1884 (This is a Server-Side Request Forgery (SSRF) vulnerability in the Pape ...) + TODO: check +CVE-2024-1883 (This is a reflected cross site scripting vulnerability in the PaperCut ...) + TODO: check +CVE-2024-1882 (This vulnerability allows an already authenticated admin user to creat ...) + TODO: check +CVE-2024-1654 (This vulnerability potentially allows unauthorized write operations wh ...) + TODO: check +CVE-2024-1223 (This vulnerability potentially allows unauthorized enumeration of info ...) + TODO: check +CVE-2024-1222 (This allows attackers to use a maliciously formed API request to gain ...) + TODO: check +CVE-2024-1221 (This vulnerability potentially allows files on a PaperCut NG/MF server ...) + TODO: check +CVE-2023-50726 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + TODO: check +CVE-2023-41505 (An arbitrary file upload vulnerability in the Add Student's Profile Pi ...) + TODO: check +CVE-2023-41504 (SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows at ...) + TODO: check +CVE-2023-38536 (HTML injection inOpenText\u2122Exceed Turbo X affecting version 12.5.1 ...) + TODO: check +CVE-2023-38535 (Use of Hard-coded Cryptographic Key vulnerability inOpenText\u2122Exce ...) + TODO: check +CVE-2023-38534 (Improper authentication vulnerability inOpenText\u2122Exceed Turbo X a ...) + TODO: check +CVE-2023-36238 (Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an a ...) + TODO: check CVE-2024-2433 (An improper authorization vulnerability in Palo Alto Networks Panorama ...) NOT-FOR-US: Palo Alto Networks CVE-2024-2432 (A privilege escalation (PE) vulnerability in the Palo Alto
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a18b60e5 by security tracker role at 2024-03-13T20:11:58+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,383 @@ +CVE-2024-2433 (An improper authorization vulnerability in Palo Alto Networks Panorama ...) + TODO: check +CVE-2024-2432 (A privilege escalation (PE) vulnerability in the Palo Alto Networks Gl ...) + TODO: check +CVE-2024-2431 (An issue in the Palo Alto Networks GlobalProtect app enables a non-pri ...) + TODO: check +CVE-2024-2418 (A vulnerability was found in SourceCodester Best POS Management System ...) + TODO: check +CVE-2024-2416 (Cross-Site Request Forgery vulnerability in Movistar's 4G router affec ...) + TODO: check +CVE-2024-2415 (Command injection vulnerability in Movistar 4G router affecting versio ...) + TODO: check +CVE-2024-2414 (The primary channel is unprotected on Movistar 4G router affecting E v ...) + TODO: check +CVE-2024-2403 (Improper cleanup in temporary file handling component in Devolutions R ...) + TODO: check +CVE-2024-2293 (The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check +CVE-2024-2286 (The Sky Addons for Elementor (Free Templates Library, Live Copy, Anima ...) + TODO: check +CVE-2024-2252 (The Droit Elementor Addons \u2013 Widgets, Blocks, Templates Library F ...) + TODO: check +CVE-2024-2247 (JFrog Artifactory versions below 7.77.7, are vulnerable to DOM-based c ...) + TODO: check +CVE-2024-2239 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-2238 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-2237 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-2194 (The WP Statistics plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-2172 (The Malware Scanner plugin and the Web Application Firewall plugin for ...) + TODO: check +CVE-2024-2126 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...) + TODO: check +CVE-2024-2123 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...) + TODO: check +CVE-2024-2106 (The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Edu ...) + TODO: check +CVE-2024-2030 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...) + TODO: check +CVE-2024-2028 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-2020 (The Calculated Fields Form plugin for WordPress is vulnerable to Store ...) + TODO: check +CVE-2024-2006 (The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Guten ...) + TODO: check +CVE-2024-2000 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-28684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28683 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) + TODO: check +CVE-2024-28682 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28681 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28680 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28679 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) + TODO: check +CVE-2024-28678 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28677 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28676 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) + TODO: check +CVE-2024-28675 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28673 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28672 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28671 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28670 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28669 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-28668 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f607e06c by security tracker role at 2024-03-13T08:11:43+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,79 @@ +CVE-2024-2413 (Intumit SmartRobot uses a fixed encryption key for authentication. Rem ...) + TODO: check +CVE-2024-2412 (The disabling function of the user registration page for Heimavista Rp ...) + TODO: check +CVE-2024-2406 (A vulnerability, which was classified as critical, was found in Gacjie ...) + TODO: check +CVE-2024-2400 (Use after free in Performance Manager in Google Chrome prior to 122.0. ...) + TODO: check +CVE-2024-2395 (The Bulgarisation for WooCommerce plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-2107 (The Blossom Spa theme for WordPress is vulnerable to Sensitive Informa ...) + TODO: check +CVE-2024-28623 (RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) ...) + TODO: check +CVE-2024-28239 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2024-28238 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2024-28236 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...) + TODO: check +CVE-2024-27440 (The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyok ...) + TODO: check +CVE-2024-27305 (aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on ...) + TODO: check +CVE-2024-26529 (An issue in mz-automation libiec61850 v.1.5.3 and before, allows a rem ...) + TODO: check +CVE-2024-24101 (Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Inject ...) + TODO: check +CVE-2024-24097 (Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tra ...) + TODO: check +CVE-2024-24093 (SQL Injection vulnerability in Code-projects Scholars Tracking System ...) + TODO: check +CVE-2024-24092 (SQL Injection vulnerability in Code-projects.org Scholars Tracking Sys ...) + TODO: check +CVE-2024-23300 (A use-after-free issue was addressed with improved memory management. ...) + TODO: check +CVE-2024-1582 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) + TODO: check +CVE-2024-1503 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) + TODO: check +CVE-2024-1502 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) + TODO: check +CVE-2024-1450 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-1421 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) + TODO: check +CVE-2024-1397 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) + TODO: check +CVE-2024-1326 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-1278 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) + TODO: check +CVE-2024-1214 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) + TODO: check +CVE-2024-1213 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) + TODO: check +CVE-2024-0966 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-0386 (The weForms plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) + TODO: check +CVE-2023-7072 (The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress i ...) + TODO: check +CVE-2023-6500 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2023-4839 (The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Script ...) + TODO: check +CVE-2023-43292 (Cross Site Scripting vulnerability in My Food Recipe Using PHP with So ...) + TODO: check +CVE-2023-43279 (Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcprepla ...) + TODO: check +CVE-2023-42308 (Cross Site Scripting (XSS) vulnerability in Manage Fastrack Subjects i ...) + TODO: check +CVE-2023-42307 (Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Su ...) + TODO: check +CVE-2015-10130 (The Team Circle Image Slider With Lightbox plugin for WordPress is vul ...) + TODO: check CVE-2024-2394 (A vulnerability was found in SourceCodester Employee Management System ...) NOT-FOR-US: SourceCodester Employee Management System CVE-2024-2393 (A vulnerability was found in SourceCodester CRUD without Page Reload 1 ...) @@ -5140,11 +5216,11 @@ CVE-2024-23125 (A maliciously crafted SLDPRT file when parsed
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 64d81e4b by security tracker role at 2024-03-12T20:12:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,280 @@ -CVE-2024-2182 [Fix insufficient validation of incoming BFD packets] +CVE-2024-2394 (A vulnerability was found in SourceCodester Employee Management System ...) + TODO: check +CVE-2024-2393 (A vulnerability was found in SourceCodester CRUD without Page Reload 1 ...) + TODO: check +CVE-2024-2391 (A vulnerability was found in EVE-NG 5.0.1-13 and classified as problem ...) + TODO: check +CVE-2024-2371 (Information exposure vulnerability in Korenix JetI/O 6550 affecting fi ...) + TODO: check +CVE-2024-2130 (The CWW Companion plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-2049 (Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium E ...) + TODO: check +CVE-2024-2031 (The Video Conferencing with Zoom plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-28553 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entr ...) + TODO: check +CVE-2024-28535 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitI ...) + TODO: check +CVE-2024-28340 (An information leak in the currentsetting.htm component of Netgear CBR ...) + TODO: check +CVE-2024-28339 (An information leak in the debuginfo.htm component of Netgear CBR40 2. ...) + TODO: check +CVE-2024-28338 (A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attacke ...) + TODO: check +CVE-2024-28186 (FreeScout is an open source help desk and shared inbox built with PHP. ...) + TODO: check +CVE-2024-28121 (stimulus_reflex is a system to extend the capabilities of both Rails a ...) + TODO: check +CVE-2024-28114 (Peering Manager is a BGP session management tool. There is a Server Si ...) + TODO: check +CVE-2024-28113 (Peering Manager is a BGP session management tool. In Peering Manager < ...) + TODO: check +CVE-2024-28112 (Peering Manager is a BGP session management tool. Affected versions of ...) + TODO: check +CVE-2024-28098 (The vulnerability allows authenticated users with only produce or cons ...) + TODO: check +CVE-2024-27907 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + TODO: check +CVE-2024-27894 (The Pulsar Functions Worker includes a capability that permits authent ...) + TODO: check +CVE-2024-27758 (In RPyC before 6.0.0, when a server exposes a method that calls the at ...) + TODO: check +CVE-2024-27317 (In Pulsar Functions Worker, authenticated users can upload functions i ...) + TODO: check +CVE-2024-27279 (Directory traversal vulnerability exists in a-blog cms Ver.3.1.x serie ...) + TODO: check +CVE-2024-27135 (Improper input validation in the Pulsar Function Worker allows a malic ...) + TODO: check +CVE-2024-26288 (An unauthenticated remote attacker can influence the communication due ...) + TODO: check +CVE-2024-26204 (Outlook for Android Information Disclosure Vulnerability) + TODO: check +CVE-2024-26203 (Azure Data Studio Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-26201 (Microsoft Intune Linux Agent Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-26199 (Microsoft Office Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-26198 (Microsoft Exchange Server Remote Code Execution Vulnerability) + TODO: check +CVE-2024-26197 (Windows Standards-Based Storage Management Service Denial of Service V ...) + TODO: check +CVE-2024-26190 (Microsoft QUIC Denial of Service Vulnerability) + TODO: check +CVE-2024-26185 (Windows Compressed Folder Tampering Vulnerability) + TODO: check +CVE-2024-26182 (Windows Kernel Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-26181 (Windows Kernel Denial of Service Vulnerability) + TODO: check +CVE-2024-26178 (Windows Kernel Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-26177 (Windows Kernel Information Disclosure Vulnerability) + TODO: check +CVE-2024-26176 (Windows Kernel Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-26174 (Windows Kernel Information Disclosure Vulnerability) + TODO: check +CVE-2024-26173 (Windows Kernel Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-26170 (Windows Composite Image File System (CimFS) Elevation of Privilege Vul ...) + TODO: check +CVE-2024-26169 (Windows Error Reporting Service Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-26166 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f00c9e65 by security tracker role at 2024-03-12T08:11:42+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,53 @@ +CVE-2024-28199 (phlex is an open source framework for building object-oriented views i ...) + TODO: check +CVE-2024-28163 (Under certain conditions, Support Web Pages of SAP NetWeaver Process I ...) + TODO: check +CVE-2024-28120 (codeium-chrome is an open source code completion plugin for the chrome ...) + TODO: check +CVE-2024-27938 (Postal is an open source SMTP server. Postal versions less than 3.0.0 ...) + TODO: check +CVE-2024-27902 (Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - vers ...) + TODO: check +CVE-2024-27900 (Due to missing authorization check, attacker with business user accoun ...) + TODO: check +CVE-2024-27297 (Nix is a package manager for Linux and other Unix systems. A fixed-out ...) + TODO: check +CVE-2024-27121 (Path traversal vulnerability exists in Machine Automation Controller N ...) + TODO: check +CVE-2024-26521 (HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows ...) + TODO: check +CVE-2024-25854 (Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance M ...) + TODO: check +CVE-2024-25645 (Under certain conditionSAPNetWeaver (Enterprise Portal) - version 7.50 ...) + TODO: check +CVE-2024-25644 (Under certain conditions SAP NetWeaverWSRM- version 7.50, allows an at ...) + TODO: check +CVE-2024-25331 (DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.0 ...) + TODO: check +CVE-2024-25325 (SQL injection vulnerability in Employee Management System v.1.0 allows ...) + TODO: check +CVE-2024-25114 (Collabora Online is a collaborative online office suite based on Libre ...) + TODO: check +CVE-2024-24964 (Improper access control vulnerability exists in the resident process o ...) + TODO: check +CVE-2024-22133 (SAP Fiori Front End Server - version 605, allows altering of approver ...) + TODO: check +CVE-2024-22127 (SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) ...) + TODO: check +CVE-2024-21805 (Improper access control vulnerability exists in the specific folder of ...) + TODO: check +CVE-2024-21584 (Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulner ...) + TODO: check +CVE-2024-1645 (The Mollie Forms plugin for WordPress is vulnerable to unauthorized ac ...) + TODO: check +CVE-2024-1400 (The Mollie Forms plugin for WordPress is vulnerable to unauthorized po ...) + TODO: check +CVE-2023-6814 (Insertion of Sensitive Information into Log File vulnerability in Hita ...) + TODO: check +CVE-2023-49785 (NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat use ...) + TODO: check +CVE-2023-49453 (Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22 ...) + TODO: check CVE-2024-2370 (Unrestricted file upload vulnerability in ManageEngine Desktop Central ...) NOT-FOR-US: ManageEngine CVE-2024-2357 (The Libreswan Project was notified of an issue causing libreswan to re ...) @@ -86769,8 +86819,8 @@ CVE-2022-46072 (Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Inj NOT-FOR-US: Helmet Store Showroom CVE-2022-46071 (There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Log ...) NOT-FOR-US: Helmet Store Showroom -CVE-2022-46070 - RESERVED +CVE-2022-46070 (GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in ...) + TODO: check CVE-2022-46069 RESERVED CVE-2022-46068 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f00c9e65c93941048b7e879cdd673c45230e2136 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f00c9e65c93941048b7e879cdd673c45230e2136 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a62e084f by security tracker role at 2024-03-11T20:11:44+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,163 @@ +CVE-2024-2370 (Unrestricted file upload vulnerability in ManageEngine Desktop Central ...) + TODO: check +CVE-2024-2357 (The Libreswan Project was notified of an issue causing libreswan to re ...) + TODO: check +CVE-2024-28198 (OpenOlat is an open source web-based e-learning platform for teaching, ...) + TODO: check +CVE-2024-28197 (Zitadel is an open source identity management system. Zitadel uses a c ...) + TODO: check +CVE-2024-28187 (SOY CMS is an open source CMS (content management system) that allows ...) + TODO: check +CVE-2024-27237 (In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size c ...) + TODO: check +CVE-2024-27236 (In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption ...) + TODO: check +CVE-2024-27235 (In plugin_extern_func of TBD, there is a possible out of bounds read d ...) + TODO: check +CVE-2024-27234 (In fvp_set_target of fvp.c, there is a possible out of bounds read due ...) + TODO: check +CVE-2024-27233 (In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission byp ...) + TODO: check +CVE-2024-27230 (In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cp ...) + TODO: check +CVE-2024-27229 (In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a ...) + TODO: check +CVE-2024-27228 (In TBD of TBD, there is a possible out of bounds write due to a heap b ...) + TODO: check +CVE-2024-27227 (Android kernel allows Remote code execution.) + TODO: check +CVE-2024-27226 (In tmu_config_gov_params of TBD, there is a possible out of bounds wri ...) + TODO: check +CVE-2024-27225 (In sendHciCommand of bluetooth_hci.cc, there is a possible out of boun ...) + TODO: check +CVE-2024-27224 (In strncpy of strncpy.c, there is a possible out of bounds write due t ...) + TODO: check +CVE-2024-27223 (In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, ...) + TODO: check +CVE-2024-27222 (In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible w ...) + TODO: check +CVE-2024-27221 (In update_policy_data of TBD, there is a possible out of bounds write ...) + TODO: check +CVE-2024-27220 (In lpm_req_handler of TBD, there is a possible out of bounds memory ac ...) + TODO: check +CVE-2024-27219 (In tmu_set_pi of tmu.c, there is a possible out of bounds write due to ...) + TODO: check +CVE-2024-27218 (In update_freq_data of TBD, there is a possible out of bounds read due ...) + TODO: check +CVE-2024-27213 (In BroadcastSystemMessage of servicemgr.cpp, there is a possible Remot ...) + TODO: check +CVE-2024-27212 (In init_data of TBD, there is a possible out of bounds write due to a ...) + TODO: check +CVE-2024-27211 (In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write du ...) + TODO: check +CVE-2024-27210 (In policy_check of fvp.c, there is a possible out of bounds write due ...) + TODO: check +CVE-2024-27209 (In TBD of TBD, there is a possible out of bounds write due to a heap b ...) + TODO: check +CVE-2024-27208 (In TBD of TBD, there is a possible out of bounds write due to a missin ...) + TODO: check +CVE-2024-27207 (Android kernel allows Elevation of privilege.) + TODO: check +CVE-2024-27206 (In tbd of tbd, there is a possible out of bounds read due to a missing ...) + TODO: check +CVE-2024-27205 (In tbd of tbd, there is a possible memory corruption due to a use afte ...) + TODO: check +CVE-2024-27204 (In tmu_set_gov_active of tmu.c, there is a possible out of bounds writ ...) + TODO: check +CVE-2024-25993 (In tmu_reset_tmu_trip_counter of TBD, there is a possible out of bound ...) + TODO: check +CVE-2024-25992 (In tmu_tz_control of tmu.c, there is a possible out of bounds read due ...) + TODO: check +CVE-2024-25991 (In acpm_tmu_ipc_handler of tmu_plugin.c, there is a possible out of bo ...) + TODO: check +CVE-2024-25990 (In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, th ...) + TODO: check +CVE-2024-25989 (In gpu_slc_liveness_update of pixel_gpu_slc.c, there is a possible out ...) + TODO: check +CVE-2024-25988 (In SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c, there is a possibl ...) + TODO: check +CVE-2024-25987 (In pt_sysctl_command of pt.c, there is a possible out of bounds write ...) + TODO: check +CVE-2024-25986 (In ppmp_unprotect_buf of drm_fw.c, there is a possible compromise of p ...) + TODO: check +CVE-2024-25985 (In
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fce54319 by security tracker role at 2024-03-11T08:11:50+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2024-2365 (A vulnerability classified as problematic was found in Musicshelf 1.0/ ...) + TODO: check +CVE-2024-2364 (A vulnerability classified as problematic has been found in Musicshelf ...) + TODO: check +CVE-2024-2363 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM T ...) + TODO: check +CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load them ...) + TODO: check +CVE-2024-2313 (If kernel headers need to be extracted, bpftrace will attempt to load ...) + TODO: check +CVE-2024-2184 (Buffer overflow in identifier field of WSD probe request process of Sm ...) + TODO: check +CVE-2024-28823 (Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 a ...) + TODO: check +CVE-2024-28816 (Student Information Chatbot a0196ab allows SQL injection via the usern ...) + TODO: check CVE-2024-2355 (A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project ...) NOT-FOR-US: keerti1924 Secret-Coder-PHP-Project CVE-2024-2354 (A vulnerability, which was classified as problematic, was found in Dre ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fce54319cc02f346557fa79dcb163c8d2a704600 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fce54319cc02f346557fa79dcb163c8d2a704600 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9d71cfe5 by security tracker role at 2024-03-10T20:12:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-2355 (A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project ...) + TODO: check +CVE-2024-2354 (A vulnerability, which was classified as problematic, was found in Dre ...) + TODO: check CVE-2024-2353 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Totolink CVE-2024-2352 (A vulnerability, which was classified as critical, has been found in 1 ...) @@ -7601,7 +7605,7 @@ CVE-2024-25146 (Liferay Portal 7.2.0 through 7.4.1, and older unsupported versio CVE-2024-25144 (The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older ...) NOT-FOR-US: Liferay Portal CVE-2024-24806 (libuv is a multi-platform support library with a focus on asynchronous ...) - {DLA-3752-1} + {DSA-5638-1 DLA-3752-1} - libuv1 1.48.0-1 (bug #1063484) NOTE: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 NOTE: Introduced by: https://github.com/libuv/libuv/commit/6dd44caa35b4697d7e8c1b9fa0ba8e95d73355de (v1.24.0) @@ -10788,6 +10792,7 @@ CVE-2024-0744 (In some circumstances, JIT compiled code could have dereferenced - firefox 122.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0744 CVE-2024-0743 (An unchecked return value in TLS handshake code could have caused a po ...) + {DLA-3757-1} - firefox 122.0-1 - nss 2:3.96.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0743 @@ -27493,6 +27498,7 @@ CVE-2023-39333 NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#code-injection-via-webassembly-export-names-low---cve-2023-39333 NOTE: https://github.com/nodejs/node/commit/eaf9083cf1e43bd897ac8244dcc0f4e3500150ca CVE-2023-5388 + {DLA-3757-1} - nss 2:3.98-1 (bug #1056284) [bookworm] - nss (Minor issue) [bullseye] - nss (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d71cfe56a5fd8e600a1a4319c02f3fe50e2d6e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d71cfe56a5fd8e600a1a4319c02f3fe50e2d6e1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 970c9078 by security tracker role at 2024-03-10T08:11:50+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,12 @@ -CVE-2024-28757 +CVE-2024-2353 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-2352 (A vulnerability, which was classified as critical, has been found in 1 ...) + TODO: check +CVE-2024-2351 (A vulnerability classified as critical was found in CodeAstro Ecommerc ...) + TODO: check +CVE-2024-27698 + REJECTED +CVE-2024-28757 (libexpat through 2.6.1 allows an XML Entity Expansion attack when ther ...) - expat NOTE: https://github.com/libexpat/libexpat/pull/842 NOTE: https://github.com/libexpat/libexpat/issues/839 @@ -19257,6 +19265,7 @@ CVE-2023-6356 (A flaw was found in the Linux kernel's NVMe driver. This issue ma - linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254054 CVE-2023-39804 [Incorrectly handled extension attributes in PAX archives can lead to a crash] + {DLA-3755-1} - tar 1.34+dfsg-1.3 (bug #1058079) [bookworm] - tar 1.34+dfsg-1.2+deb12u1 [bullseye] - tar 1.34+dfsg-1+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/970c907868aebcca148fa18ac9aad0aee5fac07b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/970c907868aebcca148fa18ac9aad0aee5fac07b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: df0fe32c by security tracker role at 2024-03-09T20:12:07+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2024-2333 (A vulnerability classified as critical has been found in CodeAstro Mem ...) + TODO: check +CVE-2024-2332 (A vulnerability was found in SourceCodester Online Mobile Management S ...) + TODO: check +CVE-2024-2331 (A vulnerability was found in SourceCodester Tourist Reservation System ...) + TODO: check +CVE-2024-2330 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) + TODO: check +CVE-2024-1870 (The Colibri Page Builder plugin for WordPress is vulnerable to unautho ...) + TODO: check CVE-2024-2329 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-28754 (RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to ca ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0fe32c6a9af59bed15000d35598f9171f2e1d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0fe32c6a9af59bed15000d35598f9171f2e1d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7410c41d by security tracker role at 2024-03-09T08:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,47 @@ +CVE-2024-2329 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) + TODO: check +CVE-2024-28754 (RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to ca ...) + TODO: check +CVE-2024-28753 (RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to re ...) + TODO: check +CVE-2024-28184 (WeasyPrint helps web developers to create PDF documents. Since version ...) + TODO: check +CVE-2024-28180 (Package jose aims to provide an implementation of the Javascript Objec ...) + TODO: check +CVE-2024-28176 (jose is JavaScript module for JSON Object Signing and Encryption, prov ...) + TODO: check +CVE-2024-28123 (Wasmi is an efficient and lightweight WebAssembly interpreter with a f ...) + TODO: check +CVE-2024-28122 (JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherw ...) + TODO: check +CVE-2024-28089 (Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote att ...) + TODO: check +CVE-2024-25951 (A command injection vulnerability exists in local RACADM. A malicious ...) + TODO: check +CVE-2024-25501 (An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker t ...) + TODO: check +CVE-2024-1767 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...) + TODO: check +CVE-2024-1320 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) + TODO: check +CVE-2024-1125 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) + TODO: check +CVE-2024-1124 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) + TODO: check +CVE-2024-1123 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) + TODO: check +CVE-2023-50015 (An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0 ...) + TODO: check +CVE-2023-49341 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk versi ...) + TODO: check +CVE-2023-49340 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk versi ...) + TODO: check +CVE-2023-46427 (An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-mast ...) + TODO: check +CVE-2023-46426 (Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev58 ...) + TODO: check +CVE-2023-32264 (CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16. ...) + TODO: check CVE-2024-2339 (PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a use ...) NOT-FOR-US: PostgreSQL Anonymizer CVE-2024-2338 (PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that ...) @@ -2369,7 +2413,7 @@ CVE-2024-26559 (An issue in uverif v.2.0 allows a remote attacker to obtain sens NOT-FOR-US: uverif CVE-2024-26476 (An issue in open-emr before v.7.0.2 allows a remote attacker to escala ...) NOT-FOR-US: OpenEMR -CVE-2024-26450 (Cross Site Scripting vulnerability in Piwigo before v.14.2.0 allows a ...) +CVE-2024-26450 (An issue exists within Piwigo before v.14.2.0 allowing a malicious use ...) - piwigo CVE-2024-25869 (An Unrestricted File Upload vulnerability in CodeAstro Membership Mana ...) NOT-FOR-US: CodeAstro @@ -3287,7 +3331,7 @@ CVE-2024-27099 (The uAMQP is a C library for AMQP 1.0 communication to Azure Clo NOTE: https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987 CVE-2024-26473 (A reflected cross-site scripting (XSS) vulnerability in SocialMediaWeb ...) NOT-FOR-US: SocialMediaWebsite -CVE-2024-26472 (A reflected cross-site scripting (XSS) vulnerability in SocialMediaWeb ...) +CVE-2024-26472 (KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected c ...) NOT-FOR-US: SocialMediaWebsite CVE-2024-26471 (A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBa ...) NOT-FOR-US: zhimengzhe iBarn @@ -6589,7 +6633,8 @@ CVE-2024-1354 (A command injection vulnerability was identified in GitHub Enterp NOT-FOR-US: GitHub Enterprise Server CVE-2024-1309 (Uncontrolled Resource Consumption vulnerability in Honeywell Niagara F ...) NOT-FOR-US: Honeywell -CVE-2024-1216 (Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerabi ...) +CVE-2024-1216 + REJECTED NOT-FOR-US: Twister Antivirus CVE-2024-1163 (Uncontrolled Resource Consumption in GitHub repository mbloch/mapshape ...) NOT-FOR-US: mapshaper @@ -6601,7 +6646,7 @@ CVE-2024-1157 (The Bold Page Builder plugin for WordPress
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e408e8ce by security tracker role at 2024-03-08T20:12:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,27 @@ +CVE-2024-2339 (PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a use ...) + TODO: check +CVE-2024-2338 (PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that ...) + TODO: check +CVE-2024-2319 (Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX proje ...) + TODO: check +CVE-2024-2318 (A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1 ...) + TODO: check +CVE-2024-2317 (A vulnerability was found in Bdtask Hospital AutoManager up to 2024022 ...) + TODO: check +CVE-2024-2316 (A vulnerability has been found in Bdtask Hospital AutoManager up to 20 ...) + TODO: check +CVE-2024-21901 (A SQL injection vulnerability has been reported to affect myQNAPcloud. ...) + TODO: check +CVE-2024-21900 (An injection vulnerability has been reported to affect several QNAP op ...) + TODO: check +CVE-2024-21899 (An improper authentication vulnerability has been reported to affect s ...) + TODO: check +CVE-2023-47221 (A path traversal vulnerability has been reported to affect Photo Stati ...) + TODO: check +CVE-2023-34980 (An OS command injection vulnerability has been reported to affect seve ...) + TODO: check +CVE-2023-32969 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + TODO: check CVE-2024-2298 (The affiliate-toolkit \u2013 WordPress Affiliate Plugin plugin for Wor ...) NOT-FOR-US: WordPress plugin CVE-2024-2285 (A vulnerability, which was classified as problematic, has been found i ...) @@ -5914,6 +5938,7 @@ CVE-2024-25619 (Mastodon is a free, open-source social network server based on A CVE-2024-25618 (Mastodon is a free, open-source social network server based on Activit ...) - mastodon (bug #859741) CVE-2024-25617 (Squid is an open source caching proxy for the Web supporting HTTP, HTT ...) + {DSA-5637-1} - squid 6.5-1 - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr @@ -8669,7 +8694,7 @@ CVE-2024-24041 (A stored cross-site scripting (XSS) vulnerability in Travel Jour NOT-FOR-US: Travel Journal Using PHP and MySQL CVE-2024-23978 (Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V10 ...) NOT-FOR-US: HOME SPOT CUBE2 -CVE-2024-23746 (Miro Desktop 0.8.18 on macOS allows code injection via a complex serie ...) +CVE-2024-23746 (Miro Desktop 0.8.18 on macOS allows local Electron code injection via ...) NOT-FOR-US: Miro Desktop CVE-2024-23052 (An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a ...) NOT-FOR-US: WuKongOpenSource WukongCRM @@ -10319,6 +10344,7 @@ CVE-2024- [RUSTSEC-2024-0006] NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE: https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 CVE-2024-23638 (Squid is a caching proxy for the Web. Due to an expired pointer refere ...) + {DSA-5637-1} - squid 6.6-1 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx NOTE: https://megamansec.github.io/Squid-Security-Audit/stream-assert.html @@ -18032,7 +18058,7 @@ CVE-2023-50369 (Improper Neutralization of Input During Web Page Generation ('Cr CVE-2023-50368 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50269 (Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion ...) - {DLA-3709-1} + {DSA-5637-1 DLA-3709-1} - squid 6.6-1 (bug #1058721) - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3 @@ -27314,6 +27340,7 @@ CVE-2023-46728 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f NOTE: https://megamansec.github.io/Squid-Security-Audit/gopher-nullpointer.html CVE-2023-46724 (Squid is a caching proxy for the Web. Due to an Improper Validation of ...) + {DSA-5637-1} - squid 6.5-1 (bug #1055252) [buster] - squid (Doesn't build with OpenSSL yet) NOTE: https://github.com/squid-cache/squid/commit/792ef23e6e1c05780fe17f733859eef6eb8c8be3 @@ -27327,7 +27354,7 @@ CVE-2023-46848 (Squid is vulnerable to Denial of Service, where a remote attack - squid3 (Vulnerable code not present) NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w CVE-2023-46847 (Squid is