[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 71a0e1a0 by Salvatore Bonaccorso at 2024-04-25T08:26:31+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,57 +13,57 @@ CVE-2024-4058 CVE-2024-4141 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an in ...) TODO: check CVE-2024-4127 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been classi ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4126 (A vulnerability was found in Tenda W15E 15.11.0.14 and classified as c ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4125 (A vulnerability has been found in Tenda W15E 15.11.0.14 and classified ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4124 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4123 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4122 (A vulnerability classified as critical was found in Tenda W15E 15.11.0 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4121 (A vulnerability classified as critical has been found in Tenda W15E 15 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4120 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4119 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been declar ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4118 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been classi ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4117 (A vulnerability was found in Tenda W15E 15.11.0.14 and classified as c ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4116 (A vulnerability has been found in Tenda W15E 15.11.0.14 and classified ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4115 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4114 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4113 (A vulnerability classified as critical was found in Tenda TX9 22.03.02 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4112 (A vulnerability classified as critical has been found in Tenda TX9 22. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4111 (A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4093 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Subscription Website CVE-2024-4075 (A vulnerability classified as problematic has been found in Kashipara ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4074 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4073 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4072 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4071 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4070 (A vulnerability has been found in Kashipara Online Furniture Shopping ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4069 (A vulnerability, which was classified as critical, was found in Kaship ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4066 (A vulnerability classified as critical has been found in Tenda AC8 16. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3371 (MongoDB Compass may accept and use insufficiently validated input from ...) TODO: check CVE-2024-3261 (The Strong Testimonials WordPress plugin before 3.1.12 does not valida ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71a0e1a026df882e8a00e180e6247064434047cc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71a0e1a026df882e8a00e180e6247064434047cc You're receiving this email because of your
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 18ef36cc by Salvatore Bonaccorso at 2024-04-23T22:37:03+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,23 +13,23 @@ CVE-2024-3732 (The GeoDirectory \u2013 WordPress Business Directory Plugin, or C CVE-2024-3665 (The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-3491 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3185 (A key used in logging.json does not follow the least privilege princip ...) TODO: check CVE-2024-33217 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-33215 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-33214 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-33213 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-33212 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-33211 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-32679 (Missing Authorization vulnerability in Shared Files PRO Shared Files.T ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) TODO: check CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...) @@ -47,11 +47,11 @@ CVE-2024-31804 (An unquoted service path vulnerability in Terratec DMX_6Fire USB CVE-2024-31208 (Synapse is an open-source Matrix homeserver. A remote Matrix user with ...) TODO: check CVE-2024-30800 (PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly z ...) - TODO: check + NOT-FOR-US: PX4 Autopilot CVE-2024-2477 (The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28627 (An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain s ...) - TODO: check + NOT-FOR-US: Flipsnack CVE-2024-28130 (An incorrect type conversion vulnerability exists in the DVPSSoftcopyV ...) TODO: check CVE-2024-21979 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) @@ -59,9 +59,9 @@ CVE-2024-21979 (An out of bounds write vulnerability in the AMD Radeon\u2122 use CVE-2024-21972 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) TODO: check CVE-2024-0900 (The Elespare \u2013 Build Your Blog, News & Magazine Websites with Exp ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47731 (IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pa ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-26922 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux NOTE: https://git.kernel.org/linus/6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75 (6.9-rc5) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18ef36ccd4e18af7fa865927b78e20e856409d6b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18ef36ccd4e18af7fa865927b78e20e856409d6b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9583641d by Salvatore Bonaccorso at 2024-04-23T22:25:24+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,17 +1,17 @@ CVE-2024-4065 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4064 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been declar ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4063 (A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. I ...) - TODO: check + NOT-FOR-US: EZVIZ CVE-2024-4062 (A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classi ...) - TODO: check + NOT-FOR-US: Hualai Xiaofang iSC5 CVE-2024-3911 (An unauthenticated remote attacker candeceive users into performing un ...) - TODO: check + NOT-FOR-US: Welotec GmbH products CVE-2024-3732 (The GeoDirectory \u2013 WordPress Business Directory Plugin, or Classi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3665 (The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3491 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...) TODO: check CVE-2024-3185 (A key used in logging.json does not follow the least privilege princip ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9583641dd4b6168cb97dd1da9a01389445713853 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9583641dd4b6168cb97dd1da9a01389445713853 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 084b134a by Salvatore Bonaccorso at 2024-04-23T08:51:21+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -97368,7 +97368,7 @@ CVE-2022-46899 (An issue was discovered in Vocera Report Server and Voice Server CVE-2022-46898 (An issue was discovered in Vocera Report Server and Voice Server 5.x t ...) NOT-FOR-US: Vocera Report Server and Voice Server CVE-2022-46897 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) - TODO: check + NOT-FOR-US: Insyde CVE-2022-46896 RESERVED CVE-2022-46895 @@ -132132,7 +132132,7 @@ CVE-2022-35505 (A segmentation fault in TripleCross v0.1.0 occurs when sending a CVE-2022-35504 RESERVED CVE-2022-35503 (Improper verification of a user input in Open Source MANO v7-v12 allow ...) - TODO: check + NOT-FOR-US: Open Source MANO CVE-2022-35502 RESERVED CVE-2022-35501 (Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 ...) @@ -135095,11 +135095,11 @@ CVE-2022-34564 CVE-2022-34563 RESERVED CVE-2022-34562 (A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows att ...) - TODO: check + NOT-FOR-US: PHPFox CVE-2022-34561 (A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows att ...) - TODO: check + NOT-FOR-US: PHPFox CVE-2022-34560 (A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows att ...) - TODO: check + NOT-FOR-US: PHPFox CVE-2022-34559 RESERVED CVE-2022-34558 (WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/084b134a8ea25f51d445f0cb2e796aa6cc04f0b2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/084b134a8ea25f51d445f0cb2e796aa6cc04f0b2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c0c2d76 by Salvatore Bonaccorso at 2024-04-22T10:22:56+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,21 +1,21 @@ CVE-2024-4022 (A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-18 ...) - TODO: check + NOT-FOR-US: Keenetic router CVE-2024-4021 (A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-18 ...) - TODO: check + NOT-FOR-US: Keenetic router CVE-2024-32698 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32697 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32696 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32695 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32694 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32693 (Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automati ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32690 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32418 (An issue in flusity CMS v2.33 allows a remote attacker to execute arbi ...) TODO: check CVE-2024-30799 (An issue in PX4 Autopilot v1.14 and before allows a remote attacker to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c0c2d760ac37023fedf3bb2d9fee1833e64768b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c0c2d760ac37023fedf3bb2d9fee1833e64768b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 466a96da by Salvatore Bonaccorso at 2024-04-19T22:41:28+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,7 +9,7 @@ CVE-2024-3741 (Electrolink transmitters are vulnerable to an authentication bypa CVE-2024-3731 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2024-3684 (A server side request forgery vulnerability was identified in GitHub E ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-3654 (An XSS vulnerability has been found in Teimas Global's Teixo, version ...) NOT-FOR-US: Teimas Global's Teixo CVE-2024-3646 (A command injection vulnerability was identified in GitHub Enterprise ...) @@ -89,39 +89,39 @@ CVE-2024-30920 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below al CVE-2024-30107 (HCL Connections contains a broken access control vulnerability that ma ...) NOT-FOR-US: HCL CVE-2024-2761 (The Genesis Blocks WordPress plugin before 3.1.3 does not properly esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2440 (A race condition in GitHub Enterprise Server allowed an existing admin ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-29991 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29969 (When a Brocade SANnav installation is upgraded from Brocade SANnav v2. ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29968 (An information disclosure vulnerability exists in Brocade SANnav befor ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29967 (In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was obse ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29966 (Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded creden ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29965 (In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back u ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29964 (Docker instances in Brocade SANnav before v2.3.1 and v2.3.0a have an i ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29963 (Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded keys ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29962 (Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file per ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29961 (A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It a ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29960 (In the Brocade SANnav server versions before v2.3.1 and v2.3.0a, the S ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29959 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Bro ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29958 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29957 (When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured i ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29204 (A Heap Overflow vulnerability in WLAvalancheService component of Ivant ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-29183 (OpenRASP is a RASP solution that directly integrates its protection en ...) TODO: check CVE-2024-29030 (memos is a privacy-first, lightweight note-taking service. In memos 0. ...) @@ -131,69 +131,69 @@ CVE-2024-29029 (memos is a privacy-first, lightweight note-taking service. In me CVE-2024-29028 (memos is a privacy-first, lightweight note-taking service. In memos 0. ...) TODO: check CVE-2024-27984 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-27978 (A Null Pointer Dereference vulnerability in WLAvalancheService compone ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-27977 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-27976 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-27975 (An Use-after-free vulnerability in WLAvalancheService component of Iva ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-27752 (Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote ...) - TODO: check + NOT-FOR-US: CSZ CMS CVE-2024-25000 (A Path Traversal vulnerability in
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5cb3ff87 by Salvatore Bonaccorso at 2024-04-19T22:30:44+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,99 +1,99 @@ CVE-2024-3979 (A vulnerability, which was classified as problematic, has been found i ...) - vsomeip (bug #997892) CVE-2024-3818 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3742 (Electrolink transmitters store credentials in clear-text. Use of these ...) - TODO: check + NOT-FOR-US: Electrolink transmitters CVE-2024-3741 (Electrolink transmitters are vulnerable to an authentication bypass v ...) - TODO: check + NOT-FOR-US: Electrolink transmitters CVE-2024-3731 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3684 (A server side request forgery vulnerability was identified in GitHub E ...) TODO: check CVE-2024-3654 (An XSS vulnerability has been found in Teimas Global's Teixo, version ...) - TODO: check + NOT-FOR-US: Teimas Global's Teixo CVE-2024-3646 (A command injection vulnerability was identified in GitHub Enterprise ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-3615 (The Media Library Folders plugin for WordPress is vulnerable to Reflec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3600 (The Poll Maker \u2013 Best WordPress Poll Plugin plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3598 (The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3560 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3470 (An Improper Privilege Management vulnerability was identified in GitHu ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-32683 (Authorization Bypass Through User-Controlled Key vulnerability in Wpme ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32652 (The adapter @hono/node-server allows you to run your Hono application ...) TODO: check CVE-2024-32650 (Rustls is a modern TLS library written in Rust. `rustls::ConnectionCom ...) TODO: check CVE-2024-32644 (Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain tha ...) - TODO: check + NOT-FOR-US: Evmos CVE-2024-32478 (Git Credential Manager (GCM) is a secure Git credential helper. Prior ...) TODO: check CVE-2024-32473 (Moby is an open source container framework that is a key component of ...) TODO: check CVE-2024-32409 (An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary ...) - TODO: check + NOT-FOR-US: SEMCMS CVE-2024-32206 (A stored cross-site scripting (XSS) vulnerability in the component \af ...) - TODO: check + NOT-FOR-US: WUZHICMS CVE-2024-32166 (Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - ...) TODO: check CVE-2024-32038 (Wazuh is a free and open source platform used for threat prevention, d ...) TODO: check CVE-2024-31846 (An issue was discovered in Italtel Embrace 1.6.4. The web application ...) - TODO: check + NOT-FOR-US: Italtel Embrace CVE-2024-31841 (An issue was discovered in Italtel Embrace 1.6.4. The web server fails ...) - TODO: check + NOT-FOR-US: Italtel Embrace CVE-2024-31750 (SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote ...) - TODO: check + NOT-FOR-US: f-logic datacube3 CVE-2024-31745 (Libdwarf v0.9.1 was discovered to contain a heap use-after-free via th ...) TODO: check CVE-2024-31744 (In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/j ...) TODO: check CVE-2024-31587 (SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an ...) - TODO: check + NOT-FOR-US: SecuSTATION Camera CVE-2024-31552 (CuteHttpFileServer v.3.1 version has an arbitrary file download vulner ...) - TODO: check + NOT-FOR-US: CuteHttpFileServer CVE-2024-31547 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...) - TODO: check + NOT-FOR-US: Computer Laboratory Management System CVE-2024-31546 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...) - TODO: check + NOT-FOR-US: Computer Laboratory Management System CVE-2024-31450 (Owncast is an open source, self-hosted, decentralized, single user liv ...) TODO: check CVE-2024-30938
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 36573323 by Salvatore Bonaccorso at 2024-04-19T22:16:45+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -233,11 +233,11 @@ CVE-2023-49275 (Wazuh is a free and open source platform used for threat prevent CVE-2023-47435 (An issue in the verifyPassword function of hexo-theme-matery v2.0.0 al ...) TODO: check CVE-2023-37400 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to esca ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-37397 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obta ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-37396 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obta ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-3948 (A vulnerability was found in SourceCodester Home Clean Service System ...) NOT-FOR-US: SourceCodester Home Clean Service System CVE-2024-32689 (Missing Authorization vulnerability in GenialSouls WP Social Comments. ...) @@ -76386,7 +76386,7 @@ CVE-2023-27281 CVE-2023-27280 RESERVED CVE-2023-27279 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a de ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-27278 RESERVED CVE-2023-27277 @@ -89681,7 +89681,7 @@ CVE-2023-22871 CVE-2023-22870 (IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext w ...) NOT-FOR-US: IBM CVE-2023-22869 (IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive inf ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-22868 (IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vu ...) NOT-FOR-US: IBM CVE-2023-22867 @@ -117577,7 +117577,7 @@ CVE-2022-40747 ("IBM InfoSphere Information Server 11.7 is vulnerable to an XML CVE-2022-40746 (IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 co ...) NOT-FOR-US: IBM CVE-2022-40745 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obta ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-40744 (IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. ...) NOT-FOR-US: IBM CVE-2022-40743 (Improper Input Validation vulnerability for the xdebug plugin in Apach ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36573323c74869c7eb4db74abb4086fed914c152 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36573323c74869c7eb4db74abb4086fed914c152 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d8b48c3 by Salvatore Bonaccorso at 2024-04-18T22:47:45+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,117 +1,117 @@ CVE-2024-3948 (A vulnerability was found in SourceCodester Home Clean Service System ...) - TODO: check + NOT-FOR-US: SourceCodester Home Clean Service System CVE-2024-32689 (Missing Authorization vulnerability in GenialSouls WP Social Comments. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32686 (Insertion of Sensitive Information into Log File vulnerability in Inis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32604 (Authorization Bypass Through User-Controlled Key vulnerability in Plec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32603 (Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32602 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32601 (Missing Authorization vulnerability in WP OnlineSupport, Essential Plu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32600 (Deserialization of Untrusted Data vulnerability in Averta Master Slide ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32599 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32597 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32596 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32595 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32594 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32592 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32591 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32590 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32588 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32587 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32586 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32585 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32584 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32583 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32582 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32581 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32580 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32579 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32577 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32576 (Improper Neutralization of Input During Web Page Generation ('Cross-si
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: de741f76 by Salvatore Bonaccorso at 2024-04-18T08:30:39+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -220,9 +220,9 @@ CVE-2024-21989 (ONTAP Select Deploy administration utility versions 9.12.1.x, 9 CVE-2024-1350 (Missing Authorization vulnerability in Prasidhda Malla Honeypot for WP ...) TODO: check CVE-2024-1249 (A flaw was found in Keycloak's OIDC component in the "checkLoginIframe ...) - TODO: check + NOT-FOR-US: Keycloak CVE-2024-1132 (A flaw was found in Keycloak, where it does not properly validate URLs ...) - TODO: check + NOT-FOR-US: Keycloak CVE-2024-0257 (RoboDK v5.5.4 is vulnerable to heap-based buffer overflow while proc ...) TODO: check CVE-2023-6805 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...) @@ -82366,8 +82366,13 @@ CVE-2023-25020 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kibok NOT-FOR-US: WordPress plugin CVE-2023-25019 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premio C ...) NOT-FOR-US: WordPress plugin +CVE-2023-6717 + NOT-FOR-US: Keycloak +CVE-2023-6544 + NOT-FOR-US: Keycloak CVE-2023-0657 RESERVED + NOT-FOR-US: Keycloak CVE-2023-0656 (A Stack-based buffer overflow vulnerability in the SonicOS allows a re ...) NOT-FOR-US: SonicOS CVE-2023-0655 (SonicWall Email Security contains a vulnerability that could permit a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de741f764659165c2376dce4e9d11025e9faf7c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de741f764659165c2376dce4e9d11025e9faf7c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 99a6a8dd by Salvatore Bonaccorso at 2024-04-17T22:35:15+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -170,39 +170,39 @@ CVE-2024-31040 (Buffer Overflow vulnerability in the get_var_integer function in CVE-2024-31031 (An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause un ...) TODO: check CVE-2024-30990 (SQL Injection vulnerability in the "Invoices" page in phpgurukul Clien ...) - TODO: check + NOT-FOR-US: phpgurukul Client Management System CVE-2024-30989 (Cross Site Scripting vulnerability in /edit-client-details.php of phpg ...) - TODO: check + NOT-FOR-US: phpgurukul Client Management System CVE-2024-30988 (Cross Site Scripting vulnerability in /search-invoices.php of phpguruk ...) - TODO: check + NOT-FOR-US: phpgurukul Client Management System CVE-2024-30987 (Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgu ...) - TODO: check + NOT-FOR-US: phpgurukul Client Management System CVE-2024-30986 (Cross Site Scripting vulnerability in /edit-services-details.php of ph ...) - TODO: check + NOT-FOR-US: phpgurukul Client Management System CVE-2024-30985 (SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul ...) - TODO: check + NOT-FOR-US: phpgurukul Client Management System CVE-2024-30983 (SQL Injection vulnerability in phpgurukul Cyber Cafe Management System ...) - TODO: check + NOT-FOR-US: phpgurukul Cyber Cafe Management System CVE-2024-30982 (SQL Injection vulnerability in phpgurukul Cyber Cafe Management System ...) - TODO: check + NOT-FOR-US: phpgurukul Cyber Cafe Management System CVE-2024-30981 (SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul ...) - TODO: check + NOT-FOR-US: phpgurukul Cyber Cafe Management System CVE-2024-30980 (SQL Injection vulnerability in phpgurukul Cyber Cafe Management System ...) - TODO: check + NOT-FOR-US: phpgurukul Cyber Cafe Management System CVE-2024-30979 (Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 ...) - TODO: check + NOT-FOR-US: phpgurukul Cyber Cafe Management System CVE-2024-30953 (A stored cross-site scripting (XSS) vulnerability in Htmly v2.9.5 allo ...) - TODO: check + NOT-FOR-US: Htmly CVE-2024-30952 (A stored cross-site scripting (XSS) vulnerability in PESCMS-TEAM v2.3. ...) - TODO: check + NOT-FOR-US: PESCMS-TEAM CVE-2024-30951 (FUDforum v3.1.3 was discovered to contain a reflected cross-site scrip ...) - TODO: check + NOT-FOR-US: FUDforum CVE-2024-30950 (A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 a ...) - TODO: check + NOT-FOR-US: FUDforum CVE-2024-30253 (@solana/web3.js is the Solana JavaScript SDK. Using particular inputs ...) TODO: check CVE-2024-2419 (A flaw was found in Keycloak's redirect_uri validation logic. This iss ...) - TODO: check + NOT-FOR-US: Keycloak CVE-2024-29951 (Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in intern ...) TODO: check CVE-2024-29950 (The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2 ...) @@ -210,13 +210,13 @@ CVE-2024-29950 (The class FileTransfer implemented in Brocade SANnav before v2.3 CVE-2024-29035 (Umbraco is an ASP.NET CMS. Failing webhooks logs are available when so ...) TODO: check CVE-2024-28073 (SolarWinds Serv-U was found to be susceptible to a Directory Traversal ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2024-24856 (The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee ...) TODO: check CVE-2024-21990 (ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1. ...) - TODO: check + NOT-FOR-US: ONTAP / NetAPP CVE-2024-21989 (ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1. ...) - TODO: check + NOT-FOR-US: ONTAP / NetAPP CVE-2024-1350 (Missing Authorization vulnerability in Prasidhda Malla Honeypot for WP ...) TODO: check CVE-2024-1249 (A flaw was found in Keycloak's OIDC component in the "checkLoginIframe ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99a6a8dd2eaf98b75e8a31741847c7e020543144 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99a6a8dd2eaf98b75e8a31741847c7e020543144 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2fb6e3de by Salvatore Bonaccorso at 2024-04-17T11:17:58+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33,9 +33,9 @@ CVE-2024-3660 (A arbitrary code injection vulnerability in TensorFlow's Keras fr CVE-2024-3367 (Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1. ...) - check-mk CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3067 (The WooCommerce Google Feed Manager plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32634 (In huge memory get unmapped area check, code can never be reached beca ...) TODO: check CVE-2024-32633 (An unsigned value can never be negative, so eMMC full disk test will a ...) @@ -47,39 +47,39 @@ CVE-2024-32631 (Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect CVE-2024-32625 (In OffloadAMRWriter, a scalar field is not initialized so will contain ...) TODO: check CVE-2024-32532 (Missing Authorization vulnerability in SiteGround Speed Optimizer.This ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32525 (Missing Authorization vulnerability in Theme My Login.This issue affec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32524 (Missing Authorization vulnerability in Nuggethon Custom Order Statuses ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32522 (Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Te ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32520 (Missing Authorization vulnerability in WPClever WPC Grouped Product fo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32519 (Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32518 (Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultim ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32517 (Missing Authorization vulnerability in WooCommerce & WordPress Tutoria ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32516 (Missing Authorization vulnerability in Palscode Multi Currency For Woo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32515 (Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32514 (Unrestricted Upload of File with Dangerous Type vulnerability in Poll ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32513 (Insertion of Sensitive Information into Log File vulnerability in AdTr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32509 (Missing Authorization vulnerability in Loopus WP Cost Estimation & Pay ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32455 (Missing Authorization vulnerability in Very Good Plugins Fatal Error N ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32256 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...) - TODO: check + NOT-FOR-US: Phpgurukul Tourism Management System CVE-2024-32254 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...) - TODO: check + NOT-FOR-US: Phpgurukul Tourism Management System CVE-2024-32086 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32027 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22. ...) TODO: check CVE-2024-32026 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...) @@ -95,49 +95,49 @@ CVE-2024-32022 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_s CVE-2024-31887 (IBM Security Verify Privilege 11.6.25 could allow an unauthenticated a ...) NOT-FOR-US: IBM CVE-2024-31760 (An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attac ...) - TODO: check + NOT-FOR-US: flipped-aurora gin-vue-admin CVE-2024-31759 (An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to esc ...) - TODO: check + NOT-FOR-US: PublicCMS CVE-2024-31680 (File Upload vulnerability in Shibang Communications Co., Ltd. IP netwo ...) - TODO: check + NOT-FOR-US: Shibang Communications Co., Ltd. IP network intercom broadcasting system CVE-2024-31503 (Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and befor ...) TODO: check CVE-2024-31452 (OpenFGA is a high-performance and flexible
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 00852c92 by Salvatore Bonaccorso at 2024-04-17T11:10:34+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,33 +1,33 @@ CVE-2024-3882 (A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been cla ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3881 (A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified a ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3880 (A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classif ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3879 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3878 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3877 (A vulnerability classified as critical was found in Tenda F1202 1.2.0. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3876 (A vulnerability classified as critical has been found in Tenda F1202 1 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3875 (A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been ra ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3874 (A vulnerability was found in Tenda W20E 15.11.0.6. It has been declare ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3873 (A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It has bee ...) TODO: check CVE-2024-3872 (Mattermost Mobile app versions 2.13.0 and earlier use a regular expres ...) - TODO: check + NOT-FOR-US: Mattermost Mobile app CVE-2024-3871 (The Delta Electronics DVW-W02W2-E2 devices expose a web administration ...) - TODO: check + NOT-FOR-US: Delta Electronics CVE-2024-3869 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3867 (The archive-tainacan-collection theme for WordPress is vulnerable to R ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-3672 (The BA Book Everything plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3660 (A arbitrary code injection vulnerability in TensorFlow's Keras framewo ...) TODO: check CVE-2024-3367 (Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00852c92e5a41e637a0849a8c24f30e6711c6b2b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00852c92e5a41e637a0849a8c24f30e6711c6b2b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d1bfc6ce by Salvatore Bonaccorso at 2024-04-15T22:33:43+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,93 +1,93 @@ CVE-2024-3804 (A vulnerability, which was classified as critical, has been found in V ...) - TODO: check + NOT-FOR-US: Vesystem Cloud Desktop CVE-2024-3803 (A vulnerability classified as critical was found in Vesystem Cloud Des ...) - TODO: check + NOT-FOR-US: Vesystem Cloud Desktop CVE-2024-3802 (Vulnerabilities in Celeste 22.x was vulnerable to takeover from unauth ...) TODO: check CVE-2024-3797 (A vulnerability was found in SourceCodester QR Code Bookmark System 1. ...) - TODO: check + NOT-FOR-US: SourceCodester QR Code Bookmark System CVE-2024-3796 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) - TODO: check + NOT-FOR-US: WBSAirback CVE-2024-3795 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) - TODO: check + NOT-FOR-US: WBSAirback CVE-2024-3794 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) - TODO: check + NOT-FOR-US: WBSAirback CVE-2024-3793 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) - TODO: check + NOT-FOR-US: WBSAirback CVE-2024-3792 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) - TODO: check + NOT-FOR-US: WBSAirback CVE-2024-3791 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) - TODO: check + NOT-FOR-US: WBSAirback CVE-2024-3790 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) - TODO: check + NOT-FOR-US: WBSAirback CVE-2024-3789 (Uncontrolled resource consumption vulnerability in White Bear Solution ...) - TODO: check + NOT-FOR-US: WBSAirback CVE-2024-3788 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) - TODO: check + NOT-FOR-US: WBSAirback CVE-2024-3787 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) - TODO: check + NOT-FOR-US: WBSAirback CVE-2024-3786 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) - TODO: check + NOT-FOR-US: WBSAirback CVE-2024-3785 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) - TODO: check + NOT-FOR-US: WBSAirback CVE-2024-3784 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) - TODO: check + NOT-FOR-US: WBSAirback CVE-2024-3783 (The Backup Agents section in WBSAirback 21.02.04 is affected by a Path ...) - TODO: check + NOT-FOR-US: WBSAirback CVE-2024-3782 (Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which ...) - TODO: check + NOT-FOR-US: WBSAirback CVE-2024-3781 (Command injection vulnerability in the operating system. Improper neut ...) - TODO: check + NOT-FOR-US: WBSAirback CVE-2024-3780 (A vulnerability of Information Exposure has been found on Technicolor ...) - TODO: check + NOT-FOR-US: Technicolor CVE-2024-32437 (Cross-Site Request Forgery (CSRF) vulnerability in impleCode eCommerce ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32436 (Cross-Site Request Forgery (CSRF) vulnerability in Codemenschen Gift V ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32435 (Cross-Site Request Forgery (CSRF) vulnerability in Affieasy Team AffiE ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32434 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Ord ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32433 (Cross-Site Request Forgery (CSRF) vulnerability in Themefic BEAF.This ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32141 (Cross-Site Request Forgery (CSRF) vulnerability in Libsyn Libsyn Publi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32129 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32104 (Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32103 (Cross-Site Request Forgery (CSRF) vulnerability in Siteimprove.This is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32102 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Kingsley Clar ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32101 (Cross-Site Request Forgery (CSRF) vulnerability in Omnisend Email Mark
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f4e1bc2 by Salvatore Bonaccorso at 2024-04-15T14:13:04+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,15 +21,15 @@ CVE-2024-3768 (A vulnerability, which was classified as critical, has been found CVE-2024-3767 (A vulnerability classified as critical was found in PHPGurukul News Po ...) NOT-FOR-US: PHPGurukul News Portal CVE-2024-3766 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: slowlyo OwlAdmin CVE-2024-3765 (A vulnerability classified as critical was found in Xiongmai AHB7804R- ...) NOT-FOR-US: Xiongmai CVE-2024-3764 (A vulnerability classified as problematic has been found in Tuya Camer ...) - TODO: check + NOT-FOR-US: Tuya Camera CVE-2024-3763 (A vulnerability was found in Emlog Pro 2.2.10. It has been rated as pr ...) - TODO: check + NOT-FOR-US: Emlog Pro CVE-2024-3762 (A vulnerability was found in Emlog Pro 2.2.10. It has been declared as ...) - TODO: check + NOT-FOR-US: Emlog Pro CVE-2024-3701 (The system application (com.transsion.kolun.aiservice) component does ...) TODO: check CVE-2024-3505 (JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to ...) @@ -113,23 +113,23 @@ CVE-2024-32098 (Improper Neutralization of Special Elements used in an SQL Comma CVE-2024-32087 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32082 (Cross-Site Request Forgery (CSRF) vulnerability in kp4coder Sync Post ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32079 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31093 (Cross-Site Request Forgery (CSRF) vulnerability in Kaloyan K. Tsvetkov ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31086 (Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Change de ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30545 (Cross-Site Request Forgery (CSRF) vulnerability in Nick Powers Social ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2858 (The Simple Buttons Creator WordPress plugin through 1.04 does not have ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2857 (The Simple Buttons Creator WordPress plugin through 1.04 does not have ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2836 (The Social Share, Social Login and Social Comments Plugin WordPress p ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2739 (The Advanced Search WordPress plugin through 1.1.6 does not have CSRF ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29844 (Default credentials on the Web Interface of Evolution Controller 2.x ( ...) TODO: check CVE-2024-29843 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...) @@ -151,39 +151,39 @@ CVE-2024-29836 (The Web interface of Evolution Controller Versions 2.04.560.31.0 CVE-2024-27462 REJECTED CVE-2024-1849 (The WP Customer Reviews WordPress plugin before 3.7.1 does not validat ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1846 (The Responsive Tabs WordPress plugin before 4.0.7 does not validate an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1755 (The NPS computy WordPress plugin through 2.7.5 does not have CSRF chec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1754 (The NPS computy WordPress plugin through 2.7.5 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1746 (The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1712 (The Carousel Slider WordPress plugin before 2.2.7 does not sanitise an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1660 (The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1655 (Certain ASUS WiFi routers models has an OS Command Injection vulnerabi ...) - TODO: check + NOT-FOR-US: ASUS WiFi routers CVE-2024-1310 (The WooCommerce WordPress plugin before 8.6 does not prevent users wit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1307 (The Smart Forms WordPress plugin before 2.6.94 does not have proper a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1306 (The Smart Forms WordPress plugin before 2.6.94 does not have
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 15132b3b by Salvatore Bonaccorso at 2024-04-14T20:58:50+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -36,11 +36,11 @@ CVE-2024-32019 (Netdata is an open source observability tool. In affected versio NOTE: https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93 NOTE: https://github.com/netdata/netdata/pull/17377 CVE-2024-32005 (NiceGUI is an easy-to-use, Python-based UI framework. A local file inc ...) - TODO: check + NOT-FOR-US: NiceGUI CVE-2024-32003 (wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk ...) NOT-FOR-US: Winter CMS CVE-2024-31462 (stable-diffusion-webui is a web interface for Stable Diffusion, implem ...) - TODO: check + NOT-FOR-US: Stable Diffusion webui CVE-2024-2583 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) NOT-FOR-US: WordPress plugin CVE-2024-29023 (Xibo is an Open Source Digital Signage platform with a web content man ...) @@ -86,7 +86,7 @@ CVE-2024-3211 (The Shopping Cart & eCommerce Store plugin for WordPress is vulne CVE-2024-3054 (WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR ...) NOT-FOR-US: WordPress plugin CVE-2024-32000 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging ...) - TODO: check + NOT-FOR-US: matrix-appservice-irc CVE-2024-31839 (Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allo ...) NOT-FOR-US: tiagorlampert CHAOS CVE-2024-31818 (Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote at ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15132b3b16f0ec3f74f5fc012ef1c02d1a2ce5bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15132b3b16f0ec3f74f5fc012ef1c02d1a2ce5bb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f2aed4f by Salvatore Bonaccorso at 2024-04-13T13:38:18+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-3027 (The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32028 (OpenTelemetry dotnet is a dotnet telemetry framework. In affected vers ...) TODO: check CVE-2024-32019 (Netdata is an open source observability tool. In affected versions the ...) @@ -7,19 +7,19 @@ CVE-2024-32019 (Netdata is an open source observability tool. In affected versio CVE-2024-32005 (NiceGUI is an easy-to-use, Python-based UI framework. A local file inc ...) TODO: check CVE-2024-32003 (wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk ...) - TODO: check + NOT-FOR-US: Winter CMS CVE-2024-31462 (stable-diffusion-webui is a web interface for Stable Diffusion, implem ...) TODO: check CVE-2024-2583 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29023 (Xibo is an Open Source Digital Signage platform with a web content man ...) - TODO: check + NOT-FOR-US: Xibo CVE-2024-29022 (Xibo is an Open Source Digital Signage platform with a web content man ...) - TODO: check + NOT-FOR-US: Xibo CVE-2024-28869 (Traefik is an HTTP reverse proxy and load balancer. In affected versio ...) TODO: check CVE-2024-1957 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3707 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) NOT-FOR-US: OpenGnsys CVE-2024-3706 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2aed4f38d98bb6bccbc7ac9c3c2aae678baf93 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2aed4f38d98bb6bccbc7ac9c3c2aae678baf93 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8cdf05aa by Salvatore Bonaccorso at 2024-04-12T22:23:37+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,157 +1,157 @@ CVE-2024-3707 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) - TODO: check + NOT-FOR-US: OpenGnsys CVE-2024-3706 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) - TODO: check + NOT-FOR-US: OpenGnsys CVE-2024-3705 (Unrestricted file upload vulnerability in OpenGnsys affecting version ...) - TODO: check + NOT-FOR-US: OpenGnsys CVE-2024-3704 (SQL Injection Vulnerability has been found on OpenGnsys product affect ...) - TODO: check + NOT-FOR-US: OpenGnsys CVE-2024-3698 (A vulnerability was found in Campcodes House Rental Management System ...) - TODO: check + NOT-FOR-US: Campcodes House Rental Management System CVE-2024-3697 (A vulnerability was found in Campcodes House Rental Management System ...) - TODO: check + NOT-FOR-US: Campcodes House Rental Management System CVE-2024-3696 (A vulnerability was found in Campcodes House Rental Management System ...) - TODO: check + NOT-FOR-US: Campcodes House Rental Management System CVE-2024-3695 (A vulnerability has been found in SourceCodester Computer Laboratory M ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3691 (A vulnerability, which was classified as critical, has been found in P ...) - TODO: check + NOT-FOR-US: PHPGurukul Small CRM CVE-2024-3690 (A vulnerability classified as critical was found in PHPGurukul Small C ...) - TODO: check + NOT-FOR-US: PHPGurukul Small CRM CVE-2024-3689 (A vulnerability classified as problematic has been found in Zhejiang L ...) - TODO: check + NOT-FOR-US: Zhejiang Land Zongheng Network Technology O2OA CVE-2024-3688 (A vulnerability was found in Xiamen Four-Faith RMP Router Management P ...) - TODO: check + NOT-FOR-US: Xiamen Four-Faith RMP Router Management Platform CVE-2024-3687 (A vulnerability was found in bihell Dice 3.1.0 and classified as probl ...) - TODO: check + NOT-FOR-US: bihell Dice CVE-2024-3686 (A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3685 (A vulnerability, which was classified as critical, was found in DedeCM ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3211 (The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3054 (WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32000 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging ...) TODO: check CVE-2024-31839 (Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allo ...) - TODO: check + NOT-FOR-US: tiagorlampert CHAOS CVE-2024-31818 (Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote at ...) - TODO: check + NOT-FOR-US: DerbyNet CVE-2024-31372 (Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31371 (Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Eve ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31364 (Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31363 (Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31362 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31360 (Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31354 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31305 (Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.T ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31303 (Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31301 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31293 (Cross-Site Request Forgery
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d6274ca by Salvatore Bonaccorso at 2024-04-12T22:15:15+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -149,17 +149,17 @@ CVE-2024-28878 (IO-1020 Micro ELD downloads source code or an executable from an CVE-2024-28718 (An issue in OpenStack magnum yoga-eom version allows a remote attacker ...) TODO: check CVE-2024-27261 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could al ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-25545 (An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to e ...) TODO: check CVE-2024-22359 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22358 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22339 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22334 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-21618 (An Access of Memory Location After End of Buffer vulnerability in the ...) TODO: check CVE-2024-21615 (An Incorrect Default Permissions vulnerability in Juniper Networks Jun ...) @@ -187,7 +187,7 @@ CVE-2023-51499 (Missing Authorization vulnerability in WooCommerce WooCommerce S CVE-2023-51409 (Unrestricted Upload of File with Dangerous Type vulnerability in Jordy ...) TODO: check CVE-2023-47714 (IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1 ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31391 (Insertion of Sensitive Information into Log File vulnerability in the ...) NOT-FOR-US: Apache Solr Operator CVE-2024-3625 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6274ca0d0ad496a8cda3c44b427bdd4c29e265 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6274ca0d0ad496a8cda3c44b427bdd4c29e265 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7905b86f by Salvatore Bonaccorso at 2024-04-11T22:52:19+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -63,41 +63,41 @@ CVE-2024-29454 (An issue discovered in packages or nodes in ROS2 Humble Hawksbil CVE-2024-25852 (Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution v ...) NOT-FOR-US: Linksys CVE-2024-22722 (Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1. ...) - TODO: check + NOT-FOR-US: Form Tools CVE-2024-22721 (Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 al ...) - TODO: check + NOT-FOR-US: Form Tools CVE-2024-22719 (SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to ru ...) - TODO: check + NOT-FOR-US: Form Tools CVE-2024-22718 (Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows at ...) - TODO: check + NOT-FOR-US: Form Tools CVE-2024-22717 (Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows at ...) - TODO: check + NOT-FOR-US: Form Tools CVE-2024-20798 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20797 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of- ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20796 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of- ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20795 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20794 (Animate versions 23.0.4, 24.0.1 and earlier are affected by a NULL Poi ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20771 (Bridge versions 13.0.6, 14.0.2 and earlier are affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-0881 (The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Block ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5394 (Server receiving a malformed message that where the GCL message hostna ...) - TODO: check + NOT-FOR-US: Honeywell CVE-2023-5393 (Server receiving a malformed message that causes a disconnect to a hos ...) - TODO: check + NOT-FOR-US: Honeywell CVE-2023-5392 (C300 information leak due to an analysis feature which allows extracti ...) - TODO: check + NOT-FOR-US: Honeywell CVE-2023-50949 (IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauth ...) NOT-FOR-US: IBM CVE-2023-32295 (Missing Authorization vulnerability in Alex Tselegidis Easy!Appointmen ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32228 (A firmware bug which may lead to misinterpretation of data in the AMC2 ...) - TODO: check + NOT-FOR-US: Bosch CVE-2024-3092 - gitlab CVE-2024-2279 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7905b86f94116e26ad9407c0605b211a3cacc508 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7905b86f94116e26ad9407c0605b211a3cacc508 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f892d80 by Salvatore Bonaccorso at 2024-04-11T22:43:21+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,67 +1,67 @@ CVE-2024-3344 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3343 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32112 (Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32109 (Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32108 (Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Con ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32107 (Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Li ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32106 (Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Comp ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32105 (Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32083 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32080 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31937 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31936 (Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31935 (Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31934 (Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31932 (Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Bloc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31931 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31930 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31929 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31928 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31927 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31926 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31925 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31861 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) - TODO: check + NOT-FOR-US: Apache Zeppelin CVE-2024-31678 (Sourcecodester Loan Management System v1.0 is vulnerable to SQL Inject ...) - TODO: check + NOT-FOR-US: Sourcecodester Loan Management System CVE-2024-31387 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31361 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31285 (Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress T ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30273 (Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack- ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-30272 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-30271 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-29454 (An issue discovered in packages or nodes in ROS2 Humble Hawksbill with ...) TODO: check CVE-2024-25852
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f3fad16b by Salvatore Bonaccorso at 2024-04-11T10:30:00+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2,43 +2,43 @@ CVE-2024-3652 (The Libreswan Project was notified of an issue causing libreswan - libreswan NOTE: https://libreswan.org/security/CVE-2024-3652 CVE-2024-3621 (A vulnerability was found in SourceCodester Kortex Lite Advocate Offic ...) - TODO: check + NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System CVE-2024-3620 (A vulnerability was found in SourceCodester Kortex Lite Advocate Offic ...) - TODO: check + NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System CVE-2024-3619 (A vulnerability has been found in SourceCodester Kortex Lite Advocate ...) - TODO: check + NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System CVE-2024-3618 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System CVE-2024-3617 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System CVE-2024-3616 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester Warehouse Management System CVE-2024-3614 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester Warehouse Management System CVE-2024-3613 (A vulnerability was found in SourceCodester Warehouse Management Syste ...) - TODO: check + NOT-FOR-US: SourceCodester Warehouse Management System CVE-2024-3612 (A vulnerability was found in SourceCodester Warehouse Management Syste ...) - TODO: check + NOT-FOR-US: SourceCodester Warehouse Management System CVE-2024-3285 (The Slider, Gallery, and Carousel by MetaSlider \u2013 Responsive Word ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32001 (SpiceDB is a graph database purpose-built for storing and evaluating a ...) TODO: check CVE-2024-31999 (@festify/secure-session creates a secure stateless cookie session for ...) TODO: check CVE-2024-31997 (XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31996 (XWiki Platform is a generic wiki platform. Starting in version 3.0.1 a ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31995 (`@digitalbazaar/zcap` provides JavaScript reference implementation for ...) TODO: check CVE-2024-31988 (XWiki Platform is a generic wiki platform. Starting in version 13.9-rc ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31987 (XWiki Platform is a generic wiki platform. Starting in version 6.4-mil ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31986 (XWiki Platform is a generic wiki platform. Starting in version 3.1 and ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31985 (XWiki Platform is a generic wiki platform. Starting in version 3.1 and ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-30917 (An issue was discovered in eProsima FastDDS v.2.14.0 and before, allow ...) TODO: check CVE-2024-30916 (An issue was discovered in eProsima FastDDS v.2.14.0 and before, allow ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3fad16b19dbcce47863edf14ddd29a648ceac78 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3fad16b19dbcce47863edf14ddd29a648ceac78 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ee298b2 by Salvatore Bonaccorso at 2024-04-11T08:16:57+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,7 +19,7 @@ CVE-2024-3515 (Use after free in Dawn in Google Chrome prior to 123.0.6312.122 a [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In this v ...) - TODO: check + NOT-FOR-US: Mautic CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN ...) NOT-FOR-US: Palo Alto Networks CVE-2024-3387 (A weak (low bit strength) device certificate in Palo Alto Networks Pan ...) @@ -133,11 +133,11 @@ CVE-2024-31214 (Traccar is an open source GPS tracking system. Traccar versions CVE-2024-2952 (BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) ...) TODO: check CVE-2024-2731 (Users with low privileges (all permissions deselected in the administr ...) - TODO: check + NOT-FOR-US: Mautic CVE-2024-2730 (Mautic uses predictable page indices for unpublished landing pages, th ...) NOT-FOR-US: Mautic CVE-2024-2221 (qdrant/qdrant is vulnerable to a path traversal and arbitrary file upl ...) - TODO: check + NOT-FOR-US: qdrant CVE-2024-2217 (gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, a ...) TODO: check CVE-2024-2196 (aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allow ...) @@ -221,7 +221,7 @@ CVE-2024-1741 (lunary-ai/lunary version 1.0.1 is vulnerable to improper authoriz CVE-2024-1740 (In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user ...) TODO: check CVE-2024-1728 (gradio-app/gradio is vulnerable to a local file inclusion vulnerabilit ...) - TODO: check + NOT-FOR-US: Gradio CVE-2024-1643 (By knowing an organization's ID, an attacker can join the organization ...) TODO: check CVE-2024-1625 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...) @@ -237,9 +237,9 @@ CVE-2024-1520 (An OS Command Injection vulnerability exists in the '/open_code_f CVE-2024-1511 (The parisneo/lollms-webui repository is susceptible to a path traversa ...) TODO: check CVE-2024-0218 (A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, c ...) - TODO: check + NOT-FOR-US: Nozomi Networks Guardian CVE-2023-6916 (Audit records for OpenAPI requests may include sensitive information. ...) - TODO: check + NOT-FOR-US: Nozomi Networks CVE-2023-52070 (JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBo ...) TODO: check CVE-2023-2794 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ee298b24c7dda946b4432c03a9ced3ae2d87738 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ee298b24c7dda946b4432c03a9ced3ae2d87738 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 730aeaaa by Salvatore Bonaccorso at 2024-04-10T22:32:01+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,19 +21,19 @@ CVE-2024-3515 (Use after free in Dawn in Google Chrome prior to 123.0.6312.122 a CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In this v ...) TODO: check CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-3387 (A weak (low bit strength) device certificate in Palo Alto Networks Pan ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-3386 (An incorrect string comparison vulnerability in Palo Alto Networks PAN ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-3385 (A packet processing mechanism in Palo Alto Networks PAN-OS software en ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-3384 (A vulnerability in Palo Alto Networks PAN-OS software enables a remote ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-3383 (A vulnerability in how Palo Alto Networks PAN-OS software processes da ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that enable ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with manage ...) TODO: check CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome prior to 1 ...) @@ -47,21 +47,21 @@ CVE-2024-3098 (A vulnerability was identified in the `exec_utils` class of the ` CVE-2024-3025 (mintplex-labs/anything-llm is vulnerable to path traversal attacks due ...) TODO: check CVE-2024-31984 (Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, an ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31983 (XWiki Platform is a generic wiki platform. In multilingual wikis, tran ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31982 (XWiki Platform is a generic wiki platform. Starting in version 2.4-mil ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31981 (XWiki Platform is a generic wiki platform. Starting in version 3.0.1 a ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31944 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31943 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipp ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31939 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any X ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31924 (Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Im ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31874 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninit ...) NOT-FOR-US: IBM CVE-2024-31873 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains ha ...) @@ -71,71 +71,71 @@ CVE-2024-31872 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could CVE-2024-31871 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) NOT-FOR-US: IBM CVE-2024-31819 (An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker ...) - TODO: check + NOT-FOR-US: WWBN AVideo CVE-2024-31492 (An external control of file name or path vulnerability [CWE-73] in Fo ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2024-31465 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31464 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31461 (Plane, an open-source project management tool, has a Server-Side Reque ...) - TODO: check + NOT-FOR-US: Plane CVE-2024-31430 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31386 (Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31358 (Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating ...) - TODO: check + NOT-FOR-US: Saleswonder.Biz 5 Stars Rating Funnel CVE-2024-31356 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31355 (Improper
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6fc63739 by Salvatore Bonaccorso at 2024-04-10T22:23:01+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -61,13 +61,13 @@ CVE-2024-31939 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import CVE-2024-31924 (Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Im ...) TODO: check CVE-2024-31874 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninit ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31873 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains ha ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31872 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31871 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31819 (An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker ...) TODO: check CVE-2024-31492 (An external control of file name or path vulnerability [CWE-73] in Fo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fc63739eba522e04640726f41ad3ec3399b8690 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fc63739eba522e04640726f41ad3ec3399b8690 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 23af76fd by Salvatore Bonaccorso at 2024-04-10T08:37:50+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -239,7 +239,7 @@ CVE-2024-2027 (The Real Media Library: Media Library Folder & File Manager plugi CVE-2024-2026 (The Passster plugin for WordPress is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2024-2018 (The WP Activity Log Premium plugin for WordPress is vulnerable to SQL ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29993 (Azure CycleCloud Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29992 (Azure Identity Library for .NET Information Disclosure Vulnerability) @@ -582,167 +582,167 @@ CVE-2024-20669 (Secure Boot Security Feature Bypass Vulnerability) CVE-2024-20665 (BitLocker Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-1999 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1991 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1990 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1984 (The Graphene theme for WordPress is vulnerable to unauthorized access ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-1974 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1960 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1948 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1934 (The WP Compress \u2013 Image Optimizer plugin for WordPress is vulnera ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1904 (The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1893 (The Easy Property Listings plugin for WordPress is vulnerable to time- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1852 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1850 (The AI Post Generator | AutoWriter plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1813 (The Simple Job Board plugin for WordPress is vulnerable to PHP Object ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1812 (The Everest Forms plugin for WordPress is vulnerable to Server-Side Re ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1794 (The Forminator plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1792 (The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1790 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1774 (The Customily Product Personalizer plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1641 (The Accordion plugin for WordPress is vulnerable to unauthorized acces ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1637 (The 360 Javascript Viewer plugin for WordPress is vulnerable to unauth ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1587 (The Newsmatic theme for WordPress is vulnerable to Sensitive Informati ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-1571 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1498 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1466 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1465 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1464 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9cc97337 by Salvatore Bonaccorso at 2024-04-10T08:05:00+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35,7 +35,7 @@ CVE-2024-3064 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin CVE-2024-3053 (The Forminator \u2013 Contact Form, Payment Form & Custom Form Builder ...) NOT-FOR-US: WordPress plugin CVE-2024-3046 (In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4 ...) - TODO: check + NOT-FOR-US: Eclipse Kura LogServlet CVE-2024-31978 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) NOT-FOR-US: Siemens CVE-2024-31868 (Improper Encoding or Escaping of Output vulnerability in Apache Zeppel ...) @@ -63,7 +63,7 @@ CVE-2024-31506 (Sourcecodester Online Graduate Tracer System v1.0 is vulnerable CVE-2024-31487 (A improper limitation of a pathname to a restricted directory ('path t ...) NOT-FOR-US: FortiGuard CVE-2024-31457 (gin-vue-admin is a backstage management system based on vue and gin, w ...) - TODO: check + NOT-FOR-US: gin-vue-admin CVE-2024-31455 (Minder by Stacklok is an open source software supply chain security pl ...) NOT-FOR-US: Minder by Stacklok CVE-2024-31454 (PsiTransfer is an open source, self-hosted file sharing solution. Prio ...) @@ -141,103 +141,103 @@ CVE-2024-2536 (The Rank Math SEO with AI SEO Tools plugin for WordPress is vulne CVE-2024-2513 (The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2024-2507 (The JetWidgets For Elementor plugin for WordPress is vulnerable to Sto ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2504 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2501 (The Hubbub Lite \u2013 Fast, Reliable Social Sharing Buttons plugin fo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2492 (The PowerPack Addons for Elementor plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2457 (The Modal Window \u2013 create popup modal window plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2456 (The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable t ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2436 (The Lightweight Accordion plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2423 (The UsersWP \u2013 Front-end login form, User Registration, User Profi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2348 (The Gum Elementor Addon plugin for WordPress is vulnerable to Stored C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2347 (The Astra theme for WordPress is vulnerable to Stored Cross-Site Scrip ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2344 (The Avada theme for WordPress is vulnerable to SQL Injection via the ' ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2343 (The Avada | Website Builder For WordPress & WooCommerce theme for Word ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2342 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2341 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2340 (The Avada theme for WordPress is vulnerable to Sensitive Information E ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2336 (The Popup Maker \u2013 Popup for opt-ins, lead gen, & more plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2335 (The Elements Plus! plugin for WordPress is vulnerable to Stored Cross- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2334 (The Template Kit \u2013 Import plugin for WordPress is vulnerable to S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2327 (The Global Elementor Buttons plugin for WordPress is vulnerable to Sto ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2325 (The Link Library plugin for WordPress is vulnerable to Reflected Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2311 (The Avada theme for WordPress is vulnerable to Stored Cross-Site Scrip ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2306 (The Revslider plugin for WordPress is vulnerable to Stored
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f4c25ce by Salvatore Bonaccorso at 2024-04-09T23:01:07+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25,15 +25,15 @@ CVE-2024-3208 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored C CVE-2024-3167 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2024-3136 (The MasterStudy LMS plugin for WordPress is vulnerable to Local File I ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3097 (The WordPress Gallery Plugin \u2013 NextGEN Gallery plugin for WordPre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3093 (The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3064 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3053 (The Forminator \u2013 Contact Form, Payment Form & Custom Form Builder ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3046 (In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4 ...) TODO: check CVE-2024-31978 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) @@ -65,19 +65,19 @@ CVE-2024-31487 (A improper limitation of a pathname to a restricted directory (' CVE-2024-31457 (gin-vue-admin is a backstage management system based on vue and gin, w ...) TODO: check CVE-2024-31455 (Minder by Stacklok is an open source software supply chain security pl ...) - TODO: check + NOT-FOR-US: Minder by Stacklok CVE-2024-31454 (PsiTransfer is an open source, self-hosted file sharing solution. Prio ...) - TODO: check + NOT-FOR-US: PsiTransfer CVE-2024-31453 (PsiTransfer is an open source, self-hosted file sharing solution. Prio ...) - TODO: check + NOT-FOR-US: PsiTransfer CVE-2024-31370 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31369 (Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31368 (Missing Authorization vulnerability in PenciDesign Soledad.This issue ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31367 (Missing Authorization vulnerability in PenciDesign Soledad.This issue ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30706 (An issue was discovered in ROS2 Dashing Diademata versions ROS_VERSION ...) TODO: check CVE-2024-30704 (An insecure deserialization vulnerability has been identified in ROS2 ...) @@ -87,59 +87,59 @@ CVE-2024-30703 (An arbitrary file upload vulnerability has been discovered in RO CVE-2024-30702 (An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 a ...) TODO: check CVE-2024-30262 (Contao is an open source content management system. Prior to version 4 ...) - TODO: check + NOT-FOR-US: Contao CMS CVE-2024-30191 (A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-30190 (A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-30189 (A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-2974 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2957 (The Simple Ajax Chat \u2013 Add a Fast, Secure Chat Box plugin for Wor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2946 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2918 (Improper input validation in PAM JIT elevation feature in Devolutions ...) - TODO: check + NOT-FOR-US: Devolutions CVE-2024-2871 (The Media Library Assistant plugin for WordPress is vulnerable to SQL ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2866 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2847 (The WordPress File Upload plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2845 (The BetterDocs \u2013 Best Documentation, FAQ & Knowledge Base Plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2804 (The
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bfc82b07 by Salvatore Bonaccorso at 2024-04-09T22:45:39+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,27 +1,27 @@ CVE-2024-3545 (Improper permission handling in the vault offline cache feature in Dev ...) - TODO: check + NOT-FOR-US: Devolutions CVE-2024-3514 (The Responsive Tabs plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3512 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3446 (A double free vulnerability was found in QEMU virtio devices (virtio-g ...) TODO: check CVE-2024-3281 (A vulnerability was discovered in the firmware builds after 8.0.2.3267 ...) - TODO: check + NOT-FOR-US: HP CVE-2024-3267 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3266 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3244 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3214 (The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerab ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3213 (The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerab ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3208 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3167 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3136 (The MasterStudy LMS plugin for WordPress is vulnerable to Local File I ...) TODO: check CVE-2024-3097 (The WordPress Gallery Plugin \u2013 NextGEN Gallery plugin for WordPre ...) @@ -35,7 +35,7 @@ CVE-2024-3053 (The Forminator \u2013 Contact Form, Payment Form & Custom Form Bu CVE-2024-3046 (In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4 ...) TODO: check CVE-2024-31978 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-31868 (Improper Encoding or Escaping of Output vulnerability in Apache Zeppel ...) NOT-FOR-US: Apache Zeppelin CVE-2024-31867 (Improper Input Validation vulnerability in Apache Zeppelin. The attac ...) @@ -51,15 +51,15 @@ CVE-2024-31863 (Authentication Bypass by Spoofing vulnerability by replacing to CVE-2024-31862 (Improper Input Validation vulnerability in Apache Zeppelin when creati ...) NOT-FOR-US: Apache Zeppelin CVE-2024-31860 (Improper Input Validation vulnerability in Apache Zeppelin. By adding ...) - TODO: check + NOT-FOR-US: Apache Zeppelin CVE-2024-31544 (A stored cross-site scripting (XSS) vulnerability in Computer Laborato ...) - TODO: check + NOT-FOR-US: Computer Laboratory Management System CVE-2024-31507 (Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL ...) - TODO: check + NOT-FOR-US: Sourcecodester Online Graduate Tracer System CVE-2024-31506 (Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL ...) - TODO: check + NOT-FOR-US: Sourcecodester Online Graduate Tracer System CVE-2024-31487 (A improper limitation of a pathname to a restricted directory ('path t ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2024-31457 (gin-vue-admin is a backstage management system based on vue and gin, w ...) TODO: check CVE-2024-31455 (Minder by Stacklok is an open source software supply chain security pl ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfc82b0768a3df74943cce529c9f5d35fb6a7823 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfc82b0768a3df74943cce529c9f5d35fb6a7823 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 96765a2a by Salvatore Bonaccorso at 2024-04-09T22:17:24+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -45,11 +45,11 @@ CVE-2024-31866 (Improper Encoding or Escaping of Output vulnerability in Apache CVE-2024-31865 (Improper Input Validation vulnerability in Apache Zeppelin. The attac ...) NOT-FOR-US: Apache Zeppelin CVE-2024-31864 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) - TODO: check + NOT-FOR-US: Apache Zeppelin CVE-2024-31863 (Authentication Bypass by Spoofing vulnerability by replacing to exsiti ...) - TODO: check + NOT-FOR-US: Apache Zeppelin CVE-2024-31862 (Improper Input Validation vulnerability in Apache Zeppelin when creati ...) - TODO: check + NOT-FOR-US: Apache Zeppelin CVE-2024-31860 (Improper Input Validation vulnerability in Apache Zeppelin. By adding ...) TODO: check CVE-2024-31544 (A stored cross-site scripting (XSS) vulnerability in Computer Laborato ...) @@ -219364,7 +219364,7 @@ CVE-2021-28657 (A carefully crafted or corrupt file may trigger an infinite loop [buster] - tika (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/03/30/3 CVE-2021-28656 (Cross-Site Request Forgery (CSRF) vulnerability in Credential page of ...) - TODO: check + NOT-FOR-US: Apache Zeppelin CVE-2021-28655 (The improper Input Validation vulnerability in "\u201dMove folder to T ...) NOT-FOR-US: Apache Zeppelin CVE-2021-28654 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96765a2a7d40a546001c891010a7d0d44a82d32e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96765a2a7d40a546001c891010a7d0d44a82d32e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 198b766d by Salvatore Bonaccorso at 2024-04-09T14:01:13+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2024-3466 (A vulnerability was found in SourceCodester Laundry Management System ...) - TODO: check + NOT-FOR-US: SourceCodester Laundry Management System CVE-2024-3465 (A vulnerability was found in SourceCodester Laundry Management System ...) - TODO: check + NOT-FOR-US: SourceCodester Laundry Management System CVE-2024-31366 (Missing Authorization vulnerability in Themify Post Type Builder (PTB) ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31365 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31047 (An issue in Academy Software Foundation openexr v.3.2.3 and before all ...) TODO: check CVE-2024-30701 (An insecure logging vulnerability in ROS2 Galactic Geochelone ROS_VERS ...) @@ -47,25 +47,25 @@ CVE-2024-30678 (An issue has been discovered in ROS2 Iron Irwini ROS_VERSION 2 a CVE-2024-30676 (A Denial-of-Service (DoS) vulnerability exists in ROS2 Iron Irwini ver ...) TODO: check CVE-2024-30218 (The ABAP Application Server of SAP NetWeaver as well as ABAP Platforma ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-30217 (Cash Management in SAP S/4 HANA does not perform necessary authorizati ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-30216 (Cash Management in SAP S/4 HANA does not perform necessary authorizati ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-30215 (The Resource Settings page allows a high privilege attacker to load ex ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-30214 (The application allows a high privilege attacker to append a malicious ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-2975 (A race condition was identified through which privilege escalation was ...) TODO: check CVE-2024-28167 (SAP Group Reporting Data Collectiondoes not perform necessary authoriz ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-27901 (SAP Asset Accounting could allow a high privileged attacker to exploit ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-27899 (Self-Registrationand Modify your own profile in User Admin Application ...) TODO: check CVE-2024-27898 (SAP NetWeaver application, due to insufficient input validation, allow ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-27632 (An issue in GNU Savane v.3.12 and before allows a remote attacker to e ...) TODO: check CVE-2024-27631 (Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and befo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/198b766d7f2e8db484c52216f92723d729b122b1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/198b766d7f2e8db484c52216f92723d729b122b1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 831fa063 by Salvatore Bonaccorso at 2024-04-08T22:33:11+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,7 +13,7 @@ CVE-2024-3455 (A vulnerability was found in Netentsec NS-ASG Application Securit CVE-2024-3445 (A vulnerability was found in SourceCodester Laundry Management System ...) NOT-FOR-US: SourceCodester Laundry Management System CVE-2024-3444 (A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It ...) - TODO: check + NOT-FOR-US: Wangshen SecGate 3600 CVE-2024-3443 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2024-3442 (A vulnerability classified as critical has been found in SourceCodeste ...) @@ -67,7 +67,7 @@ CVE-2024-31205 (Saleor is an e-commerce platform. Starting in version 3.10.0 and CVE-2024-30269 (DataEase, an open source data visualization and analysis tool, has a d ...) NOT-FOR-US: DataEase CVE-2024-2834 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified ...) - TODO: check + NOT-FOR-US: OpenText CVE-2024-28732 (An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu ver ...) NOT-FOR-US: Faucet SDN Ryu CVE-2024-28270 (An issue discovered in web-flash v3.0 allows attackers to reset passwo ...) @@ -87,69 +87,69 @@ CVE-2024-26574 (Insecure Permissions vulnerability in Wondershare Filmora v.13.0 CVE-2024-24279 (An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint ...) TODO: check CVE-2024-23192 (RSS feeds that contain malicious data- attributes could be abused to i ...) - TODO: check + NOT-FOR-US: Open-Xchange CVE-2024-23191 (Upsell advertisement information of an account can be manipulated to e ...) - TODO: check + NOT-FOR-US: Open-Xchange CVE-2024-23190 (Upsell shop information of an account can be manipulated to execute sc ...) - TODO: check + NOT-FOR-US: Open-Xchange CVE-2024-23189 (Embedded content references at tasks could be used to temporarily exec ...) - TODO: check + NOT-FOR-US: Open-Xchange CVE-2024-23086 (Apfloat v1.10.1 was discovered to contain a stack overflow via the com ...) - TODO: check + NOT-FOR-US: Apfloat CVE-2024-23085 (Apfloat v1.10.1 was discovered to contain a NullPointerException via t ...) - TODO: check + NOT-FOR-US: Apfloat CVE-2024-23082 (ThreeTen Backport v1.6.8 was discovered to contain an integer overflow ...) - TODO: check + NOT-FOR-US: ThreeTen Backport CVE-2024-23078 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...) - TODO: check + NOT-FOR-US: JGraphT Core CVE-2023-7164 (The BackWPup WordPress plugin before 4.0.4 does not prevent visitors f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52554 (Permission control vulnerability in the Bluetooth module. Impact: Succ ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52553 (Race condition vulnerability in the Wi-Fi module. Impact: Successful e ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52552 (Input verification vulnerability in the power module. Impact: Successf ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52551 (Vulnerability of data verification errors in the kernel module. Impact ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52550 (Vulnerability of data verification errors in the kernel module. Impact ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52549 (Vulnerability of data verification errors in the kernel module. Impact ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52546 (Vulnerability of package name verification being bypassed in the Calen ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52545 (Vulnerability of undefined permissions in the Calendar app. Impact: Su ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52544 (Vulnerability of file path verification being bypassed in the email mo ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52543 (Permission verification vulnerability in the system module. Impact: Su ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52542 (Permission verification vulnerability in the system module. Impact: Su ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52541 (Authentication vulnerability in the API for app pre-loading. Impact: S ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52540 (Vulnerability of improper authentication in the Iaware module. Impact: ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52539 (Permission verification
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ee6cdf4b by Salvatore Bonaccorso at 2024-04-08T22:20:49+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,89 +1,89 @@ CVE-2024-3464 (A vulnerability was found in SourceCodester Laundry Management System ...) - TODO: check + NOT-FOR-US: SourceCodester Laundry Management System CVE-2024-3463 (A vulnerability has been found in SourceCodester Laundry Management Sy ...) - TODO: check + NOT-FOR-US: SourceCodester Laundry Management System CVE-2024-3458 (A vulnerability classified as critical was found in Netentsec NS-ASG A ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-3457 (A vulnerability classified as critical has been found in Netentsec NS- ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-3456 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-3455 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-3445 (A vulnerability was found in SourceCodester Laundry Management System ...) - TODO: check + NOT-FOR-US: SourceCodester Laundry Management System CVE-2024-3444 (A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It ...) TODO: check CVE-2024-3443 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester Prison Management System CVE-2024-3442 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Prison Management System CVE-2024-3441 (A vulnerability was found in SourceCodester Prison Management System 1 ...) - TODO: check + NOT-FOR-US: SourceCodester Prison Management System CVE-2024-3440 (A vulnerability was found in SourceCodester Prison Management System 1 ...) - TODO: check + NOT-FOR-US: SourceCodester Prison Management System CVE-2024-3439 (A vulnerability was found in SourceCodester Prison Management System 1 ...) - TODO: check + NOT-FOR-US: SourceCodester Prison Management System CVE-2024-3438 (A vulnerability was found in SourceCodester Prison Management System 1 ...) - TODO: check + NOT-FOR-US: SourceCodester Prison Management System CVE-2024-31817 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensi ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-31816 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensi ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-31815 (In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the c ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-31814 (TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-31813 (TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authenticati ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-31812 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensi ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-31811 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-31809 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-31808 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-31807 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-31806 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Deni ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-31805 (TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Te ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-31447 (Shopware 6 is an open commerce platform based on Symfony Framework and ...) - TODO: check + NOT-FOR-US: Shopware CVE-2024-31442 (Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In al ...) - TODO: check + NOT-FOR-US: Redon Hub CVE-2024-31375 (Missing Authorization vulnerability in Saleswonder.Biz Team WP2LEADS.T ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31357 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) -
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3931b1ae by Salvatore Bonaccorso at 2024-04-08T20:53:18+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -454,7 +454,7 @@ CVE-2023-5692 (WordPress Core is vulnerable to Sensitive Information Exposure in CVE-2023-49965 (SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ...) NOT-FOR-US: SpaceX Starlink Wi-Fi router CVE-2023-48426 (u-boot bug that allows for u-boot shell and interrupt over UART) - TODO: check + NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in Debian) CVE-2024-27437 (In the Linux kernel, the following vulnerability has been resolved: v ...) - linux NOTE: https://git.kernel.org/linus/fe9a7082684eb059b925c535682e68c34d487d43 (6.9-rc1) @@ -27635,7 +27635,7 @@ CVE-2023-6657 (A vulnerability classified as critical has been found in SourceCo CVE-2023-6656 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceL ...) NOT-FOR-US: DeepFaceLab CVE-2023-6181 (An oversight in BCB handling of reboot reason that allows for persiste ...) - NOT-FOR-US: Android + NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in Debian) CVE-2023-5500 (This vulnerability allows an remote attacker with low privileges to mi ...) NOT-FOR-US: Frauscher Sensortechnik products CVE-2023-50465 (A stored cross-site scripting (XSS) vulnerability exists in Monica (ak ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3931b1aede3db5c81e70b3fa87e64cb833bc3ff6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3931b1aede3db5c81e70b3fa87e64cb833bc3ff6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 31fecd10 by Salvatore Bonaccorso at 2024-04-08T09:54:51+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -67,25 +67,25 @@ CVE-2024-31234 (Improper Neutralization of Special Elements used in an SQL Comma CVE-2024-31233 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30418 (Vulnerability of insufficient permission verification in the app manag ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-30417 (Path traversal vulnerability in the Bluetooth-based sharing module. Im ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-30416 (Use After Free (UAF) vulnerability in the underlying driver module. Im ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-22155 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooComme ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52717 (Permission verification vulnerability in the lock screen module. Impac ...) TODO: check CVE-2023-52716 (Vulnerability of starting activities in the background in the Activity ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52715 (The SystemUI module has a vulnerability in permission management. Impa ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52714 (Vulnerability of defects introduced in the design process in the hwnff ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52713 (Vulnerability of improper permission control in the window management ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52382 (Vulnerability of improper control over foreground service notification ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-4438 (A vulnerability, which was classified as critical, has been found in k ...) TODO: check CVE-2024-3417 (A vulnerability, which was classified as critical, has been found in S ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31fecd1032566f26ac5195dc8f4c2b29ab82d303 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31fecd1032566f26ac5195dc8f4c2b29ab82d303 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1fec508e by Salvatore Bonaccorso at 2024-04-08T08:59:24+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -51,21 +51,21 @@ CVE-2024-31277 (Deserialization of Untrusted Data vulnerability in PickPlugins P CVE-2024-31260 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-31258 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31257 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31256 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31255 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31241 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31236 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31234 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31233 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30418 (Vulnerability of insufficient permission verification in the app manag ...) TODO: check CVE-2024-30417 (Path traversal vulnerability in the Bluetooth-based sharing module. Im ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fec508ec810cd23e93366164a10b7bea46b3bce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fec508ec810cd23e93366164a10b7bea46b3bce You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8dbc9635 by Salvatore Bonaccorso at 2024-04-08T08:13:30+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,55 +1,55 @@ CVE-2024-3428 (A vulnerability has been found in SourceCodester Online Courseware 1.0 ...) - TODO: check + NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3427 (A vulnerability, which was classified as problematic, was found in Sou ...) - TODO: check + NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3426 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3425 (A vulnerability classified as critical was found in SourceCodester Onl ...) - TODO: check + NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3424 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3423 (A vulnerability was found in SourceCodester Online Courseware 1.0. It ...) - TODO: check + NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3422 (A vulnerability was found in SourceCodester Online Courseware 1.0. It ...) - TODO: check + NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3421 (A vulnerability was found in SourceCodester Online Courseware 1.0. It ...) - TODO: check + NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3420 (A vulnerability was found in SourceCodester Online Courseware 1.0 and ...) - TODO: check + NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3419 (A vulnerability has been found in SourceCodester Online Courseware 1.0 ...) - TODO: check + NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3418 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Online Courseware CVE-2024-31349 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31348 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31346 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31345 (Unrestricted Upload of File with Dangerous Type vulnerability in Sukhc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31344 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31308 (Deserialization of Untrusted Data vulnerability in VJInfotech WP Impor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31306 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31296 (Authorization Bypass Through User-Controlled Key vulnerability in Repu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31292 (Unrestricted Upload of File with Dangerous Type vulnerability in Moove ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31291 (Authorization Bypass Through User-Controlled Key vulnerability in Meta ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31288 (Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31286 (Unrestricted Upload of File with Dangerous Type vulnerability in J.N. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31280 (Unrestricted Upload of File with Dangerous Type vulnerability in Andy ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31277 (Deserialization of Untrusted Data vulnerability in PickPlugins Product ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31260 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31258 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) TODO: check CVE-2024-31257 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dbc9635a84dd8b079c2f3ede7e601eb9b063b82 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dbc9635a84dd8b079c2f3ede7e601eb9b063b82 You're receiving this email because of your account on salsa.debian.org.
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dc2f1187 by Salvatore Bonaccorso at 2024-04-07T07:02:50+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,33 +1,33 @@ CVE-2024-3413 (A vulnerability has been found in SourceCodester Human Resource Inform ...) - TODO: check + NOT-FOR-US: SourceCodester Human Resource Information System CVE-2024-3378 (A vulnerability has been found in iboss Secure Web Gateway up to 10.1 ...) - TODO: check + NOT-FOR-US: iboss Secure Web Gateway CVE-2024-3377 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3376 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3369 (A vulnerability, which was classified as critical, has been found in c ...) - TODO: check + NOT-FOR-US: code-projects Car Rental CVE-2024-3366 (A vulnerability classified as problematic was found in Xuxueli xxl-job ...) - TODO: check + NOT-FOR-US: XXL-Job CVE-2024-3365 (A vulnerability was found in SourceCodester Online Library System 1.0. ...) - TODO: check + NOT-FOR-US: SourceCodester Online Library System CVE-2024-3364 (A vulnerability was found in SourceCodester Online Library System 1.0. ...) - TODO: check + NOT-FOR-US: SourceCodester Online Library System CVE-2024-3363 (A vulnerability was found in SourceCodester Online Library System 1.0. ...) - TODO: check + NOT-FOR-US: SourceCodester Online Library System CVE-2024-2296 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2132 (The Ultimate Bootstrap Elements for Elementor plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28741 (Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 a ...) - TODO: check + NOT-FOR-US: EginDemirbilek NorthStar CVE-2024-27620 (An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to o ...) - TODO: check + NOT-FOR-US: Ladder CVE-2024-25029 (IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows s ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22328 (IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attack ...) - TODO: check + NOT-FOR-US: IBM CVE-2024- [RUSTSEC-2024-0332: Degradation of service in h2 servers with CONTINUATION Flood] - rust-h2 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0332.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc2f11876cb27f7bcfa76ee8591b57a5f6369865 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc2f11876cb27f7bcfa76ee8591b57a5f6369865 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d688b6b by Salvatore Bonaccorso at 2024-04-06T21:35:02+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -164,13 +164,13 @@ CVE-2024-27232 (In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB CVE-2024-27231 (In tmu_get_tr_stats of tmu.c, there is a possible out of bounds read d ...) NOT-FOR-US: Android CVE-2024-22004 (Due to length check, an attacker with privilege access on a Linux Nons ...) - TODO: check + NOT-FOR-US: Google Nest CVE-2024-21848 (Improper Access Control in Mattermost Server versions 8.1.x before 8.1 ...) - mattermost-server (bug #823556) CVE-2024-0081 (NVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr ...) - TODO: check + NOT-FOR-US: NVIDIA NeMo framework CVE-2024-0080 (NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability w ...) - TODO: check + NOT-FOR-US: NVIDIA nvTIFF Library CVE-2024-0076 (NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuob ...) - nvidia-cuda-toolkit NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5517 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d688b6bc6729dda730140623e4ecbd3fc458eb6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d688b6bc6729dda730140623e4ecbd3fc458eb6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bc86cacd by Salvatore Bonaccorso at 2024-04-06T10:27:03+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,63 +1,63 @@ CVE-2024-3362 (A vulnerability was found in SourceCodester Online Library System 1.0 ...) - TODO: check + NOT-FOR-US: SourceCodester Online Library System CVE-2024-3361 (A vulnerability has been found in SourceCodester Online Library System ...) - TODO: check + NOT-FOR-US: SourceCodester Online Library System CVE-2024-3360 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Online Library System CVE-2024-3359 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Online Library System CVE-2024-3358 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3357 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3356 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3355 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3245 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3216 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30977 (An issue in Secnet Security Network Intelligent AC Management System v ...) - TODO: check + NOT-FOR-US: Secnet Security Network Intelligent AC Management System CVE-2024-2950 (The BoldGrid Easy SEO \u2013 Simple and Effective SEO plugin for WordP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2949 (The Carousel, Slider, Gallery by WP Carousel \u2013 Image Carousel & P ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2656 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2471 (The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2458 (The Powerkit \u2013 Supercharge your WordPress Site plugin for WordPre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2444 (The Inline Related Posts WordPress plugin before 3.5.0 does not saniti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27912 (A denial of service vulnerability was reported in some Lenovo Printers ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2024-27911 (A vulnerability was reported in some Lenovo Printers that could allow ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2024-27910 (A vulnerability was reported in some Lenovo Printers that could allow ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2024-27909 (A denial of service vulnerability was reported in the HTTPS service of ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2024-27908 (A buffer overflow vulnerability was reported in the HTTPS service of s ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2024-23592 (An authentication bypass vulnerability was reported in Lenovo devices ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2024-21506 (Versions of the package pymongo before 4.6.3 are vulnerable to Out-of- ...) TODO: check CVE-2024-1994 (The Image Watermark plugin for WordPress is vulnerable to unauthorized ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1428 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1385 (The WP-Stateless \u2013 Google Cloud Storage plugin for WordPress is v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0837 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5912 (A potential memory leakage vulnerability was reported in some Lenovo N ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2023-4605 (A valid authenticated Lenovo XClarity Administrator (LXCA) user can po ...) -
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d8b7f0e3 by Salvatore Bonaccorso at 2024-04-05T22:33:24+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,21 +1,21 @@ CVE-2024-3354 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3353 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3352 (A vulnerability has been found in SourceCodester Aplaya Beach Resort O ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3351 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3350 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3349 (A vulnerability classified as critical was found in SourceCodester Apl ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3348 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3347 (A vulnerability was found in SourceCodester Airline Ticket Reservation ...) - TODO: check + NOT-FOR-US: SourceCodester Airline Ticket Reservation System CVE-2024-3346 (A vulnerability was found in Byzro Smart S80 up to 20240328. It has be ...) - TODO: check + NOT-FOR-US: Byzro Smart S80 CVE-2024-31852 (LLVM before 18.1.3 generates code in which the LR register can be over ...) TODO: check CVE-2024-31851 (A path traversal vulnerability exists in the Java version of CData Syn ...) @@ -27,13 +27,13 @@ CVE-2024-31849 (A path traversal vulnerability exists in the Java version of CDa CVE-2024-31848 (A path traversal vulnerability exists in the Java version of CData API ...) TODO: check CVE-2024-31220 (Sunshine is a self-hosted game stream host for Moonlight. Starting in ...) - TODO: check + NOT-FOR-US: Sunshine CVE-2024-31218 (Webhood is a self-hosted URL scanner used analyzing phishing and malic ...) - TODO: check + NOT-FOR-US: Webhood CVE-2024-31213 (InstantCMS is a free and open source content management system. An ope ...) - TODO: check + NOT-FOR-US: InstantCMS CVE-2024-2499 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vul ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2447 (Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x bef ...) TODO: check CVE-2024-2380 (Stored XSS in graph rendering in Checkmk <2.3.0b4.) @@ -45,59 +45,59 @@ CVE-2024-2312 (GRUB2 does not call the module fini functions on exit, leading to [buster] - grub2 (Vulnerable code not present) NOTE: https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127 CVE-2024-29783 (In tmu_get_tr_thresholds, there is a possible out of bounds read due t ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29782 (In tmu_get_tr_num_thresholds of tmu.c, there is a possible out of boun ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29757 (there is a possible permission bypass due to Debug certs being allowli ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29756 (In afe_callback of q6afe.c, there is a possible out of bounds write du ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29755 (In tmu_get_pi of tmu.c, there is a possible out of bounds read due to ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29754 (In TMU_IPC_GET_TABLE, there is a possible out of bounds read due to a ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29753 (In tmu_set_control_temp_step of tmu.c, there is a possible out of boun ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29752 (In tmu_set_tr_num_thresholds of tmu.c, there is a possible out of boun ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29751 (In asn1_ec_pkey_parse_p384 of asn1_common.c, there is a possible OOB R ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29750 (In km_exp_did_inner of kmv.c, there is a possible out of bounds read d ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29749 (In tmu_set_tr_thresholds of tmu.c, there is a possible out of bounds w ...) - TODO:
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 791f5b34 by Salvatore Bonaccorso at 2024-04-05T10:35:25+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,21 +1,21 @@ CVE-2024-3321 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester eLearning System CVE-2024-3320 (A vulnerability was found in SourceCodester eLearning System 1.0. It h ...) - TODO: check + NOT-FOR-US: SourceCodester eLearning System CVE-2024-3316 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3315 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3314 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3311 (A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been de ...) - TODO: check + NOT-FOR-US: Dreamer CMS CVE-2024-3217 (The WP Directory Kit plugin for WordPress is vulnerable to SQL Injecti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31498 (ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge ...) TODO: check CVE-2024-31212 (InstantCMS is a free and open source content management system. A SQL ...) - TODO: check + NOT-FOR-US: InstantCMS CVE-2024-31211 (WordPress is an open publishing platform for the Web. Unserialization ...) TODO: check CVE-2024-31210 (WordPress is an open publishing platform for the Web. It's possible fo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/791f5b34beb6394e1acae038cb4fa149e266039a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/791f5b34beb6394e1acae038cb4fa149e266039a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 30464fce by Salvatore Bonaccorso at 2024-04-04T22:38:30+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2024-3299 (Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free ...) - TODO: check + NOT-FOR-US: Solidworks CVE-2024-3298 (Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the fi ...) - TODO: check + NOT-FOR-US: Solidworks CVE-2024-3262 (Information exposure vulnerability in RT software affecting version 4. ...) TODO: check CVE-2024-3250 (It was discovered that Pebble's read-file API and the associated pebbl ...) @@ -9,17 +9,17 @@ CVE-2024-3250 (It was discovered that Pebble's read-file API and the associated CVE-2024-3116 (pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerabi ...) TODO: check CVE-2024-31215 (Mobile Security Framework (MobSF) is a security research platform for ...) - TODO: check + NOT-FOR-US: Mobile Security Framework (MobSF) CVE-2024-31209 (oidcc is the OpenID Connect client library for Erlang. Denial of Servi ...) TODO: check CVE-2024-31207 (Vite (French word for "quick", pronounced /vit/, like "veet") is a fro ...) TODO: check CVE-2024-30565 (An issue was discovered in SeaCMS version 12.9, allows remote attacker ...) - TODO: check + NOT-FOR-US: SeaCMS CVE-2024-30266 (wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime ...) - TODO: check + NOT-FOR-US: wasmtime CVE-2024-30263 (macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. ...) - TODO: check + NOT-FOR-US: PDF Viewer Macro for XWiki CVE-2024-30261 (Undici is an HTTP/1.1 client, written from scratch for Node.js. An att ...) TODO: check CVE-2024-30260 (Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30464fce7877ba10cdf1f4b2f477f89d6e30e611 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30464fce7877ba10cdf1f4b2f477f89d6e30e611 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0736fae2 by Salvatore Bonaccorso at 2024-04-04T11:16:39+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2024-3274 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Li ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-3273 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-3272 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-3270 (A vulnerability classified as problematic was found in ThingsBoard up ...) - TODO: check + NOT-FOR-US: ThingsBoard CVE-2024-3030 (The Announce from the Dashboard plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3022 (The BookingPress plugin for WordPress is vulnerable to arbitrary file ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31025 (SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain ...) - TODO: check + NOT-FOR-US: ECshop CVE-2024-30265 (Collabora Online is a collaborative online office suite based on Libre ...) - TODO: check + NOT-FOR-US: Collabora Online CVE-2024-2919 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) TODO: check CVE-2024-2868 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) @@ -99,7 +99,7 @@ CVE-2024-3178 (Concrete CMS versions 9 below 9.2.8 and versions below8.5.16 are CVE-2024-31420 (A NULL pointer dereference flaw was found in KubeVirt. This flaw allow ...) TODO: check CVE-2024-31419 (An information disclosure flaw was found in OpenShift Virtualization. ...) - TODO: check + NOT-FOR-US: Red Hat OpenShift Virtualization CVE-2024-31393 (Dragging Javascript URLs to the address bar could cause them to be loa ...) TODO: check CVE-2024-31392 (If an insecure element was added to a page after a delay, Firefox woul ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0736fae2b49b9737bdbebf464b1c7d0b2dbdb943 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0736fae2b49b9737bdbebf464b1c7d0b2dbdb943 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 536cec60 by Salvatore Bonaccorso at 2024-04-03T23:05:24+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,13 +17,13 @@ CVE-2024-3252 (A vulnerability classified as critical has been found in SourceCo CVE-2024-3251 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3181 (Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8 ...) - TODO: check + NOT-FOR-US: Concrete CMS CVE-2024-3180 (Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 ...) - TODO: check + NOT-FOR-US: Concrete CMS CVE-2024-3179 (Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.1 ...) - TODO: check + NOT-FOR-US: Concrete CMS CVE-2024-3178 (Concrete CMS versions 9 below 9.2.8 and versions below8.5.16 are vulne ...) - TODO: check + NOT-FOR-US: Concrete CMS CVE-2024-31420 (A NULL pointer dereference flaw was found in KubeVirt. This flaw allow ...) TODO: check CVE-2024-31419 (An information disclosure flaw was found in OpenShift Virtualization. ...) @@ -33,51 +33,51 @@ CVE-2024-31393 (Dragging Javascript URLs to the address bar could cause them to CVE-2024-31392 (If an insecure element was added to a page after a delay, Firefox woul ...) TODO: check CVE-2024-31390 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31380 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30572 (Netgear R6850 1.1.0.88 was discovered to contain a command injection v ...) - TODO: check + NOT-FOR-US: Netgear CVE-2024-30571 (An information leak in the BRS_top.html component of Netgear R6850 v1. ...) - TODO: check + NOT-FOR-US: Netgear CVE-2024-30570 (An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows ...) - TODO: check + NOT-FOR-US: Netgear CVE-2024-30569 (An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 a ...) - TODO: check + NOT-FOR-US: Netgear CVE-2024-30568 (Netgear R6850 1.1.0.88 was discovered to contain a command injection v ...) - TODO: check + NOT-FOR-US: Netgear CVE-2024-30366 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30334 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30333 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30332 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30331 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30330 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30329 (Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vuln ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30328 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30327 (Foxit PDF Reader template Use-After-Free Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30326 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30325 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30324 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30323 (Foxit PDF Reader template Out-Of-Bounds Read Remote Code Execution Vul ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30322 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-2758 (Tempesta FW rate limits are not enabled by default. They are either se ...) - TODO: check + NOT-FOR-US: Tempesta FW CVE-2024-2753 (Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5 ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9013f2dd by Salvatore Bonaccorso at 2024-04-03T22:54:55+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,21 +1,21 @@ CVE-2024-3259 (A vulnerability was found in SourceCodester Internship Portal Manageme ...) - TODO: check + NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3258 (A vulnerability was found in SourceCodester Internship Portal Manageme ...) - TODO: check + NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3257 (A vulnerability was found in SourceCodester Internship Portal Manageme ...) - TODO: check + NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3256 (A vulnerability has been found in SourceCodester Internship Portal Man ...) - TODO: check + NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3255 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3254 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3253 (A vulnerability classified as critical was found in SourceCodester Int ...) - TODO: check + NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3252 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3251 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3181 (Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8 ...) TODO: check CVE-2024-3180 (Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9013f2dd7d293d61dae266ad18fb592c65499196 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9013f2dd7d293d61dae266ad18fb592c65499196 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a05de6d0 by Salvatore Bonaccorso at 2024-04-03T22:32:15+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -83,7 +83,7 @@ CVE-2024-2653 (amphp/http will collect CONTINUATION frames in an unbounded buffe CVE-2024-29477 (Lack of sanitization during Installation Process in Dolibarr ERP CRM u ...) TODO: check CVE-2024-28782 (IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pa ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-28275 (Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovere ...) TODO: check CVE-2024-27972 (Improper Neutralization of Special Elements used in a Command ('Comman ...) @@ -119,7 +119,7 @@ CVE-2024-27336 (Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information CVE-2024-27335 (Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execut ...) TODO: check CVE-2024-27254 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-27201 (An improper input validation vulnerability exists in the OAS Engine Us ...) TODO: check CVE-2024-27191 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) @@ -131,9 +131,9 @@ CVE-2024-25918 (Unrestricted Upload of File with Dangerous Type vulnerability in CVE-2024-25096 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) TODO: check CVE-2024-25046 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-25030 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-24976 (A denial of service vulnerability exists in the OAS Engine File Data S ...) TODO: check CVE-2024-24707 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) @@ -141,7 +141,7 @@ CVE-2024-24707 (Improper Control of Generation of Code ('Code Injection') vulner CVE-2024-23540 (The HCL BigFix Inventory server is vulnerable to path traversal which ...) TODO: check CVE-2024-22360 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22178 (A file write vulnerability exists in the OAS Engine Save Security Conf ...) TODO: check CVE-2024-21870 (A file write vulnerability exists in the OAS Engine Tags Configuration ...) @@ -183,7 +183,7 @@ CVE-2024-0172 (Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a CVE-2023-5755 REJECTED CVE-2023-52296 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-45552 (In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulner ...) TODO: check CVE-2023-44040 (In VeridiumID before 3.5.0, the identity provider page is susceptible ...) @@ -193,7 +193,7 @@ CVE-2023-44039 (In VeridiumID before 3.5.0, the WebAuthn API allows an internal CVE-2023-44038 (In VeridiumID before 3.5.0, the identity provider page allows an unaut ...) TODO: check CVE-2023-38729 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)10.5, ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-35812 (An issue was discovered in the Amazon Linux packages of OpenSSH 7.4 fo ...) TODO: check CVE-2024-26779 (In the Linux kernel, the following vulnerability has been resolved: w ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a05de6d0f16446ec6ba3a32c719227a15f224aa0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a05de6d0f16446ec6ba3a32c719227a15f224aa0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f4b16bb by Salvatore Bonaccorso at 2024-04-03T10:46:56+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,25 +3,25 @@ CVE-2024-3248 (In Xpdf 4.05 (and earlier), a PDF object loop in the attachments CVE-2024-3247 (In Xpdf 4.05 (and earlier), a PDF object loop in an object stream lead ...) TODO: check CVE-2024-3227 (A vulnerability was found in Panwei eoffice OA up to 9.5. It has been ...) - TODO: check + NOT-FOR-US: Panwei eoffice OA CVE-2024-3226 (A vulnerability was found in Campcodes Online Patient Record Managemen ...) - TODO: check + NOT-FOR-US: Campcodes Online Patient Record Management System CVE-2024-3225 (A vulnerability was found in SourceCodester PHP Task Management System ...) - TODO: check + NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-3224 (A vulnerability has been found in SourceCodester PHP Task Management S ...) - TODO: check + NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-3223 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-3222 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-3221 (A vulnerability classified as critical was found in SourceCodester PHP ...) - TODO: check + NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-3218 (A vulnerability classified as critical has been found in Shibang Commu ...) - TODO: check + NOT-FOR-US: Shibang Communications IP Network Intercom Broadcasting System CVE-2024-3209 (A vulnerability was found in UPX up to 4.2.2. It has been rated as cri ...) TODO: check CVE-2024-3207 (A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been ...) - TODO: check + NOT-FOR-US: ermig1979 Simd CVE-2024-3205 (A vulnerability was found in yaml libyaml up to 0.2.5 and classified a ...) TODO: check CVE-2024-3204 (A vulnerability has been found in c-blosc2 up to 2.13.2 and classified ...) @@ -29,89 +29,89 @@ CVE-2024-3204 (A vulnerability has been found in c-blosc2 up to 2.13.2 and class CVE-2024-3203 (A vulnerability, which was classified as critical, was found in c-blos ...) TODO: check CVE-2024-3202 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: codelyfe Stupid Simple CMS CVE-2024-3162 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31013 (Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, all ...) - TODO: check + NOT-FOR-US: emlog CVE-2024-31012 (An issue was discovered in SEMCMS v.4.8, allows remote attackers to ex ...) - TODO: check + NOT-FOR-US: SEMCMS CVE-2024-31011 (Arbitrary file write vulnerability in beescms v.4.0, allows a remote a ...) - TODO: check + NOT-FOR-US: beescms CVE-2024-31010 (SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker ...) - TODO: check + NOT-FOR-US: SEMCMS CVE-2024-31009 (SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker ...) - TODO: check + NOT-FOR-US: SEMCMS CVE-2024-31008 (An issue was discovered in WUZHICMS version 4.1.0, allows an attacker ...) - TODO: check + NOT-FOR-US: WUZHICMS CVE-2024-30998 (SQL Injection vulnerability in PHPGurukul Men Salon Management System ...) - TODO: check + NOT-FOR-US: PHPGurukul Men Salon Management System CVE-2024-30371 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30370 (RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability ...) TODO: check CVE-2024-30367 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30365 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30364 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Discl ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30363 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Discl ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30362 (Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 35640d10 by Salvatore Bonaccorso at 2024-04-02T10:44:12+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -274,7 +274,7 @@ CVE-2024-29435 (An issue discovered in Alldata v0.4.6 allows attacker to run arb CVE-2024-29433 (A deserialization vulnerability in the FASTJSON component of Alldata v ...) TODO: check CVE-2024-28232 (Go package IceWhaleTech/CasaOS-UserService provides user management fu ...) - TODO: check + NOT-FOR-US: IceWhaleTech/CasaOS-UserService CVE-2024-25574 (SQL injection vulnerability exists in GetDIAE_usListParameters.) TODO: check CVE-2024-25080 (WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attac ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35640d10685d59d463dedcba3216c6bdfed676f5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35640d10685d59d463dedcba3216c6bdfed676f5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f52b1ab0 by Salvatore Bonaccorso at 2024-04-02T06:49:43+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,47 +1,47 @@ CVE-2024-3135 (The web server lacked CSRF tokens allowing an attacker to host malicio ...) TODO: check CVE-2024-3131 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3130 (Hard-coded Credentialsin CoolKit eWeLlink app are before 5.4.x on Andr ...) - TODO: check + NOT-FOR-US: CoolKit eWeLlink app CVE-2024-3129 (A vulnerability was found in SourceCodester Image Accordion Gallery Ap ...) - TODO: check + NOT-FOR-US: SourceCodester Image Accordion Gallery App CVE-2024-3128 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) - TODO: check + NOT-FOR-US: Replify-Messenger CVE-2024-3125 (A vulnerability classified as problematic was found in Zebra ZTC GK420 ...) - TODO: check + NOT-FOR-US: Zebra ZTC GK420d CVE-2024-3124 (A vulnerability classified as problematic has been found in fridgecow ...) - TODO: check + NOT-FOR-US: fridgecow smartalarm CVE-2024-31099 (Missing Authorization vulnerability in Averta Shortcodes and extra fea ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30872 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /include/authr ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30871 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/appl ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30870 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/address ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30868 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_get ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30867 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_vi ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30866 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/menu.php.) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30865 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_us ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30864 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30863 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/hist ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30862 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/index.php.) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30861 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configg ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30860 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_ ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30859 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30858 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fi ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-29435 (An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary ...) TODO: check CVE-2024-29433 (A deserialization vulnerability in the FASTJSON component of Alldata v ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f52b1ab0a14d62f90922391d7bc513e31fb6ec58 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f52b1ab0a14d62f90922391d7bc513e31fb6ec58 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7c177721 by Salvatore Bonaccorso at 2024-04-01T21:23:35+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -62,11 +62,11 @@ CVE-2024-20039 (In modem protocol, there is a possible out of bounds write due t CVE-2024-1526 (The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that u ...) NOT-FOR-US: WordPress plugin CVE-2023-51803 (LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons tha ...) - TODO: check + NOT-FOR-US: LinuxServer.io Heimdall CVE-2016-15038 (A vulnerability, which was classified as critical, was found in NUUO N ...) - TODO: check + NOT-FOR-US: NUUO NVRmini CVE-2014-125110 (A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31123 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31122 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c177721c47ef7ba0fd23a07e407b47c1371585b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c177721c47ef7ba0fd23a07e407b47c1371585b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5693d1de by Salvatore Bonaccorso at 2024-04-01T10:43:10+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,51 +1,51 @@ CVE-2024-31033 (JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus ...) TODO: check CVE-2024-2278 (Themify WordPress plugin before 1.4.4 does not sanitise and escape so ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2263 (Themify WordPress plugin before 1.4.4 does not sanitise and escape a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2262 (Themify WordPress plugin before 1.4.4 does not have CSRF check in its ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28895 ('Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' A ...) - TODO: check + NOT-FOR-US: 'Yahoo! JAPAN' App CVE-2024-27609 (Bonita before 2023.2-u2 allows stored XSS via a UI screen in the admin ...) - TODO: check + NOT-FOR-US: Bonita CVE-2024-20055 (In imgsys, there is a possible information disclosure due to a missing ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2024-20054 (In gnss, there is a possible escalation of privilege due to a missing ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2024-20053 (In flashc, there is a possible out of bounds write due to an uncaught ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2024-20052 (In flashc, there is a possible information disclosure due to an uncaug ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2024-20051 (In flashc, there is a possible system crash due to an uncaught excepti ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2024-20050 (In flashc, there is a possible information disclosure due to an uncaug ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2024-20049 (In flashc, there is a possible information disclosure due to an uncaug ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2024-20048 (In flashc, there is a possible information disclosure due to an uncaug ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2024-20047 (In battery, there is a possible out of bounds read due to an integer o ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2024-20046 (In battery, there is a possible escalation of privilege due to an inte ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2024-20045 (In audio, there is a possible out of bounds read due to an incorrect c ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2024-20044 (In da, there is a possible out of bounds write due to a missing bounds ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2024-20043 (In da, there is a possible out of bounds write due to a missing bounds ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2024-20042 (In da, there is a possible out of bounds write due to a missing bounds ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2024-20041 (In da, there is a possible out of bounds read due to a missing bounds ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2024-20040 (In wlan firmware, there is a possible out of bounds write due to impro ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2024-20039 (In modem protocol, there is a possible out of bounds write due to a mi ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2024-1526 (The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that u ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51803 (LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons tha ...) TODO: check CVE-2016-15038 (A vulnerability, which was classified as critical, was found in NUUO N ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5693d1de74b7c6399f1fcd5f36260f85edc8106e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5693d1de74b7c6399f1fcd5f36260f85edc8106e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a1c499ca by Salvatore Bonaccorso at 2024-03-31T22:52:47+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,107 +1,107 @@ CVE-2024-31123 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31122 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31121 (Contributor Cross Site Scripting (XSS) in HeartThis <= 0.1.0 versions.) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31120 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31117 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31116 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31115 (Unrestricted Upload of File with Dangerous Type vulnerability in Quant ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31114 (Unrestricted Upload of File with Dangerous Type vulnerability in biplo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31112 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31110 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31108 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31107 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31106 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31104 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31103 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31101 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31100 (Cross-Site Request Forgery (CSRF) vulnerability in Festi-Team Popup Ca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31097 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31096 (Cross-Site Request Forgery (CSRF) vulnerability in kopatheme Nictitate ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31095 (Authorization Bypass Through User-Controlled Key vulnerability in Rica ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31094 (Deserialization of Untrusted Data vulnerability in Filter Custom Field ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31092 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31091 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31090 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31089 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31087 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31085 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31084 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30561 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30559 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aac9c650 by Salvatore Bonaccorso at 2024-03-31T22:41:57+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -103,13 +103,13 @@ CVE-2024-30523 (Insertion of Sensitive Information into Log File vulnerability i CVE-2024-30489 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) TODO: check CVE-2024-25027 (IBM Security Verify Access 10.0.6 could disclose sensitive snapshot in ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22353 (IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 is ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-50959 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 1 ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-50311 (IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-36828 (A vulnerability was found in DiscuzX up to 3.4-20200818. It has been c ...) TODO: check CVE-2017-20191 (A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1. It has ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac9c650c2a06c4ecb00ce547e5f9f408c21fd18 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac9c650c2a06c4ecb00ce547e5f9f408c21fd18 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7b20882a by Salvatore Bonaccorso at 2024-03-30T21:19:06+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,21 +1,21 @@ CVE-2024-3091 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) - TODO: check + NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3090 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) - TODO: check + NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3089 (A vulnerability has been found in PHPGurukul Emergency Ambulance Hirin ...) - TODO: check + NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3088 (A vulnerability, which was classified as critical, was found in PHPGur ...) - TODO: check + NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3087 (A vulnerability, which was classified as critical, has been found in P ...) - TODO: check + NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3086 (A vulnerability classified as problematic was found in PHPGurukul Emer ...) - TODO: check + NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3085 (A vulnerability classified as critical has been found in PHPGurukul Em ...) - TODO: check + NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3018 (The Essential Addons for Elementor plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2491 (The PowerPack Addons for Elementor plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1522 (I have activated the CORS because I had a development ui that uses ano ...) TODO: check CVE-2024-3084 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b20882aaac2ed5318f674d992bea200bff7b508 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b20882aaac2ed5318f674d992bea200bff7b508 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cd5fee28 by Salvatore Bonaccorso at 2024-03-30T11:18:32+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,35 +1,35 @@ CVE-2024-3084 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) - TODO: check + NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-2948 (The Favorites plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2794 (The Gutenberg Block Editor Toolkit \u2013 EditorsKit plugin for WordPr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2144 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2143 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2142 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2141 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2140 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2086 (The Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Pla ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2047 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29278 (funboot v1.1 is vulnerable to Cross Site Scripting (XSS) via the title ...) TODO: check CVE-2024-28288 (Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when re ...) - TODO: check + NOT-FOR-US: Ruijie RG-NBR700GW router CVE-2024-1692 (The BoldGrid Easy SEO \u2013 Simple and Effective SEO plugin for WordP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1238 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1051 (The List category posts plugin for WordPress is vulnerable to Stored C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0367 (The Unlimited Elements For Elementor plugin for WordPress is vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3081 (A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has be ...) NOT-FOR-US: EasyCorp EasyAdmin CVE-2024-3078 (A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd5fee2856bd315a41267d210d90b00a495a3418 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd5fee2856bd315a41267d210d90b00a495a3418 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ded99e0f by Salvatore Bonaccorso at 2024-03-29T22:51:26+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -201,43 +201,43 @@ CVE-2024-30247 (NextcloudPi is a ready to use image for Virtual Machines, Raspbe CVE-2024-30246 (Tuleap is an Open Source Suite to improve management of software devel ...) NOT-FOR-US: Tuleap CVE-2024-2970 (The News Wall plugin for WordPress is vulnerable to Cross-Site Request ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2969 (The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Reques ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2968 (The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2964 (The Pocket News Generator plugin for WordPress is vulnerable to Cross- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2963 (The Pocket News Generator plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2936 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2848 (The Responsive theme for WordPress is vulnerable to unauthorized modif ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2844 (The Easy Appointments plugin for WordPress is vulnerable to unauthoriz ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2842 (The Easy Appointments plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2841 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2476 (The OceanWP theme for WordPress is vulnerable to unauthorized access o ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2475 (The Media Library Assistant plugin for WordPress is vulnerable to Stor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2411 (The MasterStudy LMS plugin for WordPress is vulnerable to Local File I ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2409 (The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2280 (The Better Elementor Addons plugin for WordPress is vulnerable to Stor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2250 (The 130+ Widgets | Best Addons For Elementor \u2013 FREE plugin for Wo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2116 (The Christmas Greetings plugin for WordPress is vulnerable to Reflecte ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2113 (The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2108 (The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29904 (CodeIgniter is a PHP full-stack web framework A vulnerability was foun ...) - codeigniter (bug #471583) CVE-2024-29901 (The AuthKit library for Next.js provides helpers for authentication an ...) @@ -245,45 +245,45 @@ CVE-2024-29901 (The AuthKit library for Next.js provides helpers for authenticat CVE-2024-29900 (Electron Packager bundles Electron-based application source code with ...) TODO: check CVE-2024-29893 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) - TODO: check + NOT-FOR-US: Argo CD CVE-2024-29890 (DataLens is a business intelligence and data visualization system. A s ...) - TODO: check + NOT-FOR-US: DataLens CVE-2024-29686 (Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1. ...) - TODO: check + NOT-FOR-US: Winter CMS CVE-2024-29667 (SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 ...) - TODO: check + NOT-FOR-US: Tongtianxing CVE-2024-29640 (An issue in aliyundrive-webdav v.2.3.3 and before allows a remote atta ...) TODO: check CVE-2024-29489 (Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:23 ...) TODO: check CVE-2024-29316 (NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-pr ...) - TODO: check + NOT-FOR-US: NodeBB CVE-2024-29202 (JumpServer is an open source bastion host and an operation and mainten ...) - TODO: check + NOT-FOR-US: JumpServer CVE-2024-29201 (JumpServer is an open source bastion host
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 82e47499 by Salvatore Bonaccorso at 2024-03-29T21:43:56+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,205 +1,205 @@ CVE-2024-3081 (A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has be ...) - TODO: check + NOT-FOR-US: EasyCorp EasyAdmin CVE-2024-3078 (A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classi ...) TODO: check CVE-2024-3077 (An malicious BLE device can crash BLE victim device by sending malform ...) - TODO: check + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2024-3061 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31032 (An issue in Huashi Private Cloud CDN Live Streaming Acceleration Serve ...) - TODO: check + NOT-FOR-US: Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport CVE-2024-30645 (Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30639 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the p ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30638 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30637 (Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30636 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30635 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30634 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30633 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30632 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30631 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30630 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30629 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the l ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30628 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the p ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30627 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the d ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30626 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30625 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the e ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30624 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the u ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30623 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the p ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30622 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the m ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30613 (Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30521 (Cross-Site Request Forgery (CSRF) vulnerability in Landingi Landingi L ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30520 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30519 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30518 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30514 (Insertion of Sensitive Information into Log File vulnerability in Paid ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30513 (Authorization Bypass Through User-Controlled Key vulnerability in Meta ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30511 (Insertion of Sensitive Information into Log File vulnerability in Fr\x ...) - TODO: check + NOT-FOR-US:
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: afefaf83 by Salvatore Bonaccorso at 2024-03-29T21:25:51+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -285,11 +285,11 @@ CVE-2024-24407 (SQL Injection vulnerability in Best Courier management system v. CVE-2024-23727 (The YI Smart Kami Vision com.kamivision.yismart application through 1. ...) TODO: check CVE-2024-23539 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Apache Fineract CVE-2024-23538 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Apache Fineract CVE-2024-23537 (Improper Privilege Management vulnerability in Apache Fineract.This is ...) - TODO: check + NOT-FOR-US: Apache Fineract CVE-2024-23449 (An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs wh ...) TODO: check CVE-2024-1872 (The Button plugin for WordPress is vulnerable to PHP Object Injection ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afefaf83e77f2bc9a6640e5f2c8d1ca5f574e891 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afefaf83e77f2bc9a6640e5f2c8d1ca5f574e891 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bd70652f by Salvatore Bonaccorso at 2024-03-29T09:10:50+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -103,7 +103,7 @@ CVE-2024-29897 (CreateWiki is Miraheze's MediaWiki extension for requesting & cr CVE-2024-29896 (Astro-Shield is a library to compute the subresource integrity hashes ...) TODO: check CVE-2024-29882 (SRS is a simple, high-efficiency, real-time video server. SRS's `/api/ ...) - TODO: check + NOT-FOR-US: SRS video server CVE-2024-29200 (Kimai is a web-based multi-user time-tracking application. The permiss ...) NOT-FOR-US: Kimai CVE-2024-28713 (An issue in Mblog Blog system v.3.5.0 allows an attacker to execute ar ...) @@ -295,29 +295,29 @@ CVE-2024-29100 (Unrestricted Upload of File with Dangerous Type vulnerability in CVE-2024-29090 (Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engi ...) NOT-FOR-US: WordPress plugin CVE-2024-28016 (Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28015 (Improper Neutralization of Special Elements used in an OS Command vuln ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28014 (Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1 ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28013 (Use of Insufficiently Random Values vulnerability in NEC Corporation A ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28012 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28011 (Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28010 (Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200H ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28009 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28008 (Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG190 ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28007 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28006 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28005 (Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2 ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28004 (Missing Authorization vulnerability in ExtendThemes Colibri Page Build ...) NOT-FOR-US: WordPress plugin CVE-2024-28003 (Missing Authorization vulnerability in Megamenu Max Mega Menu.This iss ...) @@ -337,7 +337,7 @@ CVE-2024-25599 (Improper Neutralization of Input During Web Page Generation ('Cr CVE-2024-25354 (RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to cra ...) TODO: check CVE-2024-23500 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenbe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-22138 (Insertion of Sensitive Information into Log File vulnerability in Sera ...) NOT-FOR-US: WordPress plugin CVE-2024-1770 (The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object ...) @@ -474,9 +474,9 @@ CVE-2024-29891 (ZITADEL users can upload their own avatar image and various imag CVE-2024-29888 (Saleor is an e-commerce platform that serves high-volume companies. Wh ...) NOT-FOR-US: Saleor CVE-2024-29887 (Serverpod is an app and web server, built for the Flutter and Dart eco ...) - TODO: check + NOT-FOR-US: Serverpod CVE-2024-29886 (Serverpod is an app and web server, built for the Flutter and Dart eco ...) - TODO: check + NOT-FOR-US: Serverpod CVE-2024-29819 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29818 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -590,7 +590,7 @@ CVE-2024-28233 (JupyterHub is an open source multi-user server for Jupyter noteb CVE-2024-27270 (IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is ...) NOT-FOR-US: IBM CVE-2024-27091 (GeoNode is a geospatial content management system, a platform for the ...) - TODO: check + NOT-FOR-US: GeoNode CVE-2024-25962 (Dell InsightIQ, version 5.0, contains an improper access control vulne ...) NOT-FOR-US: Dell CVE-2024-23515 (Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video ...) @@ -638,7 +638,7 @@ CVE-2024-20265 (A vulnerability in the boot
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6aa435c8 by Salvatore Bonaccorso at 2024-03-28T21:36:11+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,91 +1,91 @@ CVE-2024-3042 (A vulnerability was found in SourceCodester Simple Subscription Websit ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Subscription Website CVE-2024-3041 (A vulnerability has been found in Netentsec NS-ASG Application Securit ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-3040 (A vulnerability, which was classified as critical, was found in Netent ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-3039 (A vulnerability classified as critical has been found in Shanghai Brad ...) - TODO: check + NOT-FOR-US: Shanghai Brad Technology BladeX CVE-2024-3019 (A flaw was found in PCP. The default pmproxy configuration exposes the ...) TODO: check CVE-2024-31140 (In JetBrains TeamCity before 2024.03 server administrators could remov ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31139 (In JetBrains TeamCity before 2024.03 xXE was possible in the Maven bui ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31138 (In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distri ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31137 (In JetBrains TeamCity before 2024.03 reflected XSS was possible via Sp ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31136 (In JetBrains TeamCity before 2024.03 2FA could be bypassed by providin ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31135 (In JetBrains TeamCity before 2024.03 open redirect was possible on the ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31134 (In JetBrains TeamCity before 2024.03 authenticated users without admin ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31065 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) - TODO: check + NOT-FOR-US: Insurance Mangement System CVE-2024-31064 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) - TODO: check + NOT-FOR-US: Insurance Mangement System CVE-2024-31063 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) - TODO: check + NOT-FOR-US: Insurance Mangement System CVE-2024-31062 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) - TODO: check + NOT-FOR-US: Insurance Mangement System CVE-2024-31061 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) - TODO: check + NOT-FOR-US: Insurance Mangement System CVE-2024-30612 (Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the dev ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30607 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the device ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30606 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page p ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30604 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30603 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls p ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30602 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedS ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30601 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time p ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30600 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedE ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30599 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the device ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30598 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30597 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30596 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30595 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30594 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fd899c30 by Salvatore Bonaccorso at 2024-03-28T09:49:13+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,81 +1,81 @@ CVE-2024-3024 (A vulnerability was found in appneta tcpreplay up to 4.4.4. It has bee ...) TODO: check CVE-2024-3015 (A vulnerability classified as critical was found in SourceCodester Sim ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Subscription Website CVE-2024-3014 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Subscription Website CVE-2024-3013 (A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated ...) - TODO: check + NOT-FOR-US: FLIR AX8 CVE-2024-3012 (A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been de ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3011 (A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been cl ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3010 (A vulnerability was found in Tenda FH1205 2.0.0.7(775) and classified ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3009 (A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classi ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3008 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3007 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3006 (A vulnerability classified as critical was found in Tenda FH1205 2.0.0 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3004 (A vulnerability was found in code-projects Online Book System 1.0 and ...) - TODO: check + NOT-FOR-US: code-projects Online Book System CVE-2024-3003 (A vulnerability has been found in code-projects Online Book System 1.0 ...) - TODO: check + NOT-FOR-US: code-projects Online Book System CVE-2024-3002 (A vulnerability, which was classified as critical, was found in code-p ...) - TODO: check + NOT-FOR-US: code-projects Online Book System CVE-2024-3001 (A vulnerability, which was classified as critical, has been found in c ...) - TODO: check + NOT-FOR-US: code-projects Online Book System CVE-2024-3000 (A vulnerability classified as critical was found in code-projects Onli ...) - TODO: check + NOT-FOR-US: code-projects Online Book System CVE-2024-30245 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30244 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30243 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30242 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30241 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Metagauss ProfileGrid CVE-2024-30240 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30239 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30237 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30236 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30230 (Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoice ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30229 (Deserialization of Untrusted Data vulnerability in GiveWP.This issue a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30228 (Deserialization of Untrusted Data vulnerability in Hercules Design Her ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30227 (Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30226 (Deserialization of Untrusted Data vulnerability in WPDeveloper BetterD ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30225 (Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP M ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d588e16e by Salvatore Bonaccorso at 2024-03-27T09:29:11+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,67 +1,67 @@ CVE-2024-30201 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30199 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30198 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30197 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30196 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30194 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30193 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30192 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2971 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negat ...) TODO: check CVE-2024-2956 (The Simple Ajax Chat \u2013 Add a Fast, Secure Chat Box plugin for Wor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2954 (The Action Network plugin for WordPress is vulnerable to SQL Injection ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2945 (A vulnerability was found in Campcodes Online Examination System 1.0. ...) - TODO: check + NOT-FOR-US: Campcodes Online Examination System CVE-2024-2944 (A vulnerability was found in Campcodes Online Examination System 1.0 a ...) - TODO: check + NOT-FOR-US: Campcodes Online Examination System CVE-2024-2943 (A vulnerability has been found in Campcodes Online Examination System ...) - TODO: check + NOT-FOR-US: Campcodes Online Examination System CVE-2024-2942 (A vulnerability, which was classified as critical, was found in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Online Examination System CVE-2024-2941 (A vulnerability, which was classified as critical, has been found in C ...) - TODO: check + NOT-FOR-US: Campcodes Online Examination System CVE-2024-2940 (A vulnerability classified as problematic was found in Campcodes Onlin ...) - TODO: check + NOT-FOR-US: Campcodes Online Examination System CVE-2024-2939 (A vulnerability classified as problematic has been found in Campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Online Examination System CVE-2024-2938 (A vulnerability was found in Campcodes Online Examination System 1.0. ...) - TODO: check + NOT-FOR-US: Campcodes Online Examination System CVE-2024-2935 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: SourceCodester Todo List in Kanban Board CVE-2024-2934 (A vulnerability classified as critical was found in SourceCodester Tod ...) - TODO: check + NOT-FOR-US: SourceCodester Todo List in Kanban Board CVE-2024-2932 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Online Chatting System CVE-2024-2930 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...) - TODO: check + NOT-FOR-US: SourceCodester Music Gallery Site CVE-2024-2927 (A vulnerability was found in code-projects Mobile Shop 1.0. It has bee ...) - TODO: check + NOT-FOR-US: code-projects Mobile Shop CVE-2024-2917 (A vulnerability was found in Campcodes House Rental Management System ...) - TODO: check + NOT-FOR-US: Campcodes House Rental Management System CVE-2024-2916 (A vulnerability was found in Campcodes House Rental Management System ...) - TODO: check + NOT-FOR-US: Campcodes House Rental Management System CVE-2024-2911 (A vulnerability, which was classified as problematic, was found in Tia ...) - TODO: check + NOT-FOR-US: Tianjin PubliCMS CVE-2024-2910 (A vulnerability, which was classified as critical, has been found in R ...) - TODO: check + NOT-FOR-US: Ruijie CVE-2024-2909 (A vulnerability
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 80f0fbcd by Salvatore Bonaccorso at 2024-03-26T21:54:29+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,51 +1,51 @@ CVE-2024-30235 (Missing Authorization vulnerability in Themeisle Multiple Page Generat ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30234 (Missing Authorization vulnerability in Wholesale Team WholesaleX.This ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30233 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30232 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30231 (Unrestricted Upload of File with Dangerous Type vulnerability in WebTo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2955 (T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 a ...) TODO: check CVE-2024-2951 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Registrat ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2929 (A memory corruption vulnerability in Rockwell Automation Arena Simulat ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2024-2921 (Improper access control in PAM vault permissions in Devolutions Server ...) - TODO: check + NOT-FOR-US: Devolutions Server CVE-2024-2915 (Improper access control in PAM JIT elevation in Devolutions Server 202 ...) - TODO: check + NOT-FOR-US: Devolutions Server CVE-2024-2906 (Missing Authorization vulnerability in SoftLab Radio Player.This issue ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2904 (Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calli ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2902 (A vulnerability was found in Tenda AC7 15.03.06.44 and classified as c ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2901 (A vulnerability has been found in Tenda AC7 15.03.06.44 and classified ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2900 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2899 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2898 (A vulnerability classified as critical was found in Tenda AC7 15.03.06 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2897 (A vulnerability classified as critical has been found in Tenda AC7 15. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2896 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2895 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been declar ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2894 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been classi ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2893 (A vulnerability was found in Tenda AC7 15.03.06.44 and classified as c ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2892 (A vulnerability has been found in Tenda AC7 15.03.06.44 and classified ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2891 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2802 REJECTED CVE-2024-2452 (In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control ...) @@ -59,17 +59,17 @@ CVE-2024-29883 (CreateWiki is Miraheze's MediaWiki extension for requesting & cr CVE-2024-29881 (TinyMCE is an open source rich text editor. A cross-site scripting (X ...) TODO: check CVE-2024-29833 (The image upload component allows SVG files and the regular expression ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29832 (The current_url parameter of the AJAX call to the GalleryBox action of ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29810 (The thumb_url parameter of the AJAX call to the editimage_bwg action o ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29809 (The image_url parameter of the AJAX call to the editimage_bwg action o ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29808 (The image_id parameter of the AJAX call to the editimage_bwg action of ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO:
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f3b9ece by Salvatore Bonaccorso at 2024-03-25T21:54:38+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25,29 +25,29 @@ CVE-2024-30202 (In Emacs before 29.3, arbitrary Lisp code is evaluated as part o NOTE: https://list.orgmode.org/87o7b3eczr@bzg.fr/T/#t NOTE: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9 CVE-2024-2865 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Mergen Software Quality Management System CVE-2024-2864 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29666 (Insecure Permissions vulnerability in Vehicle Monitoring platform syst ...) - TODO: check + NOT-FOR-US: Vehicle Monitoring platform system CMSV6 CVE-2024-29650 (An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker ...) TODO: check CVE-2024-29515 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...) - TODO: check + NOT-FOR-US: Lepton CMS CVE-2024-29025 (Netty is an asynchronous event-driven network application framework fo ...) TODO: check CVE-2024-28850 (WP Crontrol controls the cron events on WordPress websites. WP Crontr ...) - TODO: check + NOT-FOR-US: WP Crontrol CVE-2024-28435 (The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file u ...) - TODO: check + NOT-FOR-US: Twenty CRM CVE-2024-28434 (The CRM platform Twenty is vulnerable to stored cross site scripting v ...) - TODO: check + NOT-FOR-US: Twenty CRM CVE-2024-28393 (SQL injection vulnerability in scalapay v.1.2.41 and before allows a r ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-28387 (An issue in axonaut v.3.1.23 and before allows a remote attacker to ob ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-28386 (An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remo ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-28246 (KaTeX is a JavaScript library for TeX math rendering on the web. Code ...) TODO: check CVE-2024-28245 (KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...) @@ -59,27 +59,27 @@ CVE-2024-28243 (KaTeX is a JavaScript library for TeX math rendering on the web. CVE-2024-28183 (ESP-IDF is the development framework for Espressif SoCs supported on W ...) TODO: check CVE-2024-28108 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) - TODO: check + NOT-FOR-US: phpMyFAQ CVE-2024-28107 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) - TODO: check + NOT-FOR-US: phpMyFAQ CVE-2024-28106 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) - TODO: check + NOT-FOR-US: phpMyFAQ CVE-2024-28105 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) - TODO: check + NOT-FOR-US: phpMyFAQ CVE-2024-27300 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) - TODO: check + NOT-FOR-US: phpMyFAQ CVE-2024-27299 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) - TODO: check + NOT-FOR-US: phpMyFAQ CVE-2024-25964 (Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-25175 (An issue in Kickdler before v1.107.0 allows attackers to provide an XS ...) - TODO: check + NOT-FOR-US: Kickdler CVE-2024-25002 (Command Injection in the diagnostics interface of the Bosch Network Sy ...) - TODO: check + NOT-FOR-US: Bosch CVE-2023-48296 (OroPlatform is a PHP Business Application Platform (BAP). Navigation ...) - TODO: check + NOT-FOR-US: OroPlatform CVE-2023-45824 (OroPlatform is a PHP Business Application Platform (BAP). A logged in ...) - TODO: check + NOT-FOR-US: OroPlatform CVE-2021-47180 (In the Linux kernel, the following vulnerability has been resolved: N ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 @@ -330,9 +330,9 @@ CVE-2023-37886 (Missing Authorization vulnerability in InspiryThemes RealHomes.T CVE-2023-37885 (Missing Authorization vulnerability in InspiryThemes RealHomes.This is ...) NOT-FOR-US: WordPress theme CVE-2023-33923 (Missing Authorization vulnerability in HashThemes Viral News, HashThem ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2020-36826 (A vulnerability was found in AwesomestCode LiveBot. It has
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e34b99e by Salvatore Bonaccorso at 2024-03-25T09:53:45+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,53 +1,53 @@ CVE-2024-2863 (This vulnerability allows remote attackers to traverse paths via file ...) - TODO: check + NOT-FOR-US: LG CVE-2024-2862 (This vulnerability allows remote attackers to reset the password of an ...) - TODO: check + NOT-FOR-US: LG CVE-2024-29216 (Exposed IOCTL with insufficient access control issue exists in cg6kwin ...) - TODO: check + NOT-FOR-US: cg6kwin2k.sys CVE-2024-29194 (OneUptime is a solution for monitoring and managing online services. T ...) - TODO: check + NOT-FOR-US: OneUptime CVE-2024-29188 (WiX toolset lets developers create installers for Windows Installer, t ...) TODO: check CVE-2024-29187 (WiX toolset lets developers create installers for Windows Installer, t ...) TODO: check CVE-2024-29071 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of week creden ...) - TODO: check + NOT-FOR-US: HGW BL1500HM CVE-2024-29034 (CarrierWave is a solution for file uploads for Rails, Sinatra and othe ...) TODO: check CVE-2024-29009 (Cross-site request forgery (CSRF) vulnerability in easy-popup-show all ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28041 (HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent una ...) - TODO: check + NOT-FOR-US: HGW BL1500HM CVE-2024-24899 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) - TODO: check + NOT-FOR-US: openEuler aops-zeus CVE-2024-24897 (Improper Neutralization of Special Elements used in a Command ('Comman ...) - TODO: check + NOT-FOR-US: openEuler A-Tune-Collector CVE-2024-24892 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) - TODO: check + NOT-FOR-US: openEuler migration-tools CVE-2024-24890 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) - TODO: check + NOT-FOR-US: openEuler gala-gopher CVE-2024-21865 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of week creden ...) - TODO: check + NOT-FOR-US: HGW BL1500HM CVE-2024-21505 (Versions of the package web3-utils before 4.2.1 are vulnerable to Prot ...) TODO: check CVE-2024-1962 (The CM Download Manager WordPress plugin before 2.9.1 does not have C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1564 (The wp-schema-pro WordPress plugin before 2.7.16 does not validate pos ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1232 (The CM Download Manager WordPress plugin before 2.9.0 does not have C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1231 (The CM Download Manager WordPress plugin before 2.9.0 does not have C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-37886 (Missing Authorization vulnerability in InspiryThemes RealHomes.This is ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2023-37885 (Missing Authorization vulnerability in InspiryThemes RealHomes.This is ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2023-33923 (Missing Authorization vulnerability in HashThemes Viral News, HashThem ...) TODO: check CVE-2020-36826 (A vulnerability was found in AwesomestCode LiveBot. It has been classi ...) TODO: check CVE-2020-36825 (A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and ...) - TODO: check + NOT-FOR-US: cyberaz0r WebRAT CVE-2024-27281 [RCE vulnerability with .rdoc_options in RDoc] - ruby3.2 - ruby3.1 @@ -56691,7 +56691,7 @@ CVE-2023-30482 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi CVE-2023-30481 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey G ...) NOT-FOR-US: WordPress plugin CVE-2023-30480 (Missing Authorization vulnerability in Sparkle WP Educenter.This issue ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2023-30479 RESERVED CVE-2023-30478 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newslette ...) @@ -119788,7 +119788,7 @@ CVE-2018-25045 (Django REST framework (aka django-rest-framework) before 3.9.1 a - djangorestframework 3.10.2-1 NOTE: https://github.com/encode/django-rest-framework/commit/4bb9a3c48427867ef1e46f7dee945a4c25a4f9b8 (3.9.1) CVE-2022-36407 (Insertion of Sensitive Information into Log File vulnerability in Hita ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2022-36389 (Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Mes ...)
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 14ab63be by Salvatore Bonaccorso at 2024-03-24T21:53:32+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -28,7 +28,7 @@ CVE-2024-2851 (A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_mult CVE-2024-2850 (A vulnerability was found in Tenda AC15 15.03.05.18 and classified as ...) NOT-FOR-US: Tenda CVE-2024-24725 (Gibbon through 26.0.00 allows remote authenticated users to conduct PH ...) - TODO: check + NOT-FOR-US: GibbonEdu Gibbon CVE-2024-23755 (ClickUp Desktop before 3.3.77 on macOS and Windows allows code injecti ...) NOT-FOR-US: ClickUp Desktop CVE-2020-36827 (The XAO::Web module before 1.84 for Perl mishandles < and > characters ...) @@ -111,9 +111,9 @@ CVE-2024-2723 (SQL injection vulnerability in the CIGESv2 system, through/ajaxSu CVE-2024-2722 (SQL injection vulnerability in the CIGESv2 system, through/ajaxConfigT ...) NOT-FOR-US: CIGESv2 system CVE-2024-2449 (A cross-site request forgery vulnerability has been identified in Load ...) - TODO: check + NOT-FOR-US: LoadMaster CVE-2024-2448 (An OS command injection vulnerability has been identified in LoadMaste ...) - TODO: check + NOT-FOR-US: LoadMaster CVE-2024-2228 (This vulnerability allows an authenticated user to perform a Lifecycle ...) NOT-FOR-US: Sailpoint CVE-2024-2227 (This vulnerability allows access to arbitrary files in the application ...) @@ -138,13 +138,13 @@ CVE-2024-29366 (A command injection vulnerability exists in the cgibin binary in CVE-2024-29338 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Anchor CMS CVE-2024-29186 (Bref is an open-source project that helps users go serverless on Amazo ...) - TODO: check + NOT-FOR-US: Bref CVE-2024-29185 (FreeScout is a self-hosted help desk and shared mailbox. Versions prio ...) NOT-FOR-US: FreeScout CVE-2024-29184 (FreeScout is a self-hosted help desk and shared mailbox. A Stored Cros ...) NOT-FOR-US: FreeScout CVE-2024-29042 (Translate is a package that allows users to convert text to different ...) - TODO: check + NOT-FOR-US: translate Node.js module CVE-2024-28861 (Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a P ...) NOT-FOR-US: Symfony1 (community fork of symfony 1.4 with some enhancements) CVE-2024-28824 (Least privilege violation and reliance on untrusted inputs in the mk_i ...) @@ -200089,7 +200089,7 @@ CVE-2021-33635 (When malicious images are pulled by isula pull, attackers can ex CVE-2021-33634 (iSulad uses the lcr+lxc runtime (default) to run malicious images, whi ...) NOT-FOR-US: OpenEuler lcr CVE-2021-33633 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) - TODO: check + NOT-FOR-US: openEuler aops-ceres CVE-2021-33632 RESERVED CVE-2021-33631 (Integer Overflow or Wraparound vulnerability in openEuler kernel on Li ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14ab63be8518a9b7673d43426edee20fa51a7d2d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14ab63be8518a9b7673d43426edee20fa51a7d2d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84a52fea by Salvatore Bonaccorso at 2024-03-24T12:11:23+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,25 +3,25 @@ CVE-2024-30161 (In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component ma CVE-2024-30156 (Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 L ...) TODO: check CVE-2024-2856 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2855 (A vulnerability classified as critical was found in Tenda AC15 15.03.0 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2854 (A vulnerability classified as critical has been found in Tenda AC18 15 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2853 (A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It h ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2852 (A vulnerability was found in Tenda AC15 15.03.20_multi. It has been de ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2851 (A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2850 (A vulnerability was found in Tenda AC15 15.03.05.18 and classified as ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-24725 (Gibbon through 26.0.00 allows remote authenticated users to conduct PH ...) TODO: check CVE-2024-23755 (ClickUp Desktop before 3.3.77 on macOS and Windows allows code injecti ...) - TODO: check + NOT-FOR-US: ClickUp Desktop CVE-2020-36827 (The XAO::Web module before 1.84 for Perl mishandles < and > characters ...) - TODO: check + NOT-FOR-US: XAO::Web Perl module CVE-2018-25100 (The Mojolicious module before 7.66 for Perl may leak cookies in certai ...) TODO: check CVE-2024- [possibility to reset password for suspended accounts] @@ -36,7 +36,7 @@ CVE-2024-24835 (Missing Authorization vulnerability in realmag777 BEAR.This issu CVE-2024-24832 (Missing Authorization vulnerability in Metagauss EventPrime.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-1603 (paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision ...) - TODO: check + NOT-FOR-US: PaddlePaddle CVE-2024-2832 (A vulnerability classified as problematic was found in Campcodes Onlin ...) NOT-FOR-US: Campcodes Online Shopping System CVE-2024-2688 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84a52fea415a7c8e90627f4d46c0b156ef54dac4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84a52fea415a7c8e90627f4d46c0b156ef54dac4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 27daf9f3 by Salvatore Bonaccorso at 2024-03-23T21:20:27+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2024-2849 (A vulnerability classified as critical was found in SourceCodester Sim ...) - TODO: check + NOT-FOR-US: SourceCodester Simple File Manager CVE-2024-24840 (Missing Authorization vulnerability in BdThemes Element Pack Elementor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24835 (Missing Authorization vulnerability in realmag777 BEAR.This issue affe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24832 (Missing Authorization vulnerability in Metagauss EventPrime.This issue ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1603 (confirmed) TODO: check CVE-2024-2832 (A vulnerability classified as problematic was found in Campcodes Onlin ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27daf9f3a91b5bc99e3c587f6b9d0e0b75a45d73 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27daf9f3a91b5bc99e3c587f6b9d0e0b75a45d73 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 02c63403 by Salvatore Bonaccorso at 2024-03-23T09:34:42+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,29 +1,29 @@ CVE-2024-2832 (A vulnerability classified as problematic was found in Campcodes Onlin ...) - TODO: check + NOT-FOR-US: Campcodes Online Shopping System CVE-2024-2688 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2468 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2326 (The Pretty Links \u2013 Affiliate Links, Link Branding, Link Tracking ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2202 (The Page Builder by SiteOrigin plugin for WordPress is vulnerable to S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2131 (The Move Addons for Elementor plugin for WordPress is vulnerable to St ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2025 (The "BuddyPress WooCommerce My Account Integration. Create WooCommerce ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29190 (Mobile Security Framework (MobSF) is a pen-testing, malware analysis a ...) - TODO: check + NOT-FOR-US: Mobile Security Framework (MobSF) CVE-2024-29059 (.NET Framework Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-29057 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26247 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-1697 (The Custom WooCommerce Checkout Fields Editor plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1049 (The Page Builder Gutenberg Blocks \u2013 CoBlocks plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2828 (A vulnerability, which was classified as critical, was found in lakern ...) NOT-FOR-US: lakernote EasyAdmin CVE-2024-2827 (A vulnerability, which was classified as critical, has been found in l ...) @@ -62,9 +62,9 @@ CVE-2024-2449 (A cross-site request forgery vulnerability has been identified in CVE-2024-2448 (An OS command injection vulnerability has been identified in LoadMaste ...) TODO: check CVE-2024-2228 (This vulnerability allows an authenticated user to perform a Lifecycle ...) - TODO: check + NOT-FOR-US: Sailpoint CVE-2024-2227 (This vulnerability allows access to arbitrary files in the application ...) - TODO: check + NOT-FOR-US: Sailpoint CVE-2024-29944 (An attacker was able to inject an event handler into a privileged obje ...) - firefox 124.0.1-1 (bug #1067523) - firefox-esr 115.9.1esr-1 @@ -104,7 +104,7 @@ CVE-2024-28559 (SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before CVE-2024-25168 (SQL injection vulnerability in snow snow v.2.0.0 allows a remote attac ...) NOT-FOR-US: snow snow CVE-2024-1848 (Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out ...) - TODO: check + NOT-FOR-US: Solidworks CVE-2024-1742 (Invocation of the sqlplus command with sensitive information in the co ...) - check-mk CVE-2024-0638 (Least privilege violation in the Checkmk agent plugins mk_oracle, mk_o ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02c63403e80a520e5ce9a530eb3606c86f762c0e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02c63403e80a520e5ce9a530eb3606c86f762c0e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60bd2da5 by Salvatore Bonaccorso at 2024-03-22T22:28:16+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,35 +1,35 @@ CVE-2024-2828 (A vulnerability, which was classified as critical, was found in lakern ...) - TODO: check + NOT-FOR-US: lakernote EasyAdmin CVE-2024-2827 (A vulnerability, which was classified as critical, has been found in l ...) - TODO: check + NOT-FOR-US: lakernote EasyAdmin CVE-2024-2826 (A vulnerability classified as problematic was found in lakernote EasyA ...) - TODO: check + NOT-FOR-US: lakernote EasyAdmin CVE-2024-2825 (A vulnerability classified as critical has been found in lakernote Eas ...) - TODO: check + NOT-FOR-US: lakernote EasyAdmin CVE-2024-2824 (A vulnerability was found in Matthias-Wandel jhead 3.08 and classified ...) TODO: check CVE-2024-2823 (A vulnerability has been found in DedeCMS 5.7 and classified as proble ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-2822 (A vulnerability, which was classified as problematic, was found in Ded ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-2821 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-2820 (A vulnerability classified as problematic was found in DedeCMS 5.7. Af ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-2728 (Information exposure vulnerability in the CIGESv2 system. This vulnera ...) - TODO: check + NOT-FOR-US: CIGESv2 system CVE-2024-2727 (HTML injection vulnerability affecting the CIGESv2 system, which allow ...) - TODO: check + NOT-FOR-US: CIGESv2 system CVE-2024-2726 (Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the C ...) - TODO: check + NOT-FOR-US: CIGESv2 system CVE-2024-2725 (Information exposure vulnerability in the CIGESv2 system. A remote att ...) - TODO: check + NOT-FOR-US: CIGESv2 system CVE-2024-2724 (SQL injection vulnerability in the CIGESv2 system, through/ajaxServici ...) - TODO: check + NOT-FOR-US: CIGESv2 system CVE-2024-2723 (SQL injection vulnerability in the CIGESv2 system, through/ajaxSubServ ...) - TODO: check + NOT-FOR-US: CIGESv2 system CVE-2024-2722 (SQL injection vulnerability in the CIGESv2 system, through/ajaxConfigT ...) - TODO: check + NOT-FOR-US: CIGESv2 system CVE-2024-2449 (A cross-site request forgery vulnerability has been identified in Load ...) TODO: check CVE-2024-2448 (An OS command injection vulnerability has been identified in LoadMaste ...) @@ -47,35 +47,35 @@ CVE-2024-29943 (An attacker was able to perform an out-of-bounds read or write o - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29943 CVE-2024-29865 (Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page ...) - TODO: check + NOT-FOR-US: Logpoint CVE-2024-29499 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...) - TODO: check + NOT-FOR-US: Anchor CMS CVE-2024-29385 (DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execu ...) - TODO: check + NOT-FOR-US: DIR-845L router CVE-2024-29366 (A command injection vulnerability exists in the cgibin binary in DIR-8 ...) - TODO: check + NOT-FOR-US: DIR-845L router CVE-2024-29338 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...) - TODO: check + NOT-FOR-US: Anchor CMS CVE-2024-29186 (Bref is an open-source project that helps users go serverless on Amazo ...) TODO: check CVE-2024-29185 (FreeScout is a self-hosted help desk and shared mailbox. Versions prio ...) - TODO: check + NOT-FOR-US: FreeScout CVE-2024-29184 (FreeScout is a self-hosted help desk and shared mailbox. A Stored Cros ...) - TODO: check + NOT-FOR-US: FreeScout CVE-2024-29042 (Translate is a package that allows users to convert text to different ...) TODO: check CVE-2024-28861 (Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a P ...) - TODO: check + NOT-FOR-US: Symfony1 (community fork of symfony 1.4 with some enhancements) CVE-2024-28824 (Least privilege violation and reliance on untrusted inputs in the mk_i ...) TODO: check CVE-2024-28593 (The Chat activity in Moodle 4.3.3 allows students to insert a potentia ...) TODO: check CVE-2024-28560 (SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows ...) - TODO: check + NOT-FOR-US: Niushop B2B2C CVE-2024-28559 (SQL injection vulnerability in Niushop B2B2C v.5.3.3 and
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b1be86f5 by Salvatore Bonaccorso at 2024-03-22T21:45:59+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -129558,17 +129558,17 @@ CVE-2022-32758 CVE-2022-32757 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequ ...) NOT-FOR-US: IBM CVE-2022-32756 (IBM Security Verify Directory 10.0.0 could allow a remote attacker to ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-32755 (IBM Security Directory Server 6.4.0 is vulnerable to an XML External E ...) NOT-FOR-US: IBM CVE-2022-32754 (IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scrip ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-32753 (IBM Security Verify Directory 10.0.0 uses weaker than expected cryptog ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-32752 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a r ...) NOT-FOR-US: IBM CVE-2022-32751 (IBM Security Verify Directory 10.0.0 could disclose sensitive server i ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-32750 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...) NOT-FOR-US: IBM CVE-2022-32749 (Improper Check for Unusual or Exceptional Conditions vulnerability han ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1be86f546db62555fcf918d66c58fb48c344dcb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1be86f546db62555fcf918d66c58fb48c344dcb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 186a0191 by Salvatore Bonaccorso at 2024-03-22T09:20:31+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -63,13 +63,13 @@ CVE-2024-2392 (The Blocksy Companion plugin for WordPress is vulnerable to Store CVE-2024-2080 (The LiquidPoll \u2013 Polls, Surveys, NPS and Feedback Reviews plugin ...) TODO: check CVE-2024-29275 (SQL injection vulnerability in SeaCMS version 12.9, allows remote unau ...) - TODO: check + NOT-FOR-US: SeaCMS CVE-2024-29273 (There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 ...) - TODO: check + NOT-FOR-US: dzzoffice CVE-2024-29272 (Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, a ...) - TODO: check + NOT-FOR-US: VvvebJs CVE-2024-29271 (Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before v ...) - TODO: check + NOT-FOR-US: VvvebJs CVE-2024-29031 (Meshery is an open source, cloud native manager that enables the desig ...) TODO: check CVE-2024-28891 (SQL injection vulnerability exists in the script Handler_CFG.ashx.) @@ -77,11 +77,11 @@ CVE-2024-28891 (SQL injection vulnerability exists in the script Handler_CFG.ash CVE-2024-28863 (node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no ...) TODO: check CVE-2024-28756 (The SolarEdge mySolarEdge application before 2.20.1 for Android has a ...) - TODO: check + NOT-FOR-US: SolarEdge mySolarEdge CVE-2024-28521 (SQL Injection vulnerability in Netcome NS-ASG Application Security Gat ...) - TODO: check + NOT-FOR-US: Netcome NS-ASG Application Security Gateway CVE-2024-28441 (File Upload vulnerability in magicflue v.7.0 and before allows a remot ...) - TODO: check + NOT-FOR-US: magicflue CVE-2024-28171 (It is possible to perform a path traversal attack and write outside of ...) TODO: check CVE-2024-28119 (Grav is an open-source, flat-file content management system. Prior to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/186a0191467cbbf3835ae1add26df26104859cb7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/186a0191467cbbf3835ae1add26df26104859cb7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ba397bab by Salvatore Bonaccorso at 2024-03-21T09:30:04+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,15 +1,15 @@ CVE-2024-2754 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Complete E-Commerce Site CVE-2024-2748 (A Cross Site Request Forgery vulnerability was identified in GitHub En ...) TODO: check CVE-2024-2720 (A vulnerability classified as problematic was found in Campcodes Compl ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2719 (A vulnerability classified as problematic has been found in Campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2718 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2717 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2469 (An attacker with an Administrator role in GitHub Enterprise Server cou ...) TODO: check CVE-2024-2443 (A command injection vulnerability was identified in GitHub Enterprise ...) @@ -19,33 +19,33 @@ CVE-2024-2162 (An OS Command Injection vulnerability in Kiloview NDI allows a lo CVE-2024-2161 (Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated ...) TODO: check CVE-2024-29864 (Distrobox before 1.7.0.1 allows attackers to execute arbitrary code vi ...) - TODO: check + NOT-FOR-US: Distrobox CVE-2024-29862 (The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4. ...) - TODO: check + NOT-FOR-US: Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder CVE-2024-29859 (In MISP before 2.4.187, add_misp_export in app/Controller/EventsContro ...) - TODO: check + NOT-FOR-US: MISP CVE-2024-29858 (In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsCo ...) - TODO: check + NOT-FOR-US: MISP CVE-2024-29474 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) - TODO: check + NOT-FOR-US: OneBlog CVE-2024-29473 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) - TODO: check + NOT-FOR-US: OneBlog CVE-2024-29472 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) - TODO: check + NOT-FOR-US: OneBlog CVE-2024-29471 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) - TODO: check + NOT-FOR-US: OneBlog CVE-2024-29470 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) - TODO: check + NOT-FOR-US: OneBlog CVE-2024-29469 (A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 al ...) - TODO: check + NOT-FOR-US: OneBlog CVE-2024-29037 (datahub-helm provides the Kubernetes Helm charts for deploying Datahub ...) TODO: check CVE-2024-29036 (Saleor Storefront is software for building e-commerce experiences. Pri ...) - TODO: check + NOT-FOR-US: Saleor Storefront CVE-2024-29033 (OAuthenticator provides plugins for JupyterHub to use common OAuth pro ...) TODO: check CVE-2024-29032 (Qiskit IBM Runtime is an environment that streamlines quantum computat ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-29026 (Owncast is an open source, self-hosted, decentralized, single user liv ...) TODO: check CVE-2024-29018 (Moby is an open source container framework that is a key component of ...) @@ -55,7 +55,7 @@ CVE-2024-28916 (Xbox Gaming Services Elevation of Privilege Vulnerability) CVE-2024-28835 (A flaw has been discovered in GnuTLS where an application crash can be ...) TODO: check CVE-2024-28635 (Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v. ...) - TODO: check + NOT-FOR-US: SurveyJS Survey Creator CVE-2024-25294 (An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sens ...) TODO: check CVE-2024-24050 (Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Jou ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba397babf77183ca211fd2ac7f084d9367a19b1b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba397babf77183ca211fd2ac7f084d9367a19b1b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 13912e40 by Salvatore Bonaccorso at 2024-03-20T21:46:21+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -43,11 +43,11 @@ CVE-2024-2684 (A vulnerability, which was classified as problematic, has been fo CVE-2024-2683 (A vulnerability classified as problematic was found in Campcodes Onlin ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2291 (In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.1 ...) - TODO: check + NOT-FOR-US: Progress MOVEit Transfer CVE-2024-29419 (There is a Cross-site scripting (XSS) vulnerability in the Wireless se ...) NOT-FOR-US: TOTOLINK CVE-2024-28868 (Umbraco is an ASP.NET content management system. Umbraco 10 prior to 1 ...) - TODO: check + NOT-FOR-US: Umbraco CVE-2024-28735 (An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 ...) NOT-FOR-US: Unit4 Financials by Coda CVE-2024-28396 (An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a r ...) @@ -63,55 +63,55 @@ CVE-2024-28231 (eprosima Fast DDS is a C++ implementation of the Data Distributi NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w NOTE: https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b (v2.14.0) CVE-2024-28179 (Jupyter Server Proxy allows users to run arbitrary external processes ...) - TODO: check + NOT-FOR-US: Jupyter Server Proxy CVE-2024-27286 (Zulip is an open-source team collaboration. When a user moves a Zulip ...) - TODO: check + NOT-FOR-US: Zulip CVE-2024-27105 (Frappe is a full-stack web application framework. Prior to versions 14 ...) NOT-FOR-US: Frappe Framework CVE-2024-24813 (Frappe is a full-stack web application framework. Prior to versions 14 ...) NOT-FOR-US: Frappe Framework CVE-2024-23821 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23819 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23818 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23721 (A Directory Traversal issue was discovered in process_post on Draytek ...) - TODO: check + NOT-FOR-US: Draytek Vigor3910 devices CVE-2024-23643 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23642 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23640 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23634 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-1992 REJECTED CVE-2024-1856 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q1 (18.0. ...) - TODO: check + NOT-FOR-US: Progress Telerik Reporting CVE-2024-1811 (A potential vulnerability has been identified in OpenText ArcSight Pla ...) - TODO: check + NOT-FOR-US: OpenText CVE-2024-1801 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q1 (18.0. ...) - TODO: check + NOT-FOR-US: Progress Telerik Reporting CVE-2024-1800 (In Progress\xae Telerik\xae Report Server versions prior to 2024 Q1 (1 ...) - TODO: check + NOT-FOR-US: Progress Telerik Reporting CVE-2023-52229 (Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51445 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2023-51444 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2023-50967 (latchset jose through version 11 allows attackers to cause a denial of ...) TODO: check CVE-2023-45177 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-41877 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2023-41038 (Firebird is a relational database. Versions 4.0.0 through 4.0.3 and ve ...) TODO: check CVE-2023-35888 (IBM Security Verify Governance 10.0.2 could allow a remote attacker to ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a1bad7b by Salvatore Bonaccorso at 2024-03-20T21:30:30+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,63 +1,63 @@ CVE-2024-2721 (Deserialization of Untrusted Data vulnerability in Social Media Share ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2716 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2715 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2714 (A vulnerability has been found in Campcodes Complete Online DJ Booking ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2713 (A vulnerability, which was classified as critical, was found in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2712 (A vulnerability, which was classified as critical, has been found in C ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2711 (A vulnerability was found in Tenda AC10U 15.03.06.48. It has been rate ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2710 (A vulnerability was found in Tenda AC10U 15.03.06.49. It has been decl ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2709 (A vulnerability was found in Tenda AC10U 15.03.06.49. It has been clas ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2708 (A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2707 (A vulnerability has been found in Tenda AC10U 15.03.06.49 and classifi ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2706 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2705 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2704 (A vulnerability classified as critical was found in Tenda AC10U 15.03. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2703 (A vulnerability classified as critical has been found in Tenda AC10U 1 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2702 (Missing Authorization vulnerability in Olive Themes Olive One Click De ...) - TODO: check + NOT-FOR-US: Olive Themes Olive One Click Demo Import CVE-2024-2690 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...) - TODO: check + NOT-FOR-US: SourceCodester Online Discussion Forum Site CVE-2024-2687 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2686 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2685 (A vulnerability, which was classified as problematic, was found in Cam ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2684 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2683 (A vulnerability classified as problematic was found in Campcodes Onlin ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2291 (In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.1 ...) TODO: check CVE-2024-29419 (There is a Cross-site scripting (XSS) vulnerability in the Wireless se ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-28868 (Umbraco is an ASP.NET content management system. Umbraco 10 prior to 1 ...) TODO: check CVE-2024-28735 (An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 ...) - TODO: check + NOT-FOR-US: Unit4 Financials by Coda CVE-2024-28396 (An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a r ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-28395 (SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and befo ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-28392 (SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and befor ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-28286 (In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was de ...) - TODO: check + NOT-FOR-US: libIEC61850 CVE-2024-28231 (eprosima Fast DDS is a
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5f7ea1ba by Salvatore Bonaccorso at 2024-03-20T14:49:07+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -85,15 +85,15 @@ CVE-2024-2387 (The Advanced Form Integration \u2013 Connect WooCommerce and Cont CVE-2024-2384 (The WooCommerce POS plugin for WordPress is vulnerable to information ...) NOT-FOR-US: WordPress plugin CVE-2024-2304 (The Animated Headline plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2255 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2197 (Chirp Access improperly stores credentials within its source code, pot ...) - TODO: check + NOT-FOR-US: Chirp Access CVE-2024-2129 (The WPBITS Addons For Elementor Page Builder plugin for WordPress is v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2124 (The Translate WordPress and go Multilingual \u2013 Weglot plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28715 (Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows ...) NOT-FOR-US: DOraCMS CVE-2024-28584 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7ea1bacac85fc83c0d279e5027e2f2a96f904b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7ea1bacac85fc83c0d279e5027e2f2a96f904b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a4eeebb3 by Salvatore Bonaccorso at 2024-03-18T21:36:53+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,45 +1,45 @@ CVE-2024-2599 (File upload restriction evasion vulnerability in AMSS++ version 4.31. ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2598 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2597 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2596 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2595 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2594 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2593 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2592 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2591 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2590 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2589 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2588 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2587 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2586 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2585 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2584 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2390 (As a part of Tenable\u2019s vulnerability disclosure program, a vulner ...) - TODO: check + NOT-FOR-US: Tenable CVE-2024-2229 (CWE-502: Deserialization of Untrusted Data vulnerability exists that c ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2024-2052 (CWE-552: Files or Directories Accessible to External Parties vulnerabi ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2024-2051 (CWE-307: Improper Restriction of Excessive Authentication Attempts vul ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2024-2050 (CWE-79: Improper Neutralization of Input During Web Page Generation (\ ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2024-28550 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the file ...) NOT-FOR-US: Tenda CVE-2024-28547 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the fire ...) @@ -74,7 +74,7 @@ CVE-2024-27769 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 CVE-2024-27768 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE- ...) NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27767 (CWE-287: Improper Authentication may allow Authentication Bypass) - TODO: check + NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27104 (GLPI is a Free Asset and IT Management Software package, Data center m ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-prc3-cx5m-h5mj @@ -172,89 +172,89 @@ CVE-2024-26030 (Adobe Experience Manager versions 6.5.19 and earlier are affecte CVE-2024-26028 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-25657 (An open redirect in the Login/Logout functionality of web management i ...) - TODO: check + NOT-FOR-US: AVSystem Unified Management Platform (UMP) CVE-2024-25656 (Improper input validation in AVSystem Unified Management Platform (UMP ...) - TODO: check + NOT-FOR-US: AVSystem Unified Management Platform (UMP) CVE-2024-25655 (Insecure storage of LDAP passwords in the authentication functionality ...) - TODO: check + NOT-FOR-US: AVSystem Unified Management Platform (UMP) CVE-2024-25654 (Insecure permissions for log files of AVSystem Unified Management Plat
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 835750ea by Salvatore Bonaccorso at 2024-03-18T21:26:48+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -41,13 +41,13 @@ CVE-2024-2051 (CWE-307: Improper Restriction of Excessive Authentication Attempt CVE-2024-2050 (CWE-79: Improper Neutralization of Input During Web Page Generation (\ ...) TODO: check CVE-2024-28550 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the file ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-28547 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the fire ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-28537 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-28039 (Improper restriction of XML external entity references vulnerability e ...) - TODO: check + NOT-FOR-US: FitNesse CVE-2024-27937 (GLPI is a Free Asset and IT Management Software package, Data center m ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-98qw-hpg3-2hpj @@ -60,19 +60,19 @@ CVE-2024-27914 (GLPI is a Free Asset and IT Management Software package, Data ce NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-rcxj-fqr4-q34r NOTE: https://github.com/glpi-project/glpi/commit/69e0dee8de0c0df139b42dbfa1a8997888c2af95 CVE-2024-27774 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...) - TODO: check + NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27773 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...) - TODO: check + NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27772 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...) - TODO: check + NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27771 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...) - TODO: check + NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27770 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CW ...) - TODO: check + NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27769 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CW ...) - TODO: check + NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27768 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE- ...) - TODO: check + NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27767 (CWE-287: Improper Authentication may allow Authentication Bypass) TODO: check CVE-2024-27104 (GLPI is a Free Asset and IT Management Software package, Data center m ...) @@ -88,89 +88,89 @@ CVE-2024-27096 (GLPI is a Free Asset and IT Management Software package, Data ce NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-2x8m-vrcm-2jqv NOTE: https://github.com/glpi-project/glpi/commit/61a0c2302b4f633f5065358adc36058e1abc37f9 CVE-2024-26125 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26124 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26120 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26119 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26118 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26107 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26106 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26105 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26104 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26103 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26102 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26101 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26096 (Adobe Experience Manager versions 6.5.19 and earlier
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6003cffe by Salvatore Bonaccorso at 2024-03-17T21:18:41+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,41 +1,41 @@ CVE-2024-2566 (A vulnerability was found in Fujian Kelixin Communication Command and ...) - TODO: check + NOT-FOR-US: Fujian Kelixin Communication Command and Dispatch Platform CVE-2024-2565 (A vulnerability was found in PandaXGO PandaX up to 20240310. It has be ...) - TODO: check + NOT-FOR-US: PandaXGO PandaX CVE-2024-2564 (A vulnerability was found in PandaXGO PandaX up to 20240310 and classi ...) - TODO: check + NOT-FOR-US: PandaXGO PandaX CVE-2024-2563 (A vulnerability has been found in PandaXGO PandaX up to 20240310 and c ...) - TODO: check + NOT-FOR-US: PandaXGO PandaX CVE-2024-2562 (A vulnerability, which was classified as critical, was found in PandaX ...) - TODO: check + NOT-FOR-US: PandaXGO PandaX CVE-2024-2561 (A vulnerability, which was classified as critical, has been found in 7 ...) - TODO: check + NOT-FOR-US: 74CMS CVE-2024-2560 (A vulnerability classified as problematic was found in Tenda AC18 15.0 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2559 (A vulnerability classified as problematic has been found in Tenda AC18 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2558 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2557 (A vulnerability was found in kishor-23 Food Waste Management System 1. ...) - TODO: check + NOT-FOR-US: kishor-23 Food Waste Management System CVE-2024-27961 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27960 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27959 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27958 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27957 (Unrestricted Upload of File with Dangerous Type vulnerability in Pie R ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25933 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25903 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25591 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24867 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2556 (A vulnerability was found in SourceCodester Employee Task Management S ...) NOT-FOR-US: SourceCodester Employee Task Management System CVE-2024-2555 (A vulnerability was found in SourceCodester Employee Task Management S ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6003cffe7d7b9152532c9834d8c0b309297fa9fb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6003cffe7d7b9152532c9834d8c0b309297fa9fb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e5dc6b16 by Salvatore Bonaccorso at 2024-03-17T09:18:52+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,27 +1,27 @@ CVE-2024-2556 (A vulnerability was found in SourceCodester Employee Task Management S ...) - TODO: check + NOT-FOR-US: SourceCodester Employee Task Management System CVE-2024-2555 (A vulnerability was found in SourceCodester Employee Task Management S ...) - TODO: check + NOT-FOR-US: SourceCodester Employee Task Management System CVE-2024-2554 (A vulnerability has been found in SourceCodester Employee Task Managem ...) - TODO: check + NOT-FOR-US: SourceCodester Employee Task Management System CVE-2024-2553 (A vulnerability, which was classified as problematic, was found in Sou ...) - TODO: check + NOT-FOR-US: SourceCodester Product Review Rating System CVE-2024-2547 (A vulnerability was found in Tenda AC18 15.03.05.05 and classified as ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2546 (A vulnerability has been found in Tenda AC18 15.13.07.09 and classifie ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2535 (A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2534 (A vulnerability, which was classified as critical, was found in MAGESH ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2533 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2532 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2531 (A vulnerability classified as critical has been found in MAGESH-K21 On ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2530 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2529 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2528 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5dc6b16b51dbab49fd588822b4f5d2fe0be4312 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5dc6b16b51dbab49fd588822b4f5d2fe0be4312 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5ca1e271 by Salvatore Bonaccorso at 2024-03-16T09:23:36+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2024-2514 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2308 (The ElementInvader Addons for Elementor plugin for WordPress is vulner ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2294 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2042 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28862 (The Ruby One Time Password library (ROTP) is an open source library fo ...) - ruby-rotp NOTE: https://github.com/mdp/rotp/security/advisories/GHSA-x2h8-qmj4-g62f @@ -13,59 +13,59 @@ CVE-2024-28862 (The Ruby One Time Password library (ROTP) is an open source libr CVE-2024-28859 (Symfony1 is a community fork of symfony 1.4 with DIC, form enhancement ...) TODO: check CVE-2024-28640 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...) - TODO: check + NOT-FOR-US: TOTOLink CVE-2024-28639 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...) - TODO: check + NOT-FOR-US: TOTOLink CVE-2024-28070 (A vulnerability in the legacy chat component of Mitel MiContact Center ...) - TODO: check + NOT-FOR-US: Mitel CVE-2024-28069 (A vulnerability in the legacy chat component of Mitel MiContact Center ...) - TODO: check + NOT-FOR-US: Mitel CVE-2024-27197 (Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27195 (Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Waterm ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27194 (Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Font ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24845 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24156 (Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github ...) - TODO: check + NOT-FOR-US: Gnuboard CVE-2024-23523 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-23298 (A logic issue was addressed with improved state management.) - TODO: check + NOT-FOR-US: Apple CVE-2024-22513 (djangorestframework-simplejwt version 5.3.1 and before is vulnerable t ...) TODO: check CVE-2024-22259 (Applications that use UriComponentsBuilder in Spring Frameworkto parse ...) TODO: check CVE-2024-1733 (The Word Replacer Pro plugin for WordPress is vulnerable to unauthoriz ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1685 (The Social Media Share Buttons plugin for WordPress is vulnerable to P ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1239 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6525 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51521 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51512 (Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table b ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51510 (Cross-Site Request Forgery (CSRF) vulnerability in Atlas Gondal Export ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51491 (Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Sli ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51489 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51487 (Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51486 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51474 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu TerraClass ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 83db5455 by Salvatore Bonaccorso at 2024-03-15T22:14:55+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -116,7 +116,7 @@ CVE-2024-2446 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3. CVE-2024-2445 (Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x ...) - mattermost-server (bug #823556) CVE-2024-28854 (tls-listener is a rust lang wrapper around a connection listener to su ...) - TODO: check + NOT-FOR-US: tls-listener CVE-2024-28851 (The Snowflake Hive metastore connector provides an easy way to query H ...) NOT-FOR-US: Snowflake Hive metastore connector CVE-2024-28848 (OpenMetadata is a unified platform for discovery, observability, and g ...) @@ -192,23 +192,23 @@ CVE-2023-7248 (Certain functionality in OpenText Vertica Management console migh CVE-2023-7060 (Zephyr OS IP packet handling does not properly drop IP packets arrivin ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-7017 (Sciener locks' firmware update mechanism do not authenticate or valida ...) - TODO: check + NOT-FOR-US: Sciener locks' firmware CVE-2023-7009 (Some Sciener-based locks support plaintext message processing over Blu ...) - TODO: check + NOT-FOR-US: Sciener-based locks CVE-2023-7007 (Sciener server does not validate connection requests from the GatewayG ...) - TODO: check + NOT-FOR-US: Sciener server CVE-2023-7006 (The unlockKey character in a lock using Sciener firmware can be brute ...) - TODO: check + NOT-FOR-US: Sciener firmware CVE-2023-7004 (The TTLock App does not employ proper verification procedures to ensur ...) - TODO: check + NOT-FOR-US: TTLock App CVE-2023-7003 (The AES key utilized in the pairing process between a lock using Scien ...) - TODO: check + NOT-FOR-US: Sciener firmware CVE-2023-6960 (TTLock App virtual keys and settings are only deleted client side, and ...) - TODO: check + NOT-FOR-US: TTLock App CVE-2023-6725 (An access-control flaw was found in the OpenStack Designate component ...) TODO: check CVE-2023-51699 (Fluid is an open source Kubernetes-native Distributed Dataset Orchestr ...) - TODO: check + NOT-FOR-US: Fluid CVE-2023-51525 (Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg ...) NOT-FOR-US: WordPress plugin CVE-2023-51522 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Mem ...) @@ -299,7 +299,7 @@ CVE-2024-1795 (The HUSKY \u2013 Products Filter for WooCommerce Professional plu CVE-2024-1713 (A user who can create objects in a database with plv8 3.2.1 installed ...) TODO: check CVE-2024-0860 (The affected product is vulnerable to a cleartext transmission of sens ...) - TODO: check + NOT-FOR-US: Softing CVE-2024-0803 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) NOT-FOR-US: Mitsubishi CVE-2024-0802 (Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corpora ...) @@ -307,7 +307,7 @@ CVE-2024-0802 (Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Co CVE-2023-50677 (An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attac ...) NOT-FOR-US: NETGEAR CVE-2023-42286 (There is a PHP file inclusion vulnerability in the template configurat ...) - TODO: check + NOT-FOR-US: eyoucms CVE-2024-28054 - amavisd-new 1:2.13.0-5 [bookworm] - amavisd-new (Minor issue; will be fixed via point release) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83db5455f2305449b7fd0817332ba7f29dd38b83 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83db5455f2305449b7fd0817332ba7f29dd38b83 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3cc6066e by Salvatore Bonaccorso at 2024-03-15T21:35:37+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,17 +1,17 @@ CVE-2024-2537 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...) - TODO: check + NOT-FOR-US: Logitech Logi Tune CVE-2024-2497 (A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified ...) - TODO: check + NOT-FOR-US: RaspAP raspap-webgui CVE-2024-2495 (Cryptographic key vulnerability encoded in the FriendlyWrt firmware af ...) - TODO: check + NOT-FOR-US: riendlyWrt firmware CVE-2024-2490 (A vulnerability classified as critical was found in Tenda AC18 15.03.0 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2489 (A vulnerability classified as critical has been found in Tenda AC18 15 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2488 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2487 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been decla ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2450 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x bef ...) TODO: check CVE-2024-2446 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x bef ...) @@ -23,77 +23,77 @@ CVE-2024-28854 (tls-listener is a rust lang wrapper around a connection listener CVE-2024-28851 (The Snowflake Hive metastore connector provides an easy way to query H ...) TODO: check CVE-2024-28848 (OpenMetadata is a unified platform for discovery, observability, and g ...) - TODO: check + NOT-FOR-US: OpenMetadata CVE-2024-28847 (OpenMetadata is a unified platform for discovery, observability, and g ...) - TODO: check + NOT-FOR-US: OpenMetadata CVE-2024-28404 (TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-s ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-28403 (TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Si ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-28401 (TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-si ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-28319 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out ...) TODO: check CVE-2024-28318 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out ...) TODO: check CVE-2024-28255 (OpenMetadata is a unified platform for discovery, observability, and g ...) - TODO: check + NOT-FOR-US: OpenMetadata CVE-2024-28254 (OpenMetadata is a unified platform for discovery, observability, and g ...) - TODO: check + NOT-FOR-US: OpenMetadata CVE-2024-28253 (OpenMetadata is a unified platform for discovery, observability, and g ...) - TODO: check + NOT-FOR-US: OpenMetadata CVE-2024-28252 (CoreWCF is a port of the service side of Windows Communication Foundat ...) - TODO: check + NOT-FOR-US: CoreWCF CVE-2024-28242 (Discourse is an open source platform for community discussion. In affe ...) - TODO: check + NOT-FOR-US: Discourse CVE-2024-28053 (Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 ...) TODO: check CVE-2024-27987 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27920 (projectdiscovery/nuclei is a fast and customisable vulnerability scann ...) - TODO: check + NOT-FOR-US: projectdiscovery/nuclei CVE-2024-27196 (Cross Site Scripting (XSS) vulnerability in Joel Starnes postMash \u20 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27193 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27192 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27189 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27100 (Discourse is an open source platform for community discussion. In affe ...) - TODO: check + NOT-FOR-US: Discourse CVE-2024-27085 (Discourse is an open source platform for community discussion. In affe ...) - TODO: check + NOT-FOR-US: Discourse CVE-2024-25936 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25934 (Improper Neutralization of Input During Web Page
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61072614 by Salvatore Bonaccorso at 2024-03-15T21:24:05+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -125,17 +125,17 @@ CVE-2023-50886 (Cross-Site Request Forgery (CSRF), Incorrect Authorization vulne CVE-2023-50861 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY \u ...) TODO: check CVE-2023-47699 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-47162 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-47147 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to o ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-46182 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-46181 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be store ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-46179 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attr ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-2486 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been class ...) NOT-FOR-US: Tenda CVE-2024-2485 (A vulnerability was found in Tenda AC18 15.03.05.05 and classified as ...) @@ -184782,7 +184782,7 @@ CVE-2021-38940 CVE-2021-38939 (IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive informa ...) NOT-FOR-US: IBM CVE-2021-38938 (IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authent ...) NOT-FOR-US: IBM CVE-2021-38936 (IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitive info ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6107261485e563d9a1636190327ebcaea6511e17 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6107261485e563d9a1636190327ebcaea6511e17 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 98d2fe5d by Salvatore Bonaccorso at 2024-03-15T14:21:19+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,71 +1,71 @@ CVE-2024-2486 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been class ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2485 (A vulnerability was found in Tenda AC18 15.03.05.05 and classified as ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2483 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Surya2Developer Hostel Management Service CVE-2024-2482 (A vulnerability has been found in Surya2Developer Hostel Management Se ...) - TODO: check + NOT-FOR-US: Surya2Developer Hostel Management Service CVE-2024-2481 (A vulnerability, which was classified as critical, was found in Surya2 ...) - TODO: check + NOT-FOR-US: Surya2Developer Hostel Management Service CVE-2024-2480 (A vulnerability classified as critical was found in MHA Sistemas arMHA ...) - TODO: check + NOT-FOR-US: MHA Sistemas arMHAzena CVE-2024-2479 (A vulnerability classified as problematic has been found in MHA Sistem ...) - TODO: check + NOT-FOR-US: MHA Sistemas arMHAzena CVE-2024-2478 (A vulnerability was found in BradWenqiang HR 2.0. It has been rated as ...) - TODO: check + NOT-FOR-US: BradWenqiang HR CVE-2024-2399 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2256 (The oik plugin for WordPress is vulnerable to Stored Cross-Site Script ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2249 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2204 (Zemana AntiLogger v2.74.204.664 is vulnerable to a Denial of Service ( ...) - TODO: check + NOT-FOR-US: Zemana AntiLogger CVE-2024-2180 (Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information ...) - TODO: check + NOT-FOR-US: Zemana AntiLogger CVE-2024-28354 (There is a command injection vulnerability in the TRENDnet TEW-827DRU ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2024-28353 (There is a command injection vulnerability in the TRENDnet TEW-827DRU ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2024-27756 (An issue in GLPI v.10.0.12 and before allows a remote attacker to exec ...) TODO: check CVE-2024-26540 (A heap-based buffer overflow in Clmg before 3.3.3 can occur via a craf ...) TODO: check CVE-2024-26503 (Unrestricted File Upload vulnerability in Greek Universities Network O ...) - TODO: check + NOT-FOR-US: Greek Universities Network Open eClass CVE-2024-26475 (An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5 ...) TODO: check CVE-2024-26454 (A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7 ...) - TODO: check + NOT-FOR-US: Healthcare-Chatbot CVE-2024-26246 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26163 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-25227 (SQL Injection vulnerability in ABO.CMS version 5.8, allows remote atta ...) - TODO: check + NOT-FOR-US: ABO.CMS CVE-2024-1917 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2024-1916 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2024-1915 (Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corpora ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2024-1853 (Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process ...) - TODO: check + NOT-FOR-US: Zemana AntiLogger CVE-2024-1796 (The HUSKY \u2013 Products Filter for WooCommerce Professional plugin f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1795 (The HUSKY \u2013 Products Filter for WooCommerce Professional plugin f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1713 (A user who can create objects in a database with plv8 3.2.1 installed ...) TODO: check CVE-2024-0860 (The affected product is vulnerable to a cleartext transmission of sens ...) TODO: check CVE-2024-0803 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) - TODO: check + NOT-FOR-US: Mitsubishi
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 347e85f0 by Salvatore Bonaccorso at 2024-03-14T09:44:00+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,81 +1,81 @@ CVE-2024-2242 (The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2079 (The WPBakery Page Builder Addons by Livemesh plugin for WordPress is v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28662 (A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 sc ...) - piwigo CVE-2024-28391 (SQL injection vulnerability in FME Modules quickproducttable module fo ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-28390 (An issue in Advanced Plugins ultimateimagetool module for PrestaShop b ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-28388 (SQL injection vulnerability in SunnyToo stproductcomments module for P ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-28251 (Querybook is a Big Data Querying UI, combining collocated table metada ...) - TODO: check + NOT-FOR-US: Querybook CVE-2024-28193 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) - TODO: check + NOT-FOR-US: your_spotify CVE-2024-28192 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) - TODO: check + NOT-FOR-US: your_spotify CVE-2024-28175 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) - TODO: check + NOT-FOR-US: Argo CD CVE-2024-27703 (Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote a ...) - TODO: check + NOT-FOR-US: Leantime CVE-2024-27102 (Wings is the server control plane for Pterodactyl Panel. This vulnerab ...) TODO: check CVE-2024-27097 (A user endpoint didn't perform filtering on an incoming parameter, whi ...) TODO: check CVE-2024-25653 (Broken Access Control in the Report functionality of Delinea PAM Secre ...) - TODO: check + NOT-FOR-US: Delinea PAM Secret Server CVE-2024-25652 (In Delinea PAM Secret Server 11.4, it is possible for a user (with acc ...) - TODO: check + NOT-FOR-US: Delinea PAM Secret Server CVE-2024-25651 (User enumeration can occur in the Authentication REST API in Delinea P ...) - TODO: check + NOT-FOR-US: Delinea PAM Secret Server CVE-2024-25650 (Insecure key exchange between Delinea PAM Secret Server 11.4 and the D ...) - TODO: check + NOT-FOR-US: Delinea PAM Secret Server CVE-2024-25649 (In Delinea PAM Secret Server 11.4, it is possible for an attacker (wit ...) - TODO: check + NOT-FOR-US: Delinea PAM Secret Server CVE-2024-25250 (SQL Injection vulnerability in code-projects Agro-School Management Sy ...) - TODO: check + NOT-FOR-US: code-projects Agro-School Management System CVE-2024-25228 (Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authentic ...) - TODO: check + NOT-FOR-US: Vinchin Backup and Recovery CVE-2024-24105 (SQL Injection vulnerability in Code-projects Computer Science Time Tab ...) - TODO: check + NOT-FOR-US: Code-projects Computer Science Time Table System CVE-2024-22398 (An improper Limitation of a Pathname to a Restricted Directory (Path T ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2024-22397 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2024-22396 (An Integer-based buffer overflow vulnerability in the SonicOS via IPSe ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2024-22167 (A potential DLL hijacking vulnerability in the SanDisk PrivateAccess a ...) - TODO: check + NOT-FOR-US: WesternDigital CVE-2024-1884 (This is a Server-Side Request Forgery (SSRF) vulnerability in the Pape ...) - TODO: check + NOT-FOR-US: Papercut CVE-2024-1883 (This is a reflected cross site scripting vulnerability in the PaperCut ...) - TODO: check + NOT-FOR-US: Papercut CVE-2024-1882 (This vulnerability allows an already authenticated admin user to creat ...) - TODO: check + NOT-FOR-US: Papercut CVE-2024-1654 (This vulnerability potentially allows unauthorized write operations wh ...) - TODO: check + NOT-FOR-US: Papercut CVE-2024-1223 (This vulnerability potentially allows unauthorized enumeration of info ...) - TODO: check + NOT-FOR-US: Papercut CVE-2024-1222 (This allows attackers to use a maliciously formed API request to gain ...) - TODO: check + NOT-FOR-US: Papercut CVE-2024-1221 (This vulnerability potentially allows files on a
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8587b959 by Salvatore Bonaccorso at 2024-03-13T22:00:44+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,53 +1,53 @@ CVE-2024-2433 (An improper authorization vulnerability in Palo Alto Networks Panorama ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-2432 (A privilege escalation (PE) vulnerability in the Palo Alto Networks Gl ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-2431 (An issue in the Palo Alto Networks GlobalProtect app enables a non-pri ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-2418 (A vulnerability was found in SourceCodester Best POS Management System ...) - TODO: check + NOT-FOR-US: SourceCodester Best POS Management System CVE-2024-2416 (Cross-Site Request Forgery vulnerability in Movistar's 4G router affec ...) - TODO: check + NOT-FOR-US: Movistar CVE-2024-2415 (Command injection vulnerability in Movistar 4G router affecting versio ...) - TODO: check + NOT-FOR-US: Movistar CVE-2024-2414 (The primary channel is unprotected on Movistar 4G router affecting E v ...) - TODO: check + NOT-FOR-US: Movistar CVE-2024-2403 (Improper cleanup in temporary file handling component in Devolutions R ...) - TODO: check + NOT-FOR-US: Devolutions CVE-2024-2293 (The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2286 (The Sky Addons for Elementor (Free Templates Library, Live Copy, Anima ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2252 (The Droit Elementor Addons \u2013 Widgets, Blocks, Templates Library F ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2247 (JFrog Artifactory versions below 7.77.7, are vulnerable to DOM-based c ...) - TODO: check + NOT-FOR-US: JFrog Artifactory CVE-2024-2239 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2238 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2237 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2194 (The WP Statistics plugin for WordPress is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2172 (The Malware Scanner plugin and the Web Application Firewall plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2126 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2123 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2106 (The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Edu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2030 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2028 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2020 (The Calculated Fields Form plugin for WordPress is vulnerable to Store ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2006 (The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Guten ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2000 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28683 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) @@ -95,15 +95,15 @@ CVE-2024-28430 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forg CVE-2024-28429 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28196 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) - TODO: check + NOT-FOR-US: your_spotify CVE-2024-28195 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) - TODO: check + NOT-FOR-US: your_spotify CVE-2024-28194 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) - TODO: check + NOT-FOR-US: your_spotify
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b753d1cd by Salvatore Bonaccorso at 2024-03-13T21:28:47+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49,51 +49,51 @@ CVE-2024-2006 (The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, CVE-2024-2000 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) TODO: check CVE-2024-28684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28683 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28682 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28681 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28680 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28679 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28678 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28677 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28676 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28675 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28673 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28672 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28671 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28670 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28669 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28668 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28667 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28666 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28665 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28432 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28431 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28430 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28429 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28196 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) TODO: check CVE-2024-28195 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b753d1cd271f15ad5e874d1326e8998efc9d05a1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b753d1cd271f15ad5e874d1326e8998efc9d05a1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7aa5b794 by Salvatore Bonaccorso at 2024-03-13T21:19:36+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -377,11 +377,11 @@ CVE-2023-52608 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/437a310b22244d4e0b78665c3042e5d1c0f45306 (6.8-rc2) CVE-2023-43043 (IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 cou ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-38723 (IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-sit ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-32335 (IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Managemen ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-25090 (An unauthenticated remote attacker can use an XSS attack due to improp ...) TODO: check CVE-2015-10123 (An unautheticated remote attacker could send specifically crafted pack ...) @@ -60021,7 +60021,7 @@ CVE-2023-28519 CVE-2023-28518 RESERVED CVE-2023-28517 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vul ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-28516 RESERVED CVE-2023-28515 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7aa5b7941189ea6eca48b16bfd0fe48ee3d5a153 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7aa5b7941189ea6eca48b16bfd0fe48ee3d5a153 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 67f37536 by Salvatore Bonaccorso at 2024-03-13T10:52:42+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,7 +11,7 @@ CVE-2024-2400 (Use after free in Performance Manager in Google Chrome prior to 1 CVE-2024-2395 (The Bulgarisation for WooCommerce plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-2107 (The Blossom Spa theme for WordPress is vulnerable to Sensitive Informa ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-28623 (RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: RiteCMS CVE-2024-28239 (Directus is a real-time API and App dashboard for managing SQL databas ...) @@ -27,7 +27,7 @@ CVE-2024-27305 (aiosmtpd is a reimplementation of the Python stdlib smtpd.py bas NOTE: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65 NOTE: https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb (1.4.5) CVE-2024-26529 (An issue in mz-automation libiec61850 v.1.5.3 and before, allows a rem ...) - TODO: check + NOT-FOR-US: libIEC61850 CVE-2024-24101 (Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Inject ...) NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-24097 (Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tra ...) @@ -37,47 +37,47 @@ CVE-2024-24093 (SQL Injection vulnerability in Code-projects Scholars Tracking S CVE-2024-24092 (SQL Injection vulnerability in Code-projects.org Scholars Tracking Sys ...) NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-23300 (A use-after-free issue was addressed with improved memory management. ...) - TODO: check + NOT-FOR-US: GarageBand CVE-2024-1582 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1503 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1502 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1450 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1421 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1397 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1326 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1278 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1214 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1213 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0966 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0386 (The weForms plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7072 (The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6500 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4839 (The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Script ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-43292 (Cross Site Scripting vulnerability in My Food Recipe Using PHP with So ...) - TODO: check + NOT-FOR-US: My Food Recipe Using PHP with Source Code CVE-2023-43279 (Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcprepla ...) TODO: check CVE-2023-42308 (Cross Site Scripting (XSS) vulnerability in Manage Fastrack Subjects i ...) - TODO: check + NOT-FOR-US: Code-Projects Exam Form Submission CVE-2023-42307 (Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Su ...) - TODO: check + NOT-FOR-US: Code-Projects Exam Form Submission CVE-2015-10130 (The Team Circle Image Slider With Lightbox plugin for WordPress is vul ...) -
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84074748 by Salvatore Bonaccorso at 2024-03-13T09:30:45+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,39 +1,39 @@ CVE-2024-2413 (Intumit SmartRobot uses a fixed encryption key for authentication. Rem ...) - TODO: check + NOT-FOR-US: Intumit SmartRobot CVE-2024-2412 (The disabling function of the user registration page for Heimavista Rp ...) - TODO: check + NOT-FOR-US: Heimavista Rpage and Epage CVE-2024-2406 (A vulnerability, which was classified as critical, was found in Gacjie ...) - TODO: check + NOT-FOR-US: Gacjie Server CVE-2024-2400 (Use after free in Performance Manager in Google Chrome prior to 122.0. ...) - chromium 122.0.6261.128-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-2395 (The Bulgarisation for WooCommerce plugin for WordPress is vulnerable t ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2107 (The Blossom Spa theme for WordPress is vulnerable to Sensitive Informa ...) TODO: check CVE-2024-28623 (RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) ...) - TODO: check + NOT-FOR-US: RiteCMS CVE-2024-28239 (Directus is a real-time API and App dashboard for managing SQL databas ...) - TODO: check + NOT-FOR-US: Directus CVE-2024-28238 (Directus is a real-time API and App dashboard for managing SQL databas ...) - TODO: check + NOT-FOR-US: Directus CVE-2024-28236 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...) TODO: check CVE-2024-27440 (The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyok ...) - TODO: check + NOT-FOR-US: Toyoko Inn official App CVE-2024-27305 (aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on ...) TODO: check CVE-2024-26529 (An issue in mz-automation libiec61850 v.1.5.3 and before, allows a rem ...) TODO: check CVE-2024-24101 (Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Inject ...) - TODO: check + NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-24097 (Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tra ...) - TODO: check + NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-24093 (SQL Injection vulnerability in Code-projects Scholars Tracking System ...) - TODO: check + NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-24092 (SQL Injection vulnerability in Code-projects.org Scholars Tracking Sys ...) - TODO: check + NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-23300 (A use-after-free issue was addressed with improved memory management. ...) TODO: check CVE-2024-1582 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84074748af68726611fbb86cb7056bfdd8f25afc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84074748af68726611fbb86cb7056bfdd8f25afc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 31bd1304 by Salvatore Bonaccorso at 2024-03-12T21:38:27+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7,11 +7,11 @@ CVE-2024-2391 (A vulnerability was found in EVE-NG 5.0.1-13 and classified as pr CVE-2024-2371 (Information exposure vulnerability in Korenix JetI/O 6550 affecting fi ...) NOT-FOR-US: Korenix JetI/O 6550 CVE-2024-2130 (The CWW Companion plugin for WordPress is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2049 (Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium E ...) - TODO: check + NOT-FOR-US: Citrix CVE-2024-2031 (The Video Conferencing with Zoom plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28553 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entr ...) NOT-FOR-US: Tenda CVE-2024-28535 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitI ...) @@ -25,7 +25,7 @@ CVE-2024-28338 (A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows a CVE-2024-28186 (FreeScout is an open source help desk and shared inbox built with PHP. ...) NOT-FOR-US: FreeScout CVE-2024-28121 (stimulus_reflex is a system to extend the capabilities of both Rails a ...) - TODO: check + NOT-FOR-US: stimulus_reflex CVE-2024-28114 (Peering Manager is a BGP session management tool. There is a Server Si ...) NOT-FOR-US: Peering Manager CVE-2024-28113 (Peering Manager is a BGP session management tool. In Peering Manager < ...) @@ -205,75 +205,75 @@ CVE-2024-21334 (Open Management Infrastructure (OMI) Remote Code Execution Vulne CVE-2024-21330 (Open Management Infrastructure (OMI) Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2024-20671 (Microsoft Defender Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-1765 (Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an u ...) TODO: check CVE-2024-1618 (A search path or unquoted item vulnerability in Faronics Deep Freeze S ...) - TODO: check + NOT-FOR-US: Faronics Deep Freeze Server Standard CVE-2024-1529 (Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently e ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2024-1528 (CMS Made Simple version 2.2.14, does not sufficiently encode user-cont ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2024-1527 (Unrestricted file upload vulnerability in CMS Made Simple, affecting v ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2024-1410 (Cloudflare quiche was discovered to be vulnerable to unbounded storage ...) - TODO: check + NOT-FOR-US: Cloudflare quiche CVE-2024-1328 (The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1304 (Cross-site scripting vulnerability in Badger Meter Monitool that affec ...) - TODO: check + NOT-FOR-US: Badger Meter Monitool CVE-2024-1303 (Incorrectly limiting the path to a restricted directory vulnerability ...) - TODO: check + NOT-FOR-US: Badger Meter Monitool CVE-2024-1302 (Information exposure vulnerability in Badger Meter Monitool affecting ...) - TODO: check + NOT-FOR-US: Badger Meter Monitool CVE-2024-1301 (SQL injection vulnerability in Badger Meter Monitool affecting version ...) - TODO: check + NOT-FOR-US: Badger Meter Monitool CVE-2024-1227 (An open redirect vulnerability, the exploitation of which could allow ...) TODO: check CVE-2024-1226 (The software does not neutralize or incorrectly neutralizes certain ch ...) TODO: check CVE-2024-1138 (The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterpri ...) - TODO: check + NOT-FOR-US: TIBCO CVE-2024-1137 (The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveS ...) - TODO: check + NOT-FOR-US: TIBCO CVE-2024-0906 (The f(x) Private Site plugin for WordPress is vulnerable to Sensitive ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5410 (A potential security vulnerability has been reported in the system BIO ...) - TODO: check + NOT-FOR-US: HP CVE-2023-4780 REJECTED CVE-2023-4731 (The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Fo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4729 (The LadiApp plugin for WordPress is vulnerable to Cross-Site Request F ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4728 (The LadiApp plugin for WordPress is
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 11d3ebd8 by Salvatore Bonaccorso at 2024-03-12T21:25:33+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2024-2394 (A vulnerability was found in SourceCodester Employee Management System ...) - TODO: check + NOT-FOR-US: SourceCodester Employee Management System CVE-2024-2393 (A vulnerability was found in SourceCodester CRUD without Page Reload 1 ...) - TODO: check + NOT-FOR-US: SourceCodester CRUD without Page Reload CVE-2024-2391 (A vulnerability was found in EVE-NG 5.0.1-13 and classified as problem ...) - TODO: check + NOT-FOR-US: EVE-NG CVE-2024-2371 (Information exposure vulnerability in Korenix JetI/O 6550 affecting fi ...) - TODO: check + NOT-FOR-US: Korenix JetI/O 6550 CVE-2024-2130 (The CWW Companion plugin for WordPress is vulnerable to Stored Cross-S ...) TODO: check CVE-2024-2049 (Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium E ...) @@ -13,197 +13,197 @@ CVE-2024-2049 (Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Prem CVE-2024-2031 (The Video Conferencing with Zoom plugin for WordPress is vulnerable to ...) TODO: check CVE-2024-28553 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entr ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-28535 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitI ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-28340 (An information leak in the currentsetting.htm component of Netgear CBR ...) - TODO: check + NOT-FOR-US: Netgear CVE-2024-28339 (An information leak in the debuginfo.htm component of Netgear CBR40 2. ...) - TODO: check + NOT-FOR-US: Netgear CVE-2024-28338 (A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attacke ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-28186 (FreeScout is an open source help desk and shared inbox built with PHP. ...) - TODO: check + NOT-FOR-US: FreeScout CVE-2024-28121 (stimulus_reflex is a system to extend the capabilities of both Rails a ...) TODO: check CVE-2024-28114 (Peering Manager is a BGP session management tool. There is a Server Si ...) - TODO: check + NOT-FOR-US: Peering Manager CVE-2024-28113 (Peering Manager is a BGP session management tool. In Peering Manager < ...) - TODO: check + NOT-FOR-US: Peering Manager CVE-2024-28112 (Peering Manager is a BGP session management tool. Affected versions of ...) - TODO: check + NOT-FOR-US: Peering Manager CVE-2024-28098 (The vulnerability allows authenticated users with only produce or cons ...) - TODO: check + NOT-FOR-US: Apache Pulsar CVE-2024-27907 (A vulnerability has been identified in Simcenter Femap (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-27894 (The Pulsar Functions Worker includes a capability that permits authent ...) - TODO: check + NOT-FOR-US: Apache Pulsar CVE-2024-27758 (In RPyC before 6.0.0, when a server exposes a method that calls the at ...) TODO: check CVE-2024-27317 (In Pulsar Functions Worker, authenticated users can upload functions i ...) - TODO: check + NOT-FOR-US: Apache Pulsar CVE-2024-27279 (Directory traversal vulnerability exists in a-blog cms Ver.3.1.x serie ...) - TODO: check + NOT-FOR-US: a-blog cms CVE-2024-27135 (Improper input validation in the Pulsar Function Worker allows a malic ...) - TODO: check + NOT-FOR-US: Apache Pulsar CVE-2024-26288 (An unauthenticated remote attacker can influence the communication due ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-26204 (Outlook for Android Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26203 (Azure Data Studio Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26201 (Microsoft Intune Linux Agent Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26199 (Microsoft Office Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26198 (Microsoft Exchange Server Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26197 (Windows Standards-Based Storage Management Service Denial of Service V ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26190 (Microsoft QUIC Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26185 (Windows Compressed Folder Tampering Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26182 (Windows
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d20aaeb by Salvatore Bonaccorso at 2024-03-12T09:51:59+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,49 +1,49 @@ CVE-2024-28199 (phlex is an open source framework for building object-oriented views i ...) TODO: check CVE-2024-28163 (Under certain conditions, Support Web Pages of SAP NetWeaver Process I ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-28120 (codeium-chrome is an open source code completion plugin for the chrome ...) TODO: check CVE-2024-27938 (Postal is an open source SMTP server. Postal versions less than 3.0.0 ...) TODO: check CVE-2024-27902 (Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - vers ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-27900 (Due to missing authorization check, attacker with business user accoun ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-27297 (Nix is a package manager for Linux and other Unix systems. A fixed-out ...) TODO: check CVE-2024-27121 (Path traversal vulnerability exists in Machine Automation Controller N ...) TODO: check CVE-2024-26521 (HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows ...) - TODO: check + NOT-FOR-US: CE Phoenix CVE-2024-25854 (Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance M ...) - TODO: check + NOT-FOR-US: Sourcecodester Insurance Management System CVE-2024-25645 (Under certain conditionSAPNetWeaver (Enterprise Portal) - version 7.50 ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-25644 (Under certain conditions SAP NetWeaverWSRM- version 7.50, allows an at ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-25331 (DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.0 ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-25325 (SQL injection vulnerability in Employee Management System v.1.0 allows ...) - TODO: check + NOT-FOR-US: Employee Management System CVE-2024-25114 (Collabora Online is a collaborative online office suite based on Libre ...) - TODO: check + NOT-FOR-US: Collabora Online CVE-2024-24964 (Improper access control vulnerability exists in the resident process o ...) - TODO: check + NOT-FOR-US: SKYSEA Client View CVE-2024-22133 (SAP Fiori Front End Server - version 605, allows altering of approver ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-22127 (SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-21805 (Improper access control vulnerability exists in the specific folder of ...) - TODO: check + NOT-FOR-US: SKYSEA Client View CVE-2024-21584 (Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulner ...) - TODO: check + NOT-FOR-US: Pleasanter CVE-2024-1645 (The Mollie Forms plugin for WordPress is vulnerable to unauthorized ac ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1400 (The Mollie Forms plugin for WordPress is vulnerable to unauthorized po ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6814 (Insertion of Sensitive Information into Log File vulnerability in Hita ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2023-49785 (NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat use ...) TODO: check CVE-2023-49453 (Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22 ...) @@ -86820,7 +86820,7 @@ CVE-2022-46072 (Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Inj CVE-2022-46071 (There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Log ...) NOT-FOR-US: Helmet Store Showroom CVE-2022-46070 (GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: GV-ASManager CVE-2022-46069 RESERVED CVE-2022-46068 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d20aaebdc9cc9d234f4bedcb7aa599252128fc0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d20aaebdc9cc9d234f4bedcb7aa599252128fc0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a497a2a by Salvatore Bonaccorso at 2024-03-11T21:25:41+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,163 +1,163 @@ CVE-2024-2370 (Unrestricted file upload vulnerability in ManageEngine Desktop Central ...) - TODO: check + NOT-FOR-US: ManageEngine CVE-2024-2357 (The Libreswan Project was notified of an issue causing libreswan to re ...) TODO: check CVE-2024-28198 (OpenOlat is an open source web-based e-learning platform for teaching, ...) - TODO: check + NOT-FOR-US: OpenOlat CVE-2024-28197 (Zitadel is an open source identity management system. Zitadel uses a c ...) - TODO: check + NOT-FOR-US: Zitadel CVE-2024-28187 (SOY CMS is an open source CMS (content management system) that allows ...) - TODO: check + NOT-FOR-US: SOY CMS CVE-2024-27237 (In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size c ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27236 (In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27235 (In plugin_extern_func of TBD, there is a possible out of bounds read d ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27234 (In fvp_set_target of fvp.c, there is a possible out of bounds read due ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27233 (In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission byp ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27230 (In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cp ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27229 (In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27228 (In TBD of TBD, there is a possible out of bounds write due to a heap b ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27227 (Android kernel allows Remote code execution.) - TODO: check + NOT-FOR-US: Android CVE-2024-27226 (In tmu_config_gov_params of TBD, there is a possible out of bounds wri ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27225 (In sendHciCommand of bluetooth_hci.cc, there is a possible out of boun ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27224 (In strncpy of strncpy.c, there is a possible out of bounds write due t ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27223 (In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27222 (In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible w ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27221 (In update_policy_data of TBD, there is a possible out of bounds write ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27220 (In lpm_req_handler of TBD, there is a possible out of bounds memory ac ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27219 (In tmu_set_pi of tmu.c, there is a possible out of bounds write due to ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27218 (In update_freq_data of TBD, there is a possible out of bounds read due ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27213 (In BroadcastSystemMessage of servicemgr.cpp, there is a possible Remot ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27212 (In init_data of TBD, there is a possible out of bounds write due to a ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27211 (In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write du ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27210 (In policy_check of fvp.c, there is a possible out of bounds write due ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27209 (In TBD of TBD, there is a possible out of bounds write due to a heap b ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27208 (In TBD of TBD, there is a possible out of bounds write due to a missin ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27207 (Android kernel allows Elevation of privilege.) - TODO: check + NOT-FOR-US: Android CVE-2024-27206 (In tbd of tbd, there is a possible out of bounds read due to a missing ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27205 (In tbd of tbd, there is a possible memory corruption due to a use afte ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27204 (In tmu_set_gov_active of tmu.c, there is a possible out of bounds writ ...) - TODO: check + NOT-FOR-US: Android CVE-2024-25993 (In
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b506e44e by Salvatore Bonaccorso at 2024-03-11T09:46:22+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2024-2365 (A vulnerability classified as problematic was found in Musicshelf 1.0/ ...) - TODO: check + NOT-FOR-US: Musicshelf CVE-2024-2364 (A vulnerability classified as problematic has been found in Musicshelf ...) - TODO: check + NOT-FOR-US: Musicshelf CVE-2024-2363 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM T ...) - TODO: check + NOT-FOR-US: AOL AIM Triton CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load them ...) TODO: check CVE-2024-2313 (If kernel headers need to be extracted, bpftrace will attempt to load ...) @@ -13,7 +13,7 @@ CVE-2024-2184 (Buffer overflow in identifier field of WSD probe request process CVE-2024-28823 (Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 a ...) TODO: check CVE-2024-28816 (Student Information Chatbot a0196ab allows SQL injection via the usern ...) - TODO: check + NOT-FOR-US: Student Information Chatbot CVE-2024-2355 (A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project ...) NOT-FOR-US: keerti1924 Secret-Coder-PHP-Project CVE-2024-2354 (A vulnerability, which was classified as problematic, was found in Dre ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b506e44e5c741e43d902694da1bb02cb6da51927 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b506e44e5c741e43d902694da1bb02cb6da51927 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ac21bf1 by Salvatore Bonaccorso at 2024-03-09T21:15:24+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,13 @@ CVE-2024-2333 (A vulnerability classified as critical has been found in CodeAstro Mem ...) - TODO: check + NOT-FOR-US: CodeAstro Membership Management System CVE-2024-2332 (A vulnerability was found in SourceCodester Online Mobile Management S ...) - TODO: check + NOT-FOR-US: SourceCodester Online Mobile Management Store CVE-2024-2331 (A vulnerability was found in SourceCodester Tourist Reservation System ...) - TODO: check + NOT-FOR-US: SourceCodester Tourist Reservation System CVE-2024-2330 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-1870 (The Colibri Page Builder plugin for WordPress is vulnerable to unautho ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2329 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-28754 (RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to ca ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ac21bf1842028ec311e09c1ad853c9a63812fc0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ac21bf1842028ec311e09c1ad853c9a63812fc0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 30e46586 by Salvatore Bonaccorso at 2024-03-09T17:33:33+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,7 +11,7 @@ CVE-2024-28180 (Package jose aims to provide an implementation of the Javascript CVE-2024-28176 (jose is JavaScript module for JSON Object Signing and Encryption, prov ...) TODO: check CVE-2024-28123 (Wasmi is an efficient and lightweight WebAssembly interpreter with a f ...) - TODO: check + NOT-FOR-US: Wasmi CVE-2024-28122 (JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherw ...) TODO: check CVE-2024-28089 (Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote att ...) @@ -319,7 +319,7 @@ CVE-2024-1931 (NLnet Labs Unbound version 1.18.0 up to and including version 1.1 CVE-2024-1773 (The PDF Invoices and Packing Slips For WooCommerce plugin for WordPres ...) NOT-FOR-US: WordPress plugin CVE-2024-1725 (A flaw was found in the kubevirt-csi component of OpenShift Virtualiza ...) - TODO: check + NOT-FOR-US: kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP) CVE-2024-1534 (The Booster for WooCommerce plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-1442 (A user with the permissions to create a data source can use Grafana AP ...) @@ -490,9 +490,9 @@ CVE-2024-27304 (pgx is a PostgreSQL driver and toolkit for Go. SQL injection can NOTE: https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8 (v5.5.4) NOTE: https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df (v4.18.2) CVE-2024-27303 (electron-builder is a solution to package and build a ready for distri ...) - TODO: check + NOT-FOR-US: electron-builder CVE-2024-27302 (go-zero is a web and rpc framework. Go-zero allows user to specify a C ...) - TODO: check + NOT-FOR-US: go-zero CVE-2024-27289 (pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2 ...) - golang-github-jackc-pgx (bug #1065686) [bookworm] - golang-github-jackc-pgx (Minor issue) @@ -559,7 +559,7 @@ CVE-2023-49979 (A directory listing vulnerability in Customer Support System v1 CVE-2023-49978 (Incorrect access control in Customer Support System v1 allows non-admi ...) NOT-FOR-US: Customer Support System CVE-2023-48703 (RobotsAndPencils go-saml, a SAML client library written in Go, contain ...) - TODO: check + NOT-FOR-US: go-saml CVE-2023-38825 (SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allow ...) NOT-FOR-US: Vanderbilt REDCap CVE-2024-28160 (Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum p ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e4658675abbb5c8c7792b7e9258c0d2f2b7e43 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e4658675abbb5c8c7792b7e9258c0d2f2b7e43 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0bc3e86d by Salvatore Bonaccorso at 2024-03-09T09:46:16+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2024-2329 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-28754 (RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to ca ...) - TODO: check + NOT-FOR-US: RaspAP CVE-2024-28753 (RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to re ...) - TODO: check + NOT-FOR-US: RaspAP CVE-2024-28184 (WeasyPrint helps web developers to create PDF documents. Since version ...) - TODO: check + NOT-FOR-US: WeasyPrint CVE-2024-28180 (Package jose aims to provide an implementation of the Javascript Objec ...) TODO: check CVE-2024-28176 (jose is JavaScript module for JSON Object Signing and Encryption, prov ...) @@ -15,27 +15,27 @@ CVE-2024-28123 (Wasmi is an efficient and lightweight WebAssembly interpreter wi CVE-2024-28122 (JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherw ...) TODO: check CVE-2024-28089 (Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote att ...) - TODO: check + NOT-FOR-US: Hitron CODA-4582 2AHKM-CODA4589 CVE-2024-25951 (A command injection vulnerability exists in local RACADM. A malicious ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-25501 (An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker t ...) - TODO: check + NOT-FOR-US: WinMail CVE-2024-1767 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-1320 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1125 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1124 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1123 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-50015 (An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0 ...) - TODO: check + NOT-FOR-US: Grandstream CVE-2023-49341 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk versi ...) - TODO: check + NOT-FOR-US: Newland Nquire 1000 Interactive Kiosk CVE-2023-49340 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk versi ...) - TODO: check + NOT-FOR-US: Newland Nquire 1000 Interactive Kiosk CVE-2023-46427 (An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-mast ...) - gpac NOTE: https://github.com/gpac/gpac/issues/2641 @@ -45,7 +45,7 @@ CVE-2023-46426 (Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV NOTE: https://github.com/gpac/gpac/issues/2642 NOTE: https://github.com/gpac/gpac/commit/14ec709a1ffae23ad777c37320290caa0a754341 CVE-2023-32264 (CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16. ...) - TODO: check + NOT-FOR-US: OpenText CVE-2024-2339 (PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a use ...) NOT-FOR-US: PostgreSQL Anonymizer CVE-2024-2338 (PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that ...) @@ -633,7 +633,7 @@ CVE-2024-24276 (Cross Site Scripting (XSS) vulnerability in Teamwire Windows des CVE-2024-24275 (Cross Site Scripting vulnerability in Teamwire Windows desktop client ...) NOT-FOR-US: Teamwire Windows desktop client CVE-2024-22889 (Due to incorrect access control in Plone version v6.0.9, remote attack ...) - TODO: check + NOT-FOR-US: Plone CVE-2024-1989 (The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-1901 (Denial of service in PAM password rotation during the check-in process ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bc3e86d4e64005cf35ac26956d7a89f1eadc4c3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bc3e86d4e64005cf35ac26956d7a89f1eadc4c3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net