[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 71a0e1a0 by Salvatore Bonaccorso at 2024-04-25T08:26:31+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,57 +13,57 @@ CVE-2024-4058 CVE-2024-4141 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an in ...) TODO: check CVE-2024-4127 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been classi ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4126 (A vulnerability was found in Tenda W15E 15.11.0.14 and classified as c ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4125 (A vulnerability has been found in Tenda W15E 15.11.0.14 and classified ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4124 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4123 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4122 (A vulnerability classified as critical was found in Tenda W15E 15.11.0 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4121 (A vulnerability classified as critical has been found in Tenda W15E 15 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4120 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4119 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been declar ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4118 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been classi ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4117 (A vulnerability was found in Tenda W15E 15.11.0.14 and classified as c ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4116 (A vulnerability has been found in Tenda W15E 15.11.0.14 and classified ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4115 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4114 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4113 (A vulnerability classified as critical was found in Tenda TX9 22.03.02 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4112 (A vulnerability classified as critical has been found in Tenda TX9 22. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4111 (A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4093 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Subscription Website CVE-2024-4075 (A vulnerability classified as problematic has been found in Kashipara ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4074 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4073 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4072 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4071 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4070 (A vulnerability has been found in Kashipara Online Furniture Shopping ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4069 (A vulnerability, which was classified as critical, was found in Kaship ...) - TODO: check + NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4066 (A vulnerability classified as critical has been found in Tenda AC8 16. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3371 (MongoDB Compass may accept and use insufficiently validated input from ...) TODO: check CVE-2024-3261 (The Strong Testimonials WordPress plugin before 3.1.12 does not valida ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71a0e1a026df882e8a00e180e6247064434047cc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71a0e1a026df882e8a00e180e6247064434047cc You're receiving this email because of your
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 18ef36cc by Salvatore Bonaccorso at 2024-04-23T22:37:03+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,23 +13,23 @@ CVE-2024-3732 (The GeoDirectory \u2013 WordPress Business Directory Plugin, or C CVE-2024-3665 (The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-3491 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3185 (A key used in logging.json does not follow the least privilege princip ...) TODO: check CVE-2024-33217 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-33215 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-33214 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-33213 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-33212 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-33211 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-32679 (Missing Authorization vulnerability in Shared Files PRO Shared Files.T ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) TODO: check CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...) @@ -47,11 +47,11 @@ CVE-2024-31804 (An unquoted service path vulnerability in Terratec DMX_6Fire USB CVE-2024-31208 (Synapse is an open-source Matrix homeserver. A remote Matrix user with ...) TODO: check CVE-2024-30800 (PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly z ...) - TODO: check + NOT-FOR-US: PX4 Autopilot CVE-2024-2477 (The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28627 (An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain s ...) - TODO: check + NOT-FOR-US: Flipsnack CVE-2024-28130 (An incorrect type conversion vulnerability exists in the DVPSSoftcopyV ...) TODO: check CVE-2024-21979 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) @@ -59,9 +59,9 @@ CVE-2024-21979 (An out of bounds write vulnerability in the AMD Radeon\u2122 use CVE-2024-21972 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) TODO: check CVE-2024-0900 (The Elespare \u2013 Build Your Blog, News & Magazine Websites with Exp ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47731 (IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pa ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-26922 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux NOTE: https://git.kernel.org/linus/6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75 (6.9-rc5) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18ef36ccd4e18af7fa865927b78e20e856409d6b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18ef36ccd4e18af7fa865927b78e20e856409d6b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9583641d by Salvatore Bonaccorso at 2024-04-23T22:25:24+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,17 +1,17 @@ CVE-2024-4065 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4064 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been declar ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4063 (A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. I ...) - TODO: check + NOT-FOR-US: EZVIZ CVE-2024-4062 (A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classi ...) - TODO: check + NOT-FOR-US: Hualai Xiaofang iSC5 CVE-2024-3911 (An unauthenticated remote attacker candeceive users into performing un ...) - TODO: check + NOT-FOR-US: Welotec GmbH products CVE-2024-3732 (The GeoDirectory \u2013 WordPress Business Directory Plugin, or Classi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3665 (The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3491 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...) TODO: check CVE-2024-3185 (A key used in logging.json does not follow the least privilege princip ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9583641dd4b6168cb97dd1da9a01389445713853 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9583641dd4b6168cb97dd1da9a01389445713853 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 084b134a by Salvatore Bonaccorso at 2024-04-23T08:51:21+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -97368,7 +97368,7 @@ CVE-2022-46899 (An issue was discovered in Vocera Report Server and Voice Server CVE-2022-46898 (An issue was discovered in Vocera Report Server and Voice Server 5.x t ...) NOT-FOR-US: Vocera Report Server and Voice Server CVE-2022-46897 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) - TODO: check + NOT-FOR-US: Insyde CVE-2022-46896 RESERVED CVE-2022-46895 @@ -132132,7 +132132,7 @@ CVE-2022-35505 (A segmentation fault in TripleCross v0.1.0 occurs when sending a CVE-2022-35504 RESERVED CVE-2022-35503 (Improper verification of a user input in Open Source MANO v7-v12 allow ...) - TODO: check + NOT-FOR-US: Open Source MANO CVE-2022-35502 RESERVED CVE-2022-35501 (Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 ...) @@ -135095,11 +135095,11 @@ CVE-2022-34564 CVE-2022-34563 RESERVED CVE-2022-34562 (A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows att ...) - TODO: check + NOT-FOR-US: PHPFox CVE-2022-34561 (A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows att ...) - TODO: check + NOT-FOR-US: PHPFox CVE-2022-34560 (A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows att ...) - TODO: check + NOT-FOR-US: PHPFox CVE-2022-34559 RESERVED CVE-2022-34558 (WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/084b134a8ea25f51d445f0cb2e796aa6cc04f0b2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/084b134a8ea25f51d445f0cb2e796aa6cc04f0b2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1c0c2d76 by Salvatore Bonaccorso at 2024-04-22T10:22:56+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,21 +1,21 @@
CVE-2024-4022 (A vulnerability was found in Keenetic KN-1010, KN-1410,
KN-1711, KN-18 ...)
- TODO: check
+ NOT-FOR-US: Keenetic router
CVE-2024-4021 (A vulnerability was found in Keenetic KN-1010, KN-1410,
KN-1711, KN-18 ...)
- TODO: check
+ NOT-FOR-US: Keenetic router
CVE-2024-32698 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32697 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32696 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32695 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32694 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32693 (Cross-Site Request Forgery (CSRF) vulnerability in ValvePress
Automati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32690 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32418 (An issue in flusity CMS v2.33 allows a remote attacker to
execute arbi ...)
TODO: check
CVE-2024-30799 (An issue in PX4 Autopilot v1.14 and before allows a remote
attacker to ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c0c2d760ac37023fedf3bb2d9fee1833e64768b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c0c2d760ac37023fedf3bb2d9fee1833e64768b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 466a96da by Salvatore Bonaccorso at 2024-04-19T22:41:28+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,7 +9,7 @@ CVE-2024-3741 (Electrolink transmitters are vulnerable to an authentication bypa CVE-2024-3731 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2024-3684 (A server side request forgery vulnerability was identified in GitHub E ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-3654 (An XSS vulnerability has been found in Teimas Global's Teixo, version ...) NOT-FOR-US: Teimas Global's Teixo CVE-2024-3646 (A command injection vulnerability was identified in GitHub Enterprise ...) @@ -89,39 +89,39 @@ CVE-2024-30920 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below al CVE-2024-30107 (HCL Connections contains a broken access control vulnerability that ma ...) NOT-FOR-US: HCL CVE-2024-2761 (The Genesis Blocks WordPress plugin before 3.1.3 does not properly esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2440 (A race condition in GitHub Enterprise Server allowed an existing admin ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-29991 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29969 (When a Brocade SANnav installation is upgraded from Brocade SANnav v2. ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29968 (An information disclosure vulnerability exists in Brocade SANnav befor ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29967 (In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was obse ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29966 (Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded creden ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29965 (In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back u ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29964 (Docker instances in Brocade SANnav before v2.3.1 and v2.3.0a have an i ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29963 (Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded keys ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29962 (Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file per ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29961 (A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It a ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29960 (In the Brocade SANnav server versions before v2.3.1 and v2.3.0a, the S ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29959 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Bro ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29958 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29957 (When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured i ...) - TODO: check + NOT-FOR-US: Brocade SANnav CVE-2024-29204 (A Heap Overflow vulnerability in WLAvalancheService component of Ivant ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-29183 (OpenRASP is a RASP solution that directly integrates its protection en ...) TODO: check CVE-2024-29030 (memos is a privacy-first, lightweight note-taking service. In memos 0. ...) @@ -131,69 +131,69 @@ CVE-2024-29029 (memos is a privacy-first, lightweight note-taking service. In me CVE-2024-29028 (memos is a privacy-first, lightweight note-taking service. In memos 0. ...) TODO: check CVE-2024-27984 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-27978 (A Null Pointer Dereference vulnerability in WLAvalancheService compone ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-27977 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-27976 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-27975 (An Use-after-free vulnerability in WLAvalancheService component of Iva ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-27752 (Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote ...) - TODO: check + NOT-FOR-US: CSZ CMS CVE-2024-25000 (A Path Traversal vulnerability in
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5cb3ff87 by Salvatore Bonaccorso at 2024-04-19T22:30:44+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,99 +1,99 @@ CVE-2024-3979 (A vulnerability, which was classified as problematic, has been found i ...) - vsomeip (bug #997892) CVE-2024-3818 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3742 (Electrolink transmitters store credentials in clear-text. Use of these ...) - TODO: check + NOT-FOR-US: Electrolink transmitters CVE-2024-3741 (Electrolink transmitters are vulnerable to an authentication bypass v ...) - TODO: check + NOT-FOR-US: Electrolink transmitters CVE-2024-3731 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3684 (A server side request forgery vulnerability was identified in GitHub E ...) TODO: check CVE-2024-3654 (An XSS vulnerability has been found in Teimas Global's Teixo, version ...) - TODO: check + NOT-FOR-US: Teimas Global's Teixo CVE-2024-3646 (A command injection vulnerability was identified in GitHub Enterprise ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-3615 (The Media Library Folders plugin for WordPress is vulnerable to Reflec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3600 (The Poll Maker \u2013 Best WordPress Poll Plugin plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3598 (The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3560 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3470 (An Improper Privilege Management vulnerability was identified in GitHu ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2024-32683 (Authorization Bypass Through User-Controlled Key vulnerability in Wpme ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32652 (The adapter @hono/node-server allows you to run your Hono application ...) TODO: check CVE-2024-32650 (Rustls is a modern TLS library written in Rust. `rustls::ConnectionCom ...) TODO: check CVE-2024-32644 (Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain tha ...) - TODO: check + NOT-FOR-US: Evmos CVE-2024-32478 (Git Credential Manager (GCM) is a secure Git credential helper. Prior ...) TODO: check CVE-2024-32473 (Moby is an open source container framework that is a key component of ...) TODO: check CVE-2024-32409 (An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary ...) - TODO: check + NOT-FOR-US: SEMCMS CVE-2024-32206 (A stored cross-site scripting (XSS) vulnerability in the component \af ...) - TODO: check + NOT-FOR-US: WUZHICMS CVE-2024-32166 (Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - ...) TODO: check CVE-2024-32038 (Wazuh is a free and open source platform used for threat prevention, d ...) TODO: check CVE-2024-31846 (An issue was discovered in Italtel Embrace 1.6.4. The web application ...) - TODO: check + NOT-FOR-US: Italtel Embrace CVE-2024-31841 (An issue was discovered in Italtel Embrace 1.6.4. The web server fails ...) - TODO: check + NOT-FOR-US: Italtel Embrace CVE-2024-31750 (SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote ...) - TODO: check + NOT-FOR-US: f-logic datacube3 CVE-2024-31745 (Libdwarf v0.9.1 was discovered to contain a heap use-after-free via th ...) TODO: check CVE-2024-31744 (In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/j ...) TODO: check CVE-2024-31587 (SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an ...) - TODO: check + NOT-FOR-US: SecuSTATION Camera CVE-2024-31552 (CuteHttpFileServer v.3.1 version has an arbitrary file download vulner ...) - TODO: check + NOT-FOR-US: CuteHttpFileServer CVE-2024-31547 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...) - TODO: check + NOT-FOR-US: Computer Laboratory Management System CVE-2024-31546 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...) - TODO: check + NOT-FOR-US: Computer Laboratory Management System CVE-2024-31450 (Owncast is an open source, self-hosted, decentralized, single user liv ...) TODO: check CVE-2024-30938
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
36573323 by Salvatore Bonaccorso at 2024-04-19T22:16:45+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -233,11 +233,11 @@ CVE-2023-49275 (Wazuh is a free and open source platform
used for threat prevent
CVE-2023-47435 (An issue in the verifyPassword function of hexo-theme-matery
v2.0.0 al ...)
TODO: check
CVE-2023-37400 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user
to esca ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-37397 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user
to obta ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-37396 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user
to obta ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-3948 (A vulnerability was found in SourceCodester Home Clean Service
System ...)
NOT-FOR-US: SourceCodester Home Clean Service System
CVE-2024-32689 (Missing Authorization vulnerability in GenialSouls WP Social
Comments. ...)
@@ -76386,7 +76386,7 @@ CVE-2023-27281
CVE-2023-27280
RESERVED
CVE-2023-27279 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to
cause a de ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-27278
RESERVED
CVE-2023-27277
@@ -89681,7 +89681,7 @@ CVE-2023-22871
CVE-2023-22870 (IBM Aspera Faspex 5.0.5 transmits sensitive information in
cleartext w ...)
NOT-FOR-US: IBM
CVE-2023-22869 (IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially
sensitive inf ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-22868 (IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting.
This vu ...)
NOT-FOR-US: IBM
CVE-2023-22867
@@ -117577,7 +117577,7 @@ CVE-2022-40747 ("IBM InfoSphere Information Server
11.7 is vulnerable to an XML
CVE-2022-40746 (IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through
1.1.9.0 co ...)
NOT-FOR-US: IBM
CVE-2022-40745 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user
to obta ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-40744 (IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site
scripting. ...)
NOT-FOR-US: IBM
CVE-2022-40743 (Improper Input Validation vulnerability for the xdebug plugin
in Apach ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36573323c74869c7eb4db74abb4086fed914c152
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36573323c74869c7eb4db74abb4086fed914c152
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5d8b48c3 by Salvatore Bonaccorso at 2024-04-18T22:47:45+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,117 +1,117 @@
CVE-2024-3948 (A vulnerability was found in SourceCodester Home Clean Service
System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Home Clean Service System
CVE-2024-32689 (Missing Authorization vulnerability in GenialSouls WP Social
Comments. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32686 (Insertion of Sensitive Information into Log File vulnerability
in Inis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32604 (Authorization Bypass Through User-Controlled Key vulnerability
in Plec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32603 (Deserialization of Untrusted Data vulnerability in ThemeKraft
WooBuddy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32602 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32601 (Missing Authorization vulnerability in WP OnlineSupport,
Essential Plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32600 (Deserialization of Untrusted Data vulnerability in Averta
Master Slide ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32599 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32598 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32597 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32596 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32595 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32594 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32593 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32592 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32591 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32590 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32588 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32587 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32586 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32585 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32584 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32583 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32582 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32581 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32580 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32579 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32578 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32577 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32576 (Improper Neutralization of Input During Web Page Generation
('Cross-si
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: de741f76 by Salvatore Bonaccorso at 2024-04-18T08:30:39+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -220,9 +220,9 @@ CVE-2024-21989 (ONTAP Select Deploy administration utility versions 9.12.1.x, 9 CVE-2024-1350 (Missing Authorization vulnerability in Prasidhda Malla Honeypot for WP ...) TODO: check CVE-2024-1249 (A flaw was found in Keycloak's OIDC component in the "checkLoginIframe ...) - TODO: check + NOT-FOR-US: Keycloak CVE-2024-1132 (A flaw was found in Keycloak, where it does not properly validate URLs ...) - TODO: check + NOT-FOR-US: Keycloak CVE-2024-0257 (RoboDK v5.5.4 is vulnerable to heap-based buffer overflow while proc ...) TODO: check CVE-2023-6805 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...) @@ -82366,8 +82366,13 @@ CVE-2023-25020 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kibok NOT-FOR-US: WordPress plugin CVE-2023-25019 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premio C ...) NOT-FOR-US: WordPress plugin +CVE-2023-6717 + NOT-FOR-US: Keycloak +CVE-2023-6544 + NOT-FOR-US: Keycloak CVE-2023-0657 RESERVED + NOT-FOR-US: Keycloak CVE-2023-0656 (A Stack-based buffer overflow vulnerability in the SonicOS allows a re ...) NOT-FOR-US: SonicOS CVE-2023-0655 (SonicWall Email Security contains a vulnerability that could permit a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de741f764659165c2376dce4e9d11025e9faf7c6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de741f764659165c2376dce4e9d11025e9faf7c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 99a6a8dd by Salvatore Bonaccorso at 2024-04-17T22:35:15+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -170,39 +170,39 @@ CVE-2024-31040 (Buffer Overflow vulnerability in the get_var_integer function in CVE-2024-31031 (An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause un ...) TODO: check CVE-2024-30990 (SQL Injection vulnerability in the "Invoices" page in phpgurukul Clien ...) - TODO: check + NOT-FOR-US: phpgurukul Client Management System CVE-2024-30989 (Cross Site Scripting vulnerability in /edit-client-details.php of phpg ...) - TODO: check + NOT-FOR-US: phpgurukul Client Management System CVE-2024-30988 (Cross Site Scripting vulnerability in /search-invoices.php of phpguruk ...) - TODO: check + NOT-FOR-US: phpgurukul Client Management System CVE-2024-30987 (Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgu ...) - TODO: check + NOT-FOR-US: phpgurukul Client Management System CVE-2024-30986 (Cross Site Scripting vulnerability in /edit-services-details.php of ph ...) - TODO: check + NOT-FOR-US: phpgurukul Client Management System CVE-2024-30985 (SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul ...) - TODO: check + NOT-FOR-US: phpgurukul Client Management System CVE-2024-30983 (SQL Injection vulnerability in phpgurukul Cyber Cafe Management System ...) - TODO: check + NOT-FOR-US: phpgurukul Cyber Cafe Management System CVE-2024-30982 (SQL Injection vulnerability in phpgurukul Cyber Cafe Management System ...) - TODO: check + NOT-FOR-US: phpgurukul Cyber Cafe Management System CVE-2024-30981 (SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul ...) - TODO: check + NOT-FOR-US: phpgurukul Cyber Cafe Management System CVE-2024-30980 (SQL Injection vulnerability in phpgurukul Cyber Cafe Management System ...) - TODO: check + NOT-FOR-US: phpgurukul Cyber Cafe Management System CVE-2024-30979 (Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 ...) - TODO: check + NOT-FOR-US: phpgurukul Cyber Cafe Management System CVE-2024-30953 (A stored cross-site scripting (XSS) vulnerability in Htmly v2.9.5 allo ...) - TODO: check + NOT-FOR-US: Htmly CVE-2024-30952 (A stored cross-site scripting (XSS) vulnerability in PESCMS-TEAM v2.3. ...) - TODO: check + NOT-FOR-US: PESCMS-TEAM CVE-2024-30951 (FUDforum v3.1.3 was discovered to contain a reflected cross-site scrip ...) - TODO: check + NOT-FOR-US: FUDforum CVE-2024-30950 (A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 a ...) - TODO: check + NOT-FOR-US: FUDforum CVE-2024-30253 (@solana/web3.js is the Solana JavaScript SDK. Using particular inputs ...) TODO: check CVE-2024-2419 (A flaw was found in Keycloak's redirect_uri validation logic. This iss ...) - TODO: check + NOT-FOR-US: Keycloak CVE-2024-29951 (Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in intern ...) TODO: check CVE-2024-29950 (The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2 ...) @@ -210,13 +210,13 @@ CVE-2024-29950 (The class FileTransfer implemented in Brocade SANnav before v2.3 CVE-2024-29035 (Umbraco is an ASP.NET CMS. Failing webhooks logs are available when so ...) TODO: check CVE-2024-28073 (SolarWinds Serv-U was found to be susceptible to a Directory Traversal ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2024-24856 (The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee ...) TODO: check CVE-2024-21990 (ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1. ...) - TODO: check + NOT-FOR-US: ONTAP / NetAPP CVE-2024-21989 (ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1. ...) - TODO: check + NOT-FOR-US: ONTAP / NetAPP CVE-2024-1350 (Missing Authorization vulnerability in Prasidhda Malla Honeypot for WP ...) TODO: check CVE-2024-1249 (A flaw was found in Keycloak's OIDC component in the "checkLoginIframe ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99a6a8dd2eaf98b75e8a31741847c7e020543144 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99a6a8dd2eaf98b75e8a31741847c7e020543144 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2fb6e3de by Salvatore Bonaccorso at 2024-04-17T11:17:58+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33,9 +33,9 @@ CVE-2024-3660 (A arbitrary code injection vulnerability in TensorFlow's Keras fr CVE-2024-3367 (Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1. ...) - check-mk CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3067 (The WooCommerce Google Feed Manager plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32634 (In huge memory get unmapped area check, code can never be reached beca ...) TODO: check CVE-2024-32633 (An unsigned value can never be negative, so eMMC full disk test will a ...) @@ -47,39 +47,39 @@ CVE-2024-32631 (Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect CVE-2024-32625 (In OffloadAMRWriter, a scalar field is not initialized so will contain ...) TODO: check CVE-2024-32532 (Missing Authorization vulnerability in SiteGround Speed Optimizer.This ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32525 (Missing Authorization vulnerability in Theme My Login.This issue affec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32524 (Missing Authorization vulnerability in Nuggethon Custom Order Statuses ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32522 (Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Te ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32520 (Missing Authorization vulnerability in WPClever WPC Grouped Product fo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32519 (Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32518 (Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultim ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32517 (Missing Authorization vulnerability in WooCommerce & WordPress Tutoria ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32516 (Missing Authorization vulnerability in Palscode Multi Currency For Woo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32515 (Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32514 (Unrestricted Upload of File with Dangerous Type vulnerability in Poll ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32513 (Insertion of Sensitive Information into Log File vulnerability in AdTr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32509 (Missing Authorization vulnerability in Loopus WP Cost Estimation & Pay ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32455 (Missing Authorization vulnerability in Very Good Plugins Fatal Error N ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32256 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...) - TODO: check + NOT-FOR-US: Phpgurukul Tourism Management System CVE-2024-32254 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...) - TODO: check + NOT-FOR-US: Phpgurukul Tourism Management System CVE-2024-32086 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32027 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22. ...) TODO: check CVE-2024-32026 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...) @@ -95,49 +95,49 @@ CVE-2024-32022 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_s CVE-2024-31887 (IBM Security Verify Privilege 11.6.25 could allow an unauthenticated a ...) NOT-FOR-US: IBM CVE-2024-31760 (An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attac ...) - TODO: check + NOT-FOR-US: flipped-aurora gin-vue-admin CVE-2024-31759 (An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to esc ...) - TODO: check + NOT-FOR-US: PublicCMS CVE-2024-31680 (File Upload vulnerability in Shibang Communications Co., Ltd. IP netwo ...) - TODO: check + NOT-FOR-US: Shibang Communications Co., Ltd. IP network intercom broadcasting system CVE-2024-31503 (Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and befor ...) TODO: check CVE-2024-31452 (OpenFGA is a high-performance and flexible
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 00852c92 by Salvatore Bonaccorso at 2024-04-17T11:10:34+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,33 +1,33 @@ CVE-2024-3882 (A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been cla ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3881 (A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified a ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3880 (A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classif ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3879 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3878 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3877 (A vulnerability classified as critical was found in Tenda F1202 1.2.0. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3876 (A vulnerability classified as critical has been found in Tenda F1202 1 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3875 (A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been ra ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3874 (A vulnerability was found in Tenda W20E 15.11.0.6. It has been declare ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-3873 (A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It has bee ...) TODO: check CVE-2024-3872 (Mattermost Mobile app versions 2.13.0 and earlier use a regular expres ...) - TODO: check + NOT-FOR-US: Mattermost Mobile app CVE-2024-3871 (The Delta Electronics DVW-W02W2-E2 devices expose a web administration ...) - TODO: check + NOT-FOR-US: Delta Electronics CVE-2024-3869 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3867 (The archive-tainacan-collection theme for WordPress is vulnerable to R ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-3672 (The BA Book Everything plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3660 (A arbitrary code injection vulnerability in TensorFlow's Keras framewo ...) TODO: check CVE-2024-3367 (Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00852c92e5a41e637a0849a8c24f30e6711c6b2b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00852c92e5a41e637a0849a8c24f30e6711c6b2b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d1bfc6ce by Salvatore Bonaccorso at 2024-04-15T22:33:43+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,93 +1,93 @@
CVE-2024-3804 (A vulnerability, which was classified as critical, has been
found in V ...)
- TODO: check
+ NOT-FOR-US: Vesystem Cloud Desktop
CVE-2024-3803 (A vulnerability classified as critical was found in Vesystem
Cloud Des ...)
- TODO: check
+ NOT-FOR-US: Vesystem Cloud Desktop
CVE-2024-3802 (Vulnerabilities in Celeste 22.x was vulnerable to takeover from
unauth ...)
TODO: check
CVE-2024-3797 (A vulnerability was found in SourceCodester QR Code Bookmark
System 1. ...)
- TODO: check
+ NOT-FOR-US: SourceCodester QR Code Bookmark System
CVE-2024-3796 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
- TODO: check
+ NOT-FOR-US: WBSAirback
CVE-2024-3795 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
- TODO: check
+ NOT-FOR-US: WBSAirback
CVE-2024-3794 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
- TODO: check
+ NOT-FOR-US: WBSAirback
CVE-2024-3793 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
- TODO: check
+ NOT-FOR-US: WBSAirback
CVE-2024-3792 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
- TODO: check
+ NOT-FOR-US: WBSAirback
CVE-2024-3791 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
- TODO: check
+ NOT-FOR-US: WBSAirback
CVE-2024-3790 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
- TODO: check
+ NOT-FOR-US: WBSAirback
CVE-2024-3789 (Uncontrolled resource consumption vulnerability in White Bear
Solution ...)
- TODO: check
+ NOT-FOR-US: WBSAirback
CVE-2024-3788 (Vulnerability in WBSAirback 21.02.04, which involves improper
neutrali ...)
- TODO: check
+ NOT-FOR-US: WBSAirback
CVE-2024-3787 (Vulnerability in WBSAirback 21.02.04, which involves improper
neutrali ...)
- TODO: check
+ NOT-FOR-US: WBSAirback
CVE-2024-3786 (Vulnerability in WBSAirback 21.02.04, which involves improper
neutrali ...)
- TODO: check
+ NOT-FOR-US: WBSAirback
CVE-2024-3785 (Vulnerability in WBSAirback 21.02.04, which involves improper
neutrali ...)
- TODO: check
+ NOT-FOR-US: WBSAirback
CVE-2024-3784 (Vulnerability in WBSAirback 21.02.04, which involves improper
neutrali ...)
- TODO: check
+ NOT-FOR-US: WBSAirback
CVE-2024-3783 (The Backup Agents section in WBSAirback 21.02.04 is affected by
a Path ...)
- TODO: check
+ NOT-FOR-US: WBSAirback
CVE-2024-3782 (Cross-Site Request Forgery vulnerability in WBSAirback
21.02.04, which ...)
- TODO: check
+ NOT-FOR-US: WBSAirback
CVE-2024-3781 (Command injection vulnerability in the operating system.
Improper neut ...)
- TODO: check
+ NOT-FOR-US: WBSAirback
CVE-2024-3780 (A vulnerability of Information Exposure has been found on
Technicolor ...)
- TODO: check
+ NOT-FOR-US: Technicolor
CVE-2024-32437 (Cross-Site Request Forgery (CSRF) vulnerability in impleCode
eCommerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32436 (Cross-Site Request Forgery (CSRF) vulnerability in
Codemenschen Gift V ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32435 (Cross-Site Request Forgery (CSRF) vulnerability in Affieasy
Team AffiE ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32434 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche
Softwares Ord ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32433 (Cross-Site Request Forgery (CSRF) vulnerability in Themefic
BEAF.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32141 (Cross-Site Request Forgery (CSRF) vulnerability in Libsyn
Libsyn Publi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32129 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32104 (Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins
NextMove ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32103 (Cross-Site Request Forgery (CSRF) vulnerability in
Siteimprove.This is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32102 (Cross-Site Request Forgery (CSRF) vulnerability in Scott
Kingsley Clar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32101 (Cross-Site Request Forgery (CSRF) vulnerability in Omnisend
Email Mark
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3f4e1bc2 by Salvatore Bonaccorso at 2024-04-15T14:13:04+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -21,15 +21,15 @@ CVE-2024-3768 (A vulnerability, which was classified as
critical, has been found
CVE-2024-3767 (A vulnerability classified as critical was found in PHPGurukul
News Po ...)
NOT-FOR-US: PHPGurukul News Portal
CVE-2024-3766 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: slowlyo OwlAdmin
CVE-2024-3765 (A vulnerability classified as critical was found in Xiongmai
AHB7804R- ...)
NOT-FOR-US: Xiongmai
CVE-2024-3764 (A vulnerability classified as problematic has been found in
Tuya Camer ...)
- TODO: check
+ NOT-FOR-US: Tuya Camera
CVE-2024-3763 (A vulnerability was found in Emlog Pro 2.2.10. It has been
rated as pr ...)
- TODO: check
+ NOT-FOR-US: Emlog Pro
CVE-2024-3762 (A vulnerability was found in Emlog Pro 2.2.10. It has been
declared as ...)
- TODO: check
+ NOT-FOR-US: Emlog Pro
CVE-2024-3701 (The system application (com.transsion.kolun.aiservice)
component does ...)
TODO: check
CVE-2024-3505 (JFrog Artifactory Self-Hosted versions below 7.77.3, are
vulnerable to ...)
@@ -113,23 +113,23 @@ CVE-2024-32098 (Improper Neutralization of Special
Elements used in an SQL Comma
CVE-2024-32087 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-32082 (Cross-Site Request Forgery (CSRF) vulnerability in kp4coder
Sync Post ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32079 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31093 (Cross-Site Request Forgery (CSRF) vulnerability in Kaloyan K.
Tsvetkov ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31086 (Cross-Site Request Forgery (CSRF) vulnerability in Venugopal
Change de ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30545 (Cross-Site Request Forgery (CSRF) vulnerability in Nick Powers
Social ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2858 (The Simple Buttons Creator WordPress plugin through 1.04 does
not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2857 (The Simple Buttons Creator WordPress plugin through 1.04 does
not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2836 (The Social Share, Social Login and Social Comments Plugin
WordPress p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2739 (The Advanced Search WordPress plugin through 1.1.6 does not
have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29844 (Default credentials on the Web Interface of Evolution
Controller 2.x ( ...)
TODO: check
CVE-2024-29843 (The Web interface of Evolution Controller Versions
2.04.560.31.03.2024 ...)
@@ -151,39 +151,39 @@ CVE-2024-29836 (The Web interface of Evolution Controller
Versions 2.04.560.31.0
CVE-2024-27462
REJECTED
CVE-2024-1849 (The WP Customer Reviews WordPress plugin before 3.7.1 does not
validat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1846 (The Responsive Tabs WordPress plugin before 4.0.7 does not
validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1755 (The NPS computy WordPress plugin through 2.7.5 does not have
CSRF chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1754 (The NPS computy WordPress plugin through 2.7.5 does not
sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1746 (The Testimonial Slider WordPress plugin before 2.3.8 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1712 (The Carousel Slider WordPress plugin before 2.2.7 does not
sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1660 (The Top Bar WordPress plugin before 3.0.5 does not sanitise and
escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1655 (Certain ASUS WiFi routers models has an OS Command Injection
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: ASUS WiFi routers
CVE-2024-1310 (The WooCommerce WordPress plugin before 8.6 does not prevent
users wit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1307 (The Smart Forms WordPress plugin before 2.6.94 does not have
proper a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1306 (The Smart Forms WordPress plugin before 2.6.94 does not have
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 15132b3b by Salvatore Bonaccorso at 2024-04-14T20:58:50+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -36,11 +36,11 @@ CVE-2024-32019 (Netdata is an open source observability tool. In affected versio NOTE: https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93 NOTE: https://github.com/netdata/netdata/pull/17377 CVE-2024-32005 (NiceGUI is an easy-to-use, Python-based UI framework. A local file inc ...) - TODO: check + NOT-FOR-US: NiceGUI CVE-2024-32003 (wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk ...) NOT-FOR-US: Winter CMS CVE-2024-31462 (stable-diffusion-webui is a web interface for Stable Diffusion, implem ...) - TODO: check + NOT-FOR-US: Stable Diffusion webui CVE-2024-2583 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) NOT-FOR-US: WordPress plugin CVE-2024-29023 (Xibo is an Open Source Digital Signage platform with a web content man ...) @@ -86,7 +86,7 @@ CVE-2024-3211 (The Shopping Cart & eCommerce Store plugin for WordPress is vulne CVE-2024-3054 (WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR ...) NOT-FOR-US: WordPress plugin CVE-2024-32000 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging ...) - TODO: check + NOT-FOR-US: matrix-appservice-irc CVE-2024-31839 (Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allo ...) NOT-FOR-US: tiagorlampert CHAOS CVE-2024-31818 (Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote at ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15132b3b16f0ec3f74f5fc012ef1c02d1a2ce5bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15132b3b16f0ec3f74f5fc012ef1c02d1a2ce5bb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f2aed4f by Salvatore Bonaccorso at 2024-04-13T13:38:18+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-3027 (The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32028 (OpenTelemetry dotnet is a dotnet telemetry framework. In affected vers ...) TODO: check CVE-2024-32019 (Netdata is an open source observability tool. In affected versions the ...) @@ -7,19 +7,19 @@ CVE-2024-32019 (Netdata is an open source observability tool. In affected versio CVE-2024-32005 (NiceGUI is an easy-to-use, Python-based UI framework. A local file inc ...) TODO: check CVE-2024-32003 (wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk ...) - TODO: check + NOT-FOR-US: Winter CMS CVE-2024-31462 (stable-diffusion-webui is a web interface for Stable Diffusion, implem ...) TODO: check CVE-2024-2583 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29023 (Xibo is an Open Source Digital Signage platform with a web content man ...) - TODO: check + NOT-FOR-US: Xibo CVE-2024-29022 (Xibo is an Open Source Digital Signage platform with a web content man ...) - TODO: check + NOT-FOR-US: Xibo CVE-2024-28869 (Traefik is an HTTP reverse proxy and load balancer. In affected versio ...) TODO: check CVE-2024-1957 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3707 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) NOT-FOR-US: OpenGnsys CVE-2024-3706 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2aed4f38d98bb6bccbc7ac9c3c2aae678baf93 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2aed4f38d98bb6bccbc7ac9c3c2aae678baf93 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8cdf05aa by Salvatore Bonaccorso at 2024-04-12T22:23:37+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,157 +1,157 @@ CVE-2024-3707 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) - TODO: check + NOT-FOR-US: OpenGnsys CVE-2024-3706 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) - TODO: check + NOT-FOR-US: OpenGnsys CVE-2024-3705 (Unrestricted file upload vulnerability in OpenGnsys affecting version ...) - TODO: check + NOT-FOR-US: OpenGnsys CVE-2024-3704 (SQL Injection Vulnerability has been found on OpenGnsys product affect ...) - TODO: check + NOT-FOR-US: OpenGnsys CVE-2024-3698 (A vulnerability was found in Campcodes House Rental Management System ...) - TODO: check + NOT-FOR-US: Campcodes House Rental Management System CVE-2024-3697 (A vulnerability was found in Campcodes House Rental Management System ...) - TODO: check + NOT-FOR-US: Campcodes House Rental Management System CVE-2024-3696 (A vulnerability was found in Campcodes House Rental Management System ...) - TODO: check + NOT-FOR-US: Campcodes House Rental Management System CVE-2024-3695 (A vulnerability has been found in SourceCodester Computer Laboratory M ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3691 (A vulnerability, which was classified as critical, has been found in P ...) - TODO: check + NOT-FOR-US: PHPGurukul Small CRM CVE-2024-3690 (A vulnerability classified as critical was found in PHPGurukul Small C ...) - TODO: check + NOT-FOR-US: PHPGurukul Small CRM CVE-2024-3689 (A vulnerability classified as problematic has been found in Zhejiang L ...) - TODO: check + NOT-FOR-US: Zhejiang Land Zongheng Network Technology O2OA CVE-2024-3688 (A vulnerability was found in Xiamen Four-Faith RMP Router Management P ...) - TODO: check + NOT-FOR-US: Xiamen Four-Faith RMP Router Management Platform CVE-2024-3687 (A vulnerability was found in bihell Dice 3.1.0 and classified as probl ...) - TODO: check + NOT-FOR-US: bihell Dice CVE-2024-3686 (A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3685 (A vulnerability, which was classified as critical, was found in DedeCM ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3211 (The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3054 (WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32000 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging ...) TODO: check CVE-2024-31839 (Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allo ...) - TODO: check + NOT-FOR-US: tiagorlampert CHAOS CVE-2024-31818 (Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote at ...) - TODO: check + NOT-FOR-US: DerbyNet CVE-2024-31372 (Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31371 (Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Eve ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31364 (Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31363 (Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31362 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31360 (Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31354 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31305 (Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.T ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31303 (Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31301 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31293 (Cross-Site Request Forgery
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d6274ca by Salvatore Bonaccorso at 2024-04-12T22:15:15+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -149,17 +149,17 @@ CVE-2024-28878 (IO-1020 Micro ELD downloads source code or an executable from an CVE-2024-28718 (An issue in OpenStack magnum yoga-eom version allows a remote attacker ...) TODO: check CVE-2024-27261 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could al ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-25545 (An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to e ...) TODO: check CVE-2024-22359 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22358 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22339 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22334 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-21618 (An Access of Memory Location After End of Buffer vulnerability in the ...) TODO: check CVE-2024-21615 (An Incorrect Default Permissions vulnerability in Juniper Networks Jun ...) @@ -187,7 +187,7 @@ CVE-2023-51499 (Missing Authorization vulnerability in WooCommerce WooCommerce S CVE-2023-51409 (Unrestricted Upload of File with Dangerous Type vulnerability in Jordy ...) TODO: check CVE-2023-47714 (IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1 ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31391 (Insertion of Sensitive Information into Log File vulnerability in the ...) NOT-FOR-US: Apache Solr Operator CVE-2024-3625 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6274ca0d0ad496a8cda3c44b427bdd4c29e265 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6274ca0d0ad496a8cda3c44b427bdd4c29e265 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7905b86f by Salvatore Bonaccorso at 2024-04-11T22:52:19+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -63,41 +63,41 @@ CVE-2024-29454 (An issue discovered in packages or nodes in ROS2 Humble Hawksbil CVE-2024-25852 (Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution v ...) NOT-FOR-US: Linksys CVE-2024-22722 (Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1. ...) - TODO: check + NOT-FOR-US: Form Tools CVE-2024-22721 (Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 al ...) - TODO: check + NOT-FOR-US: Form Tools CVE-2024-22719 (SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to ru ...) - TODO: check + NOT-FOR-US: Form Tools CVE-2024-22718 (Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows at ...) - TODO: check + NOT-FOR-US: Form Tools CVE-2024-22717 (Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows at ...) - TODO: check + NOT-FOR-US: Form Tools CVE-2024-20798 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20797 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of- ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20796 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of- ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20795 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20794 (Animate versions 23.0.4, 24.0.1 and earlier are affected by a NULL Poi ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20771 (Bridge versions 13.0.6, 14.0.2 and earlier are affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-0881 (The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Block ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5394 (Server receiving a malformed message that where the GCL message hostna ...) - TODO: check + NOT-FOR-US: Honeywell CVE-2023-5393 (Server receiving a malformed message that causes a disconnect to a hos ...) - TODO: check + NOT-FOR-US: Honeywell CVE-2023-5392 (C300 information leak due to an analysis feature which allows extracti ...) - TODO: check + NOT-FOR-US: Honeywell CVE-2023-50949 (IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauth ...) NOT-FOR-US: IBM CVE-2023-32295 (Missing Authorization vulnerability in Alex Tselegidis Easy!Appointmen ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32228 (A firmware bug which may lead to misinterpretation of data in the AMC2 ...) - TODO: check + NOT-FOR-US: Bosch CVE-2024-3092 - gitlab CVE-2024-2279 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7905b86f94116e26ad9407c0605b211a3cacc508 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7905b86f94116e26ad9407c0605b211a3cacc508 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1f892d80 by Salvatore Bonaccorso at 2024-04-11T22:43:21+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,67 +1,67 @@
CVE-2024-3344 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for
Gutenberg E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3343 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for
Gutenberg E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32112 (Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo
leadinfo. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32109 (Cross-Site Request Forgery (CSRF) vulnerability in Julien
Berthelot / ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32108 (Cross-Site Request Forgery (CSRF) vulnerability in Stephanie
Leary Con ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32107 (Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins
Finale Li ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32106 (Cross-Site Request Forgery (CSRF) vulnerability in WP Compress
WP Comp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32105 (Cross-Site Request Forgery (CSRF) vulnerability in
ELEXtensions ELEX W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32083 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32080 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31937 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31936 (Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd
UsersWP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31935 (Cross-Site Request Forgery (CSRF) vulnerability in
BracketSpace Simple ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31934 (Cross-Site Request Forgery (CSRF) vulnerability in Link
Whisper Link W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31932 (Cross-Site Request Forgery (CSRF) vulnerability in
CreativeThemes Bloc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31931 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31930 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31929 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31928 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31927 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31926 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31925 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31861 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Apache Zeppelin
CVE-2024-31678 (Sourcecodester Loan Management System v1.0 is vulnerable to
SQL Inject ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Loan Management System
CVE-2024-31387 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31361 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31285 (Cross-Site Request Forgery (CSRF) vulnerability in Tooltip
WordPress T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30273 (Illustrator versions 28.3, 27.9.2 and earlier are affected by
a Stack- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30272 (Illustrator versions 28.3, 27.9.2 and earlier are affected by
an out-o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30271 (Illustrator versions 28.3, 27.9.2 and earlier are affected by
an out-o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-29454 (An issue discovered in packages or nodes in ROS2 Humble
Hawksbill with ...)
TODO: check
CVE-2024-25852
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f3fad16b by Salvatore Bonaccorso at 2024-04-11T10:30:00+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2,43 +2,43 @@ CVE-2024-3652 (The Libreswan Project was notified of an issue causing libreswan - libreswan NOTE: https://libreswan.org/security/CVE-2024-3652 CVE-2024-3621 (A vulnerability was found in SourceCodester Kortex Lite Advocate Offic ...) - TODO: check + NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System CVE-2024-3620 (A vulnerability was found in SourceCodester Kortex Lite Advocate Offic ...) - TODO: check + NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System CVE-2024-3619 (A vulnerability has been found in SourceCodester Kortex Lite Advocate ...) - TODO: check + NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System CVE-2024-3618 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System CVE-2024-3617 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System CVE-2024-3616 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester Warehouse Management System CVE-2024-3614 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester Warehouse Management System CVE-2024-3613 (A vulnerability was found in SourceCodester Warehouse Management Syste ...) - TODO: check + NOT-FOR-US: SourceCodester Warehouse Management System CVE-2024-3612 (A vulnerability was found in SourceCodester Warehouse Management Syste ...) - TODO: check + NOT-FOR-US: SourceCodester Warehouse Management System CVE-2024-3285 (The Slider, Gallery, and Carousel by MetaSlider \u2013 Responsive Word ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32001 (SpiceDB is a graph database purpose-built for storing and evaluating a ...) TODO: check CVE-2024-31999 (@festify/secure-session creates a secure stateless cookie session for ...) TODO: check CVE-2024-31997 (XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31996 (XWiki Platform is a generic wiki platform. Starting in version 3.0.1 a ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31995 (`@digitalbazaar/zcap` provides JavaScript reference implementation for ...) TODO: check CVE-2024-31988 (XWiki Platform is a generic wiki platform. Starting in version 13.9-rc ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31987 (XWiki Platform is a generic wiki platform. Starting in version 6.4-mil ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31986 (XWiki Platform is a generic wiki platform. Starting in version 3.1 and ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31985 (XWiki Platform is a generic wiki platform. Starting in version 3.1 and ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-30917 (An issue was discovered in eProsima FastDDS v.2.14.0 and before, allow ...) TODO: check CVE-2024-30916 (An issue was discovered in eProsima FastDDS v.2.14.0 and before, allow ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3fad16b19dbcce47863edf14ddd29a648ceac78 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3fad16b19dbcce47863edf14ddd29a648ceac78 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ee298b2 by Salvatore Bonaccorso at 2024-04-11T08:16:57+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,7 +19,7 @@ CVE-2024-3515 (Use after free in Dawn in Google Chrome prior to 123.0.6312.122 a [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In this v ...) - TODO: check + NOT-FOR-US: Mautic CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN ...) NOT-FOR-US: Palo Alto Networks CVE-2024-3387 (A weak (low bit strength) device certificate in Palo Alto Networks Pan ...) @@ -133,11 +133,11 @@ CVE-2024-31214 (Traccar is an open source GPS tracking system. Traccar versions CVE-2024-2952 (BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) ...) TODO: check CVE-2024-2731 (Users with low privileges (all permissions deselected in the administr ...) - TODO: check + NOT-FOR-US: Mautic CVE-2024-2730 (Mautic uses predictable page indices for unpublished landing pages, th ...) NOT-FOR-US: Mautic CVE-2024-2221 (qdrant/qdrant is vulnerable to a path traversal and arbitrary file upl ...) - TODO: check + NOT-FOR-US: qdrant CVE-2024-2217 (gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, a ...) TODO: check CVE-2024-2196 (aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allow ...) @@ -221,7 +221,7 @@ CVE-2024-1741 (lunary-ai/lunary version 1.0.1 is vulnerable to improper authoriz CVE-2024-1740 (In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user ...) TODO: check CVE-2024-1728 (gradio-app/gradio is vulnerable to a local file inclusion vulnerabilit ...) - TODO: check + NOT-FOR-US: Gradio CVE-2024-1643 (By knowing an organization's ID, an attacker can join the organization ...) TODO: check CVE-2024-1625 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...) @@ -237,9 +237,9 @@ CVE-2024-1520 (An OS Command Injection vulnerability exists in the '/open_code_f CVE-2024-1511 (The parisneo/lollms-webui repository is susceptible to a path traversa ...) TODO: check CVE-2024-0218 (A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, c ...) - TODO: check + NOT-FOR-US: Nozomi Networks Guardian CVE-2023-6916 (Audit records for OpenAPI requests may include sensitive information. ...) - TODO: check + NOT-FOR-US: Nozomi Networks CVE-2023-52070 (JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBo ...) TODO: check CVE-2023-2794 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ee298b24c7dda946b4432c03a9ced3ae2d87738 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ee298b24c7dda946b4432c03a9ced3ae2d87738 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
730aeaaa by Salvatore Bonaccorso at 2024-04-10T22:32:01+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -21,19 +21,19 @@ CVE-2024-3515 (Use after free in Dawn in Google Chrome
prior to 123.0.6312.122 a
CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In
this v ...)
TODO: check
CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto
Networks PAN ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3387 (A weak (low bit strength) device certificate in Palo Alto
Networks Pan ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3386 (An incorrect string comparison vulnerability in Palo Alto
Networks PAN ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3385 (A packet processing mechanism in Palo Alto Networks PAN-OS
software en ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3384 (A vulnerability in Palo Alto Networks PAN-OS software enables a
remote ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3383 (A vulnerability in how Palo Alto Networks PAN-OS software
processes da ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that
enable ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with
manage ...)
TODO: check
CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome
prior to 1 ...)
@@ -47,21 +47,21 @@ CVE-2024-3098 (A vulnerability was identified in the
`exec_utils` class of the `
CVE-2024-3025 (mintplex-labs/anything-llm is vulnerable to path traversal
attacks due ...)
TODO: check
CVE-2024-31984 (Starting in version 7.2-rc-1 and prior to versions 4.10.20,
15.5.4, an ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31983 (XWiki Platform is a generic wiki platform. In multilingual
wikis, tran ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31982 (XWiki Platform is a generic wiki platform. Starting in version
2.4-mil ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31981 (XWiki Platform is a generic wiki platform. Starting in version
3.0.1 a ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31944 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize
WooCommerc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31943 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize
USPS Shipp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31939 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy
Import any X ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31924 (Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW
EWWW Im ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31874 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7
uses uninit ...)
NOT-FOR-US: IBM
CVE-2024-31873 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7
contains ha ...)
@@ -71,71 +71,71 @@ CVE-2024-31872 (IBM Security Verify Access Appliance 10.0.0
through 10.0.7 could
CVE-2024-31871 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7
could allow ...)
NOT-FOR-US: IBM
CVE-2024-31819 (An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote
attacker ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2024-31492 (An external control of file name or path vulnerability
[CWE-73] in Fo ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-31465 (XWiki Platform is a generic wiki platform. Starting in version
5.0-rc- ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31464 (XWiki Platform is a generic wiki platform. Starting in version
5.0-rc- ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31461 (Plane, an open-source project management tool, has a
Server-Side Reque ...)
- TODO: check
+ NOT-FOR-US: Plane
CVE-2024-31430 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777
WOLF \u2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31386 (Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu
Ishikawa X ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31358 (Missing Authorization vulnerability in Saleswonder.Biz 5 Stars
Rating ...)
- TODO: check
+ NOT-FOR-US: Saleswonder.Biz 5 Stars Rating Funnel
CVE-2024-31356 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31355 (Improper
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6fc63739 by Salvatore Bonaccorso at 2024-04-10T22:23:01+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -61,13 +61,13 @@ CVE-2024-31939 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import CVE-2024-31924 (Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Im ...) TODO: check CVE-2024-31874 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninit ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31873 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains ha ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31872 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31871 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31819 (An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker ...) TODO: check CVE-2024-31492 (An external control of file name or path vulnerability [CWE-73] in Fo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fc63739eba522e04640726f41ad3ec3399b8690 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fc63739eba522e04640726f41ad3ec3399b8690 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 23af76fd by Salvatore Bonaccorso at 2024-04-10T08:37:50+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -239,7 +239,7 @@ CVE-2024-2027 (The Real Media Library: Media Library Folder & File Manager plugi CVE-2024-2026 (The Passster plugin for WordPress is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2024-2018 (The WP Activity Log Premium plugin for WordPress is vulnerable to SQL ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29993 (Azure CycleCloud Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29992 (Azure Identity Library for .NET Information Disclosure Vulnerability) @@ -582,167 +582,167 @@ CVE-2024-20669 (Secure Boot Security Feature Bypass Vulnerability) CVE-2024-20665 (BitLocker Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-1999 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1991 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1990 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1984 (The Graphene theme for WordPress is vulnerable to unauthorized access ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-1974 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1960 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1948 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1934 (The WP Compress \u2013 Image Optimizer plugin for WordPress is vulnera ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1904 (The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1893 (The Easy Property Listings plugin for WordPress is vulnerable to time- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1852 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1850 (The AI Post Generator | AutoWriter plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1813 (The Simple Job Board plugin for WordPress is vulnerable to PHP Object ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1812 (The Everest Forms plugin for WordPress is vulnerable to Server-Side Re ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1794 (The Forminator plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1792 (The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1790 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1774 (The Customily Product Personalizer plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1641 (The Accordion plugin for WordPress is vulnerable to unauthorized acces ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1637 (The 360 Javascript Viewer plugin for WordPress is vulnerable to unauth ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1587 (The Newsmatic theme for WordPress is vulnerable to Sensitive Informati ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-1571 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1498 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1466 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1465 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1464 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9cc97337 by Salvatore Bonaccorso at 2024-04-10T08:05:00+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -35,7 +35,7 @@ CVE-2024-3064 (The Elementor Addons, Widgets and Enhancements
\u2013 Stax plugin
CVE-2024-3053 (The Forminator \u2013 Contact Form, Payment Form & Custom Form
Builder ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3046 (In Eclipse Kura LogServlet component included in versions 5.0.0
to 5.4 ...)
- TODO: check
+ NOT-FOR-US: Eclipse Kura LogServlet
CVE-2024-31978 (A vulnerability has been identified in SINEC NMS (All versions
< V2.0 ...)
NOT-FOR-US: Siemens
CVE-2024-31868 (Improper Encoding or Escaping of Output vulnerability in
Apache Zeppel ...)
@@ -63,7 +63,7 @@ CVE-2024-31506 (Sourcecodester Online Graduate Tracer System
v1.0 is vulnerable
CVE-2024-31487 (A improper limitation of a pathname to a restricted directory
('path t ...)
NOT-FOR-US: FortiGuard
CVE-2024-31457 (gin-vue-admin is a backstage management system based on vue
and gin, w ...)
- TODO: check
+ NOT-FOR-US: gin-vue-admin
CVE-2024-31455 (Minder by Stacklok is an open source software supply chain
security pl ...)
NOT-FOR-US: Minder by Stacklok
CVE-2024-31454 (PsiTransfer is an open source, self-hosted file sharing
solution. Prio ...)
@@ -141,103 +141,103 @@ CVE-2024-2536 (The Rank Math SEO with AI SEO Tools
plugin for WordPress is vulne
CVE-2024-2513 (The WP Chat App plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2507 (The JetWidgets For Elementor plugin for WordPress is vulnerable
to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2504 (The Page Builder: Pagelayer \u2013 Drag and Drop website
builder plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2501 (The Hubbub Lite \u2013 Fast, Reliable Social Sharing Buttons
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2492 (The PowerPack Addons for Elementor plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2457 (The Modal Window \u2013 create popup modal window plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2456 (The Ecwid Ecommerce Shopping Cart plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2436 (The Lightweight Accordion plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2423 (The UsersWP \u2013 Front-end login form, User Registration,
User Profi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2348 (The Gum Elementor Addon plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2347 (The Astra theme for WordPress is vulnerable to Stored
Cross-Site Scrip ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2344 (The Avada theme for WordPress is vulnerable to SQL Injection
via the ' ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2343 (The Avada | Website Builder For WordPress & WooCommerce theme
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2342 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2341 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2340 (The Avada theme for WordPress is vulnerable to Sensitive
Information E ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2336 (The Popup Maker \u2013 Popup for opt-ins, lead gen, & more
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2335 (The Elements Plus! plugin for WordPress is vulnerable to Stored
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2334 (The Template Kit \u2013 Import plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2327 (The Global Elementor Buttons plugin for WordPress is vulnerable
to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2325 (The Link Library plugin for WordPress is vulnerable to
Reflected Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2311 (The Avada theme for WordPress is vulnerable to Stored
Cross-Site Scrip ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2306 (The Revslider plugin for WordPress is vulnerable to Stored
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0f4c25ce by Salvatore Bonaccorso at 2024-04-09T23:01:07+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -25,15 +25,15 @@ CVE-2024-3208 (The Sydney Toolbox plugin for WordPress is
vulnerable to Stored C
CVE-2024-3167 (The Ocean Extra plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3136 (The MasterStudy LMS plugin for WordPress is vulnerable to Local
File I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3097 (The WordPress Gallery Plugin \u2013 NextGEN Gallery plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3093 (The Font Farsi plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3064 (The Elementor Addons, Widgets and Enhancements \u2013 Stax
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3053 (The Forminator \u2013 Contact Form, Payment Form & Custom Form
Builder ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3046 (In Eclipse Kura LogServlet component included in versions 5.0.0
to 5.4 ...)
TODO: check
CVE-2024-31978 (A vulnerability has been identified in SINEC NMS (All versions
< V2.0 ...)
@@ -65,19 +65,19 @@ CVE-2024-31487 (A improper limitation of a pathname to a
restricted directory ('
CVE-2024-31457 (gin-vue-admin is a backstage management system based on vue
and gin, w ...)
TODO: check
CVE-2024-31455 (Minder by Stacklok is an open source software supply chain
security pl ...)
- TODO: check
+ NOT-FOR-US: Minder by Stacklok
CVE-2024-31454 (PsiTransfer is an open source, self-hosted file sharing
solution. Prio ...)
- TODO: check
+ NOT-FOR-US: PsiTransfer
CVE-2024-31453 (PsiTransfer is an open source, self-hosted file sharing
solution. Prio ...)
- TODO: check
+ NOT-FOR-US: PsiTransfer
CVE-2024-31370 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31369 (Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign
Soledad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31368 (Missing Authorization vulnerability in PenciDesign
Soledad.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31367 (Missing Authorization vulnerability in PenciDesign
Soledad.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30706 (An issue was discovered in ROS2 Dashing Diademata versions
ROS_VERSION ...)
TODO: check
CVE-2024-30704 (An insecure deserialization vulnerability has been identified
in ROS2 ...)
@@ -87,59 +87,59 @@ CVE-2024-30703 (An arbitrary file upload vulnerability has
been discovered in RO
CVE-2024-30702 (An issue was discovered in ROS2 Galactic Geochelone in
ROS_VERSION 2 a ...)
TODO: check
CVE-2024-30262 (Contao is an open source content management system. Prior to
version 4 ...)
- TODO: check
+ NOT-FOR-US: Contao CMS
CVE-2024-30191 (A vulnerability has been identified in SCALANCE W1748-1 M12
(6GK5748-1 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-30190 (A vulnerability has been identified in SCALANCE W1748-1 M12
(6GK5748-1 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-30189 (A vulnerability has been identified in SCALANCE W721-1 RJ45
(6GK5721-1 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-2974 (The Essential Addons for Elementor \u2013 Best Elementor
Templates, Wi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2957 (The Simple Ajax Chat \u2013 Add a Fast, Secure Chat Box plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2946 (The ShopLentor \u2013 WooCommerce Builder for Elementor &
Gutenberg +1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2918 (Improper input validation in PAM JIT elevation feature in
Devolutions ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2024-2871 (The Media Library Assistant plugin for WordPress is vulnerable
to SQL ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2866 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder
Features pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2847 (The WordPress File Upload plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2845 (The BetterDocs \u2013 Best Documentation, FAQ & Knowledge Base
Plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2804 (The
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bfc82b07 by Salvatore Bonaccorso at 2024-04-09T22:45:39+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,27 +1,27 @@
CVE-2024-3545 (Improper permission handling in the vault offline cache feature
in Dev ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2024-3514 (The Responsive Tabs plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3512 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3446 (A double free vulnerability was found in QEMU virtio devices
(virtio-g ...)
TODO: check
CVE-2024-3281 (A vulnerability was discovered in the firmware builds after
8.0.2.3267 ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-3267 (The Bold Page Builder plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3266 (The Bold Page Builder plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3244 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia,
Embed You ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3214 (The Relevanssi \u2013 A Better Search plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3213 (The Relevanssi \u2013 A Better Search plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3208 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3167 (The Ocean Extra plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3136 (The MasterStudy LMS plugin for WordPress is vulnerable to Local
File I ...)
TODO: check
CVE-2024-3097 (The WordPress Gallery Plugin \u2013 NextGEN Gallery plugin for
WordPre ...)
@@ -35,7 +35,7 @@ CVE-2024-3053 (The Forminator \u2013 Contact Form, Payment
Form & Custom Form Bu
CVE-2024-3046 (In Eclipse Kura LogServlet component included in versions 5.0.0
to 5.4 ...)
TODO: check
CVE-2024-31978 (A vulnerability has been identified in SINEC NMS (All versions
< V2.0 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-31868 (Improper Encoding or Escaping of Output vulnerability in
Apache Zeppel ...)
NOT-FOR-US: Apache Zeppelin
CVE-2024-31867 (Improper Input Validation vulnerability in Apache Zeppelin.
The attac ...)
@@ -51,15 +51,15 @@ CVE-2024-31863 (Authentication Bypass by Spoofing
vulnerability by replacing to
CVE-2024-31862 (Improper Input Validation vulnerability in Apache Zeppelin
when creati ...)
NOT-FOR-US: Apache Zeppelin
CVE-2024-31860 (Improper Input Validation vulnerability in Apache Zeppelin.
By adding ...)
- TODO: check
+ NOT-FOR-US: Apache Zeppelin
CVE-2024-31544 (A stored cross-site scripting (XSS) vulnerability in Computer
Laborato ...)
- TODO: check
+ NOT-FOR-US: Computer Laboratory Management System
CVE-2024-31507 (Sourcecodester Online Graduate Tracer System v1.0 is
vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Online Graduate Tracer System
CVE-2024-31506 (Sourcecodester Online Graduate Tracer System v1.0 is
vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Online Graduate Tracer System
CVE-2024-31487 (A improper limitation of a pathname to a restricted directory
('path t ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-31457 (gin-vue-admin is a backstage management system based on vue
and gin, w ...)
TODO: check
CVE-2024-31455 (Minder by Stacklok is an open source software supply chain
security pl ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfc82b0768a3df74943cce529c9f5d35fb6a7823
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfc82b0768a3df74943cce529c9f5d35fb6a7823
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
96765a2a by Salvatore Bonaccorso at 2024-04-09T22:17:24+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -45,11 +45,11 @@ CVE-2024-31866 (Improper Encoding or Escaping of Output
vulnerability in Apache
CVE-2024-31865 (Improper Input Validation vulnerability in Apache Zeppelin.
The attac ...)
NOT-FOR-US: Apache Zeppelin
CVE-2024-31864 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Apache Zeppelin
CVE-2024-31863 (Authentication Bypass by Spoofing vulnerability by replacing
to exsiti ...)
- TODO: check
+ NOT-FOR-US: Apache Zeppelin
CVE-2024-31862 (Improper Input Validation vulnerability in Apache Zeppelin
when creati ...)
- TODO: check
+ NOT-FOR-US: Apache Zeppelin
CVE-2024-31860 (Improper Input Validation vulnerability in Apache Zeppelin.
By adding ...)
TODO: check
CVE-2024-31544 (A stored cross-site scripting (XSS) vulnerability in Computer
Laborato ...)
@@ -219364,7 +219364,7 @@ CVE-2021-28657 (A carefully crafted or corrupt file
may trigger an infinite loop
[buster] - tika (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/03/30/3
CVE-2021-28656 (Cross-Site Request Forgery (CSRF) vulnerability in Credential
page of ...)
- TODO: check
+ NOT-FOR-US: Apache Zeppelin
CVE-2021-28655 (The improper Input Validation vulnerability in "\u201dMove
folder to T ...)
NOT-FOR-US: Apache Zeppelin
CVE-2021-28654
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96765a2a7d40a546001c891010a7d0d44a82d32e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96765a2a7d40a546001c891010a7d0d44a82d32e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
198b766d by Salvatore Bonaccorso at 2024-04-09T14:01:13+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,11 +1,11 @@
CVE-2024-3466 (A vulnerability was found in SourceCodester Laundry Management
System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Laundry Management System
CVE-2024-3465 (A vulnerability was found in SourceCodester Laundry Management
System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Laundry Management System
CVE-2024-31366 (Missing Authorization vulnerability in Themify Post Type
Builder (PTB) ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31365 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31047 (An issue in Academy Software Foundation openexr v.3.2.3 and
before all ...)
TODO: check
CVE-2024-30701 (An insecure logging vulnerability in ROS2 Galactic Geochelone
ROS_VERS ...)
@@ -47,25 +47,25 @@ CVE-2024-30678 (An issue has been discovered in ROS2 Iron
Irwini ROS_VERSION 2 a
CVE-2024-30676 (A Denial-of-Service (DoS) vulnerability exists in ROS2 Iron
Irwini ver ...)
TODO: check
CVE-2024-30218 (The ABAP Application Server of SAP NetWeaver as well as ABAP
Platforma ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-30217 (Cash Management in SAP S/4 HANA does not perform necessary
authorizati ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-30216 (Cash Management in SAP S/4 HANA does not perform necessary
authorizati ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-30215 (The Resource Settings page allows a high privilege attacker to
load ex ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-30214 (The application allows a high privilege attacker to append a
malicious ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-2975 (A race condition was identified through which privilege
escalation was ...)
TODO: check
CVE-2024-28167 (SAP Group Reporting Data Collectiondoes not perform necessary
authoriz ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-27901 (SAP Asset Accounting could allow a high privileged attacker to
exploit ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-27899 (Self-Registrationand Modify your own profile in User Admin
Application ...)
TODO: check
CVE-2024-27898 (SAP NetWeaver application, due to insufficient input
validation, allow ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-27632 (An issue in GNU Savane v.3.12 and before allows a remote
attacker to e ...)
TODO: check
CVE-2024-27631 (Cross Site Request Forgery vulnerability in GNU Savane v.3.12
and befo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/198b766d7f2e8db484c52216f92723d729b122b1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/198b766d7f2e8db484c52216f92723d729b122b1
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 831fa063 by Salvatore Bonaccorso at 2024-04-08T22:33:11+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,7 +13,7 @@ CVE-2024-3455 (A vulnerability was found in Netentsec NS-ASG Application Securit CVE-2024-3445 (A vulnerability was found in SourceCodester Laundry Management System ...) NOT-FOR-US: SourceCodester Laundry Management System CVE-2024-3444 (A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It ...) - TODO: check + NOT-FOR-US: Wangshen SecGate 3600 CVE-2024-3443 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2024-3442 (A vulnerability classified as critical has been found in SourceCodeste ...) @@ -67,7 +67,7 @@ CVE-2024-31205 (Saleor is an e-commerce platform. Starting in version 3.10.0 and CVE-2024-30269 (DataEase, an open source data visualization and analysis tool, has a d ...) NOT-FOR-US: DataEase CVE-2024-2834 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified ...) - TODO: check + NOT-FOR-US: OpenText CVE-2024-28732 (An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu ver ...) NOT-FOR-US: Faucet SDN Ryu CVE-2024-28270 (An issue discovered in web-flash v3.0 allows attackers to reset passwo ...) @@ -87,69 +87,69 @@ CVE-2024-26574 (Insecure Permissions vulnerability in Wondershare Filmora v.13.0 CVE-2024-24279 (An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint ...) TODO: check CVE-2024-23192 (RSS feeds that contain malicious data- attributes could be abused to i ...) - TODO: check + NOT-FOR-US: Open-Xchange CVE-2024-23191 (Upsell advertisement information of an account can be manipulated to e ...) - TODO: check + NOT-FOR-US: Open-Xchange CVE-2024-23190 (Upsell shop information of an account can be manipulated to execute sc ...) - TODO: check + NOT-FOR-US: Open-Xchange CVE-2024-23189 (Embedded content references at tasks could be used to temporarily exec ...) - TODO: check + NOT-FOR-US: Open-Xchange CVE-2024-23086 (Apfloat v1.10.1 was discovered to contain a stack overflow via the com ...) - TODO: check + NOT-FOR-US: Apfloat CVE-2024-23085 (Apfloat v1.10.1 was discovered to contain a NullPointerException via t ...) - TODO: check + NOT-FOR-US: Apfloat CVE-2024-23082 (ThreeTen Backport v1.6.8 was discovered to contain an integer overflow ...) - TODO: check + NOT-FOR-US: ThreeTen Backport CVE-2024-23078 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...) - TODO: check + NOT-FOR-US: JGraphT Core CVE-2023-7164 (The BackWPup WordPress plugin before 4.0.4 does not prevent visitors f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52554 (Permission control vulnerability in the Bluetooth module. Impact: Succ ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52553 (Race condition vulnerability in the Wi-Fi module. Impact: Successful e ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52552 (Input verification vulnerability in the power module. Impact: Successf ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52551 (Vulnerability of data verification errors in the kernel module. Impact ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52550 (Vulnerability of data verification errors in the kernel module. Impact ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52549 (Vulnerability of data verification errors in the kernel module. Impact ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52546 (Vulnerability of package name verification being bypassed in the Calen ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52545 (Vulnerability of undefined permissions in the Calendar app. Impact: Su ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52544 (Vulnerability of file path verification being bypassed in the email mo ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52543 (Permission verification vulnerability in the system module. Impact: Su ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52542 (Permission verification vulnerability in the system module. Impact: Su ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52541 (Authentication vulnerability in the API for app pre-loading. Impact: S ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52540 (Vulnerability of improper authentication in the Iaware module. Impact: ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-52539 (Permission verification
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ee6cdf4b by Salvatore Bonaccorso at 2024-04-08T22:20:49+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,89 +1,89 @@
CVE-2024-3464 (A vulnerability was found in SourceCodester Laundry Management
System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Laundry Management System
CVE-2024-3463 (A vulnerability has been found in SourceCodester Laundry
Management Sy ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Laundry Management System
CVE-2024-3458 (A vulnerability classified as critical was found in Netentsec
NS-ASG A ...)
- TODO: check
+ NOT-FOR-US: Netentsec NS-ASG Application Security Gateway
CVE-2024-3457 (A vulnerability classified as critical has been found in
Netentsec NS- ...)
- TODO: check
+ NOT-FOR-US: Netentsec NS-ASG Application Security Gateway
CVE-2024-3456 (A vulnerability was found in Netentsec NS-ASG Application
Security Gat ...)
- TODO: check
+ NOT-FOR-US: Netentsec NS-ASG Application Security Gateway
CVE-2024-3455 (A vulnerability was found in Netentsec NS-ASG Application
Security Gat ...)
- TODO: check
+ NOT-FOR-US: Netentsec NS-ASG Application Security Gateway
CVE-2024-3445 (A vulnerability was found in SourceCodester Laundry Management
System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Laundry Management System
CVE-2024-3444 (A vulnerability was found in Wangshen SecGate 3600 up to
20240408. It ...)
TODO: check
CVE-2024-3443 (A vulnerability classified as problematic was found in
SourceCodester ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Prison Management System
CVE-2024-3442 (A vulnerability classified as critical has been found in
SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Prison Management System
CVE-2024-3441 (A vulnerability was found in SourceCodester Prison Management
System 1 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Prison Management System
CVE-2024-3440 (A vulnerability was found in SourceCodester Prison Management
System 1 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Prison Management System
CVE-2024-3439 (A vulnerability was found in SourceCodester Prison Management
System 1 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Prison Management System
CVE-2024-3438 (A vulnerability was found in SourceCodester Prison Management
System 1 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Prison Management System
CVE-2024-31817 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can
obtain sensi ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-31816 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can
obtain sensi ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-31815 (In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can
obtain the c ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-31814 (TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to
bypass login ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-31813 (TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an
authenticati ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-31812 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can
obtain sensi ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-31811 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to
contain a remo ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-31809 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to
contain a remo ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-31808 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to
contain a remo ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-31807 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to
contain a remo ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-31806 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to
contain a Deni ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-31805 (TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to
start the Te ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-31447 (Shopware 6 is an open commerce platform based on Symfony
Framework and ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2024-31442 (Redon Hub is a Roblox Product Delivery Bot, also known as a
Hub. In al ...)
- TODO: check
+ NOT-FOR-US: Redon Hub
CVE-2024-31375 (Missing Authorization vulnerability in Saleswonder.Biz Team
WP2LEADS.T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31357 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
-
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3931b1ae by Salvatore Bonaccorso at 2024-04-08T20:53:18+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -454,7 +454,7 @@ CVE-2023-5692 (WordPress Core is vulnerable to Sensitive Information Exposure in CVE-2023-49965 (SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ...) NOT-FOR-US: SpaceX Starlink Wi-Fi router CVE-2023-48426 (u-boot bug that allows for u-boot shell and interrupt over UART) - TODO: check + NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in Debian) CVE-2024-27437 (In the Linux kernel, the following vulnerability has been resolved: v ...) - linux NOTE: https://git.kernel.org/linus/fe9a7082684eb059b925c535682e68c34d487d43 (6.9-rc1) @@ -27635,7 +27635,7 @@ CVE-2023-6657 (A vulnerability classified as critical has been found in SourceCo CVE-2023-6656 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceL ...) NOT-FOR-US: DeepFaceLab CVE-2023-6181 (An oversight in BCB handling of reboot reason that allows for persiste ...) - NOT-FOR-US: Android + NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in Debian) CVE-2023-5500 (This vulnerability allows an remote attacker with low privileges to mi ...) NOT-FOR-US: Frauscher Sensortechnik products CVE-2023-50465 (A stored cross-site scripting (XSS) vulnerability exists in Monica (ak ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3931b1aede3db5c81e70b3fa87e64cb833bc3ff6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3931b1aede3db5c81e70b3fa87e64cb833bc3ff6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
31fecd10 by Salvatore Bonaccorso at 2024-04-08T09:54:51+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -67,25 +67,25 @@ CVE-2024-31234 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2024-31233 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-30418 (Vulnerability of insufficient permission verification in the
app manag ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-30417 (Path traversal vulnerability in the Bluetooth-based sharing
module. Im ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-30416 (Use After Free (UAF) vulnerability in the underlying driver
module. Im ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-22155 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic
WooComme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52717 (Permission verification vulnerability in the lock screen
module. Impac ...)
TODO: check
CVE-2023-52716 (Vulnerability of starting activities in the background in the
Activity ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52715 (The SystemUI module has a vulnerability in permission
management. Impa ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52714 (Vulnerability of defects introduced in the design process in
the hwnff ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52713 (Vulnerability of improper permission control in the window
management ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52382 (Vulnerability of improper control over foreground service
notification ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-4438 (A vulnerability, which was classified as critical, has been
found in k ...)
TODO: check
CVE-2024-3417 (A vulnerability, which was classified as critical, has been
found in S ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31fecd1032566f26ac5195dc8f4c2b29ab82d303
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31fecd1032566f26ac5195dc8f4c2b29ab82d303
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1fec508e by Salvatore Bonaccorso at 2024-04-08T08:59:24+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -51,21 +51,21 @@ CVE-2024-31277 (Deserialization of Untrusted Data
vulnerability in PickPlugins P
CVE-2024-31260 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-31258 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31257 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31256 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31255 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31241 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31236 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31234 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31233 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30418 (Vulnerability of insufficient permission verification in the
app manag ...)
TODO: check
CVE-2024-30417 (Path traversal vulnerability in the Bluetooth-based sharing
module. Im ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fec508ec810cd23e93366164a10b7bea46b3bce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fec508ec810cd23e93366164a10b7bea46b3bce
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8dbc9635 by Salvatore Bonaccorso at 2024-04-08T08:13:30+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,55 +1,55 @@
CVE-2024-3428 (A vulnerability has been found in SourceCodester Online
Courseware 1.0 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Courseware
CVE-2024-3427 (A vulnerability, which was classified as problematic, was found
in Sou ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Courseware
CVE-2024-3426 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Courseware
CVE-2024-3425 (A vulnerability classified as critical was found in
SourceCodester Onl ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Courseware
CVE-2024-3424 (A vulnerability classified as critical has been found in
SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Courseware
CVE-2024-3423 (A vulnerability was found in SourceCodester Online Courseware
1.0. It ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Courseware
CVE-2024-3422 (A vulnerability was found in SourceCodester Online Courseware
1.0. It ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Courseware
CVE-2024-3421 (A vulnerability was found in SourceCodester Online Courseware
1.0. It ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Courseware
CVE-2024-3420 (A vulnerability was found in SourceCodester Online Courseware
1.0 and ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Courseware
CVE-2024-3419 (A vulnerability has been found in SourceCodester Online
Courseware 1.0 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Courseware
CVE-2024-3418 (A vulnerability, which was classified as critical, was found in
Source ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Courseware
CVE-2024-31349 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31348 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31346 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31345 (Unrestricted Upload of File with Dangerous Type vulnerability
in Sukhc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31344 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31308 (Deserialization of Untrusted Data vulnerability in VJInfotech
WP Impor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31306 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31296 (Authorization Bypass Through User-Controlled Key vulnerability
in Repu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31292 (Unrestricted Upload of File with Dangerous Type vulnerability
in Moove ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31291 (Authorization Bypass Through User-Controlled Key vulnerability
in Meta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31288 (Server-Side Request Forgery (SSRF) vulnerability in RapidLoad
RapidLoa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31286 (Unrestricted Upload of File with Dangerous Type vulnerability
in J.N. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31280 (Unrestricted Upload of File with Dangerous Type vulnerability
in Andy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31277 (Deserialization of Untrusted Data vulnerability in PickPlugins
Product ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31260 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31258 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2024-31257 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dbc9635a84dd8b079c2f3ede7e601eb9b063b82
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dbc9635a84dd8b079c2f3ede7e601eb9b063b82
You're receiving this email because of your account on salsa.debian.org.
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dc2f1187 by Salvatore Bonaccorso at 2024-04-07T07:02:50+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,33 +1,33 @@ CVE-2024-3413 (A vulnerability has been found in SourceCodester Human Resource Inform ...) - TODO: check + NOT-FOR-US: SourceCodester Human Resource Information System CVE-2024-3378 (A vulnerability has been found in iboss Secure Web Gateway up to 10.1 ...) - TODO: check + NOT-FOR-US: iboss Secure Web Gateway CVE-2024-3377 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3376 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3369 (A vulnerability, which was classified as critical, has been found in c ...) - TODO: check + NOT-FOR-US: code-projects Car Rental CVE-2024-3366 (A vulnerability classified as problematic was found in Xuxueli xxl-job ...) - TODO: check + NOT-FOR-US: XXL-Job CVE-2024-3365 (A vulnerability was found in SourceCodester Online Library System 1.0. ...) - TODO: check + NOT-FOR-US: SourceCodester Online Library System CVE-2024-3364 (A vulnerability was found in SourceCodester Online Library System 1.0. ...) - TODO: check + NOT-FOR-US: SourceCodester Online Library System CVE-2024-3363 (A vulnerability was found in SourceCodester Online Library System 1.0. ...) - TODO: check + NOT-FOR-US: SourceCodester Online Library System CVE-2024-2296 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2132 (The Ultimate Bootstrap Elements for Elementor plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28741 (Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 a ...) - TODO: check + NOT-FOR-US: EginDemirbilek NorthStar CVE-2024-27620 (An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to o ...) - TODO: check + NOT-FOR-US: Ladder CVE-2024-25029 (IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows s ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22328 (IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attack ...) - TODO: check + NOT-FOR-US: IBM CVE-2024- [RUSTSEC-2024-0332: Degradation of service in h2 servers with CONTINUATION Flood] - rust-h2 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0332.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc2f11876cb27f7bcfa76ee8591b57a5f6369865 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc2f11876cb27f7bcfa76ee8591b57a5f6369865 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d688b6b by Salvatore Bonaccorso at 2024-04-06T21:35:02+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -164,13 +164,13 @@ CVE-2024-27232 (In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB CVE-2024-27231 (In tmu_get_tr_stats of tmu.c, there is a possible out of bounds read d ...) NOT-FOR-US: Android CVE-2024-22004 (Due to length check, an attacker with privilege access on a Linux Nons ...) - TODO: check + NOT-FOR-US: Google Nest CVE-2024-21848 (Improper Access Control in Mattermost Server versions 8.1.x before 8.1 ...) - mattermost-server (bug #823556) CVE-2024-0081 (NVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr ...) - TODO: check + NOT-FOR-US: NVIDIA NeMo framework CVE-2024-0080 (NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability w ...) - TODO: check + NOT-FOR-US: NVIDIA nvTIFF Library CVE-2024-0076 (NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuob ...) - nvidia-cuda-toolkit NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5517 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d688b6bc6729dda730140623e4ecbd3fc458eb6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d688b6bc6729dda730140623e4ecbd3fc458eb6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bc86cacd by Salvatore Bonaccorso at 2024-04-06T10:27:03+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,63 +1,63 @@ CVE-2024-3362 (A vulnerability was found in SourceCodester Online Library System 1.0 ...) - TODO: check + NOT-FOR-US: SourceCodester Online Library System CVE-2024-3361 (A vulnerability has been found in SourceCodester Online Library System ...) - TODO: check + NOT-FOR-US: SourceCodester Online Library System CVE-2024-3360 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Online Library System CVE-2024-3359 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Online Library System CVE-2024-3358 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3357 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3356 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3355 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3245 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3216 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30977 (An issue in Secnet Security Network Intelligent AC Management System v ...) - TODO: check + NOT-FOR-US: Secnet Security Network Intelligent AC Management System CVE-2024-2950 (The BoldGrid Easy SEO \u2013 Simple and Effective SEO plugin for WordP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2949 (The Carousel, Slider, Gallery by WP Carousel \u2013 Image Carousel & P ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2656 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2471 (The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2458 (The Powerkit \u2013 Supercharge your WordPress Site plugin for WordPre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2444 (The Inline Related Posts WordPress plugin before 3.5.0 does not saniti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27912 (A denial of service vulnerability was reported in some Lenovo Printers ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2024-27911 (A vulnerability was reported in some Lenovo Printers that could allow ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2024-27910 (A vulnerability was reported in some Lenovo Printers that could allow ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2024-27909 (A denial of service vulnerability was reported in the HTTPS service of ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2024-27908 (A buffer overflow vulnerability was reported in the HTTPS service of s ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2024-23592 (An authentication bypass vulnerability was reported in Lenovo devices ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2024-21506 (Versions of the package pymongo before 4.6.3 are vulnerable to Out-of- ...) TODO: check CVE-2024-1994 (The Image Watermark plugin for WordPress is vulnerable to unauthorized ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1428 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1385 (The WP-Stateless \u2013 Google Cloud Storage plugin for WordPress is v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0837 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5912 (A potential memory leakage vulnerability was reported in some Lenovo N ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2023-4605 (A valid authenticated Lenovo XClarity Administrator (LXCA) user can po ...) -
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d8b7f0e3 by Salvatore Bonaccorso at 2024-04-05T22:33:24+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,21 +1,21 @@ CVE-2024-3354 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3353 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3352 (A vulnerability has been found in SourceCodester Aplaya Beach Resort O ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3351 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3350 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3349 (A vulnerability classified as critical was found in SourceCodester Apl ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3348 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3347 (A vulnerability was found in SourceCodester Airline Ticket Reservation ...) - TODO: check + NOT-FOR-US: SourceCodester Airline Ticket Reservation System CVE-2024-3346 (A vulnerability was found in Byzro Smart S80 up to 20240328. It has be ...) - TODO: check + NOT-FOR-US: Byzro Smart S80 CVE-2024-31852 (LLVM before 18.1.3 generates code in which the LR register can be over ...) TODO: check CVE-2024-31851 (A path traversal vulnerability exists in the Java version of CData Syn ...) @@ -27,13 +27,13 @@ CVE-2024-31849 (A path traversal vulnerability exists in the Java version of CDa CVE-2024-31848 (A path traversal vulnerability exists in the Java version of CData API ...) TODO: check CVE-2024-31220 (Sunshine is a self-hosted game stream host for Moonlight. Starting in ...) - TODO: check + NOT-FOR-US: Sunshine CVE-2024-31218 (Webhood is a self-hosted URL scanner used analyzing phishing and malic ...) - TODO: check + NOT-FOR-US: Webhood CVE-2024-31213 (InstantCMS is a free and open source content management system. An ope ...) - TODO: check + NOT-FOR-US: InstantCMS CVE-2024-2499 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vul ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2447 (Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x bef ...) TODO: check CVE-2024-2380 (Stored XSS in graph rendering in Checkmk <2.3.0b4.) @@ -45,59 +45,59 @@ CVE-2024-2312 (GRUB2 does not call the module fini functions on exit, leading to [buster] - grub2 (Vulnerable code not present) NOTE: https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127 CVE-2024-29783 (In tmu_get_tr_thresholds, there is a possible out of bounds read due t ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29782 (In tmu_get_tr_num_thresholds of tmu.c, there is a possible out of boun ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29757 (there is a possible permission bypass due to Debug certs being allowli ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29756 (In afe_callback of q6afe.c, there is a possible out of bounds write du ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29755 (In tmu_get_pi of tmu.c, there is a possible out of bounds read due to ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29754 (In TMU_IPC_GET_TABLE, there is a possible out of bounds read due to a ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29753 (In tmu_set_control_temp_step of tmu.c, there is a possible out of boun ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29752 (In tmu_set_tr_num_thresholds of tmu.c, there is a possible out of boun ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29751 (In asn1_ec_pkey_parse_p384 of asn1_common.c, there is a possible OOB R ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29750 (In km_exp_did_inner of kmv.c, there is a possible out of bounds read d ...) - TODO: check + NOT-FOR-US: Android CVE-2024-29749 (In tmu_set_tr_thresholds of tmu.c, there is a possible out of bounds w ...) - TODO:
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 791f5b34 by Salvatore Bonaccorso at 2024-04-05T10:35:25+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,21 +1,21 @@ CVE-2024-3321 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester eLearning System CVE-2024-3320 (A vulnerability was found in SourceCodester eLearning System 1.0. It h ...) - TODO: check + NOT-FOR-US: SourceCodester eLearning System CVE-2024-3316 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3315 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3314 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3311 (A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been de ...) - TODO: check + NOT-FOR-US: Dreamer CMS CVE-2024-3217 (The WP Directory Kit plugin for WordPress is vulnerable to SQL Injecti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31498 (ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge ...) TODO: check CVE-2024-31212 (InstantCMS is a free and open source content management system. A SQL ...) - TODO: check + NOT-FOR-US: InstantCMS CVE-2024-31211 (WordPress is an open publishing platform for the Web. Unserialization ...) TODO: check CVE-2024-31210 (WordPress is an open publishing platform for the Web. It's possible fo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/791f5b34beb6394e1acae038cb4fa149e266039a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/791f5b34beb6394e1acae038cb4fa149e266039a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 30464fce by Salvatore Bonaccorso at 2024-04-04T22:38:30+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2024-3299 (Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free ...) - TODO: check + NOT-FOR-US: Solidworks CVE-2024-3298 (Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the fi ...) - TODO: check + NOT-FOR-US: Solidworks CVE-2024-3262 (Information exposure vulnerability in RT software affecting version 4. ...) TODO: check CVE-2024-3250 (It was discovered that Pebble's read-file API and the associated pebbl ...) @@ -9,17 +9,17 @@ CVE-2024-3250 (It was discovered that Pebble's read-file API and the associated CVE-2024-3116 (pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerabi ...) TODO: check CVE-2024-31215 (Mobile Security Framework (MobSF) is a security research platform for ...) - TODO: check + NOT-FOR-US: Mobile Security Framework (MobSF) CVE-2024-31209 (oidcc is the OpenID Connect client library for Erlang. Denial of Servi ...) TODO: check CVE-2024-31207 (Vite (French word for "quick", pronounced /vit/, like "veet") is a fro ...) TODO: check CVE-2024-30565 (An issue was discovered in SeaCMS version 12.9, allows remote attacker ...) - TODO: check + NOT-FOR-US: SeaCMS CVE-2024-30266 (wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime ...) - TODO: check + NOT-FOR-US: wasmtime CVE-2024-30263 (macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. ...) - TODO: check + NOT-FOR-US: PDF Viewer Macro for XWiki CVE-2024-30261 (Undici is an HTTP/1.1 client, written from scratch for Node.js. An att ...) TODO: check CVE-2024-30260 (Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30464fce7877ba10cdf1f4b2f477f89d6e30e611 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30464fce7877ba10cdf1f4b2f477f89d6e30e611 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0736fae2 by Salvatore Bonaccorso at 2024-04-04T11:16:39+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2024-3274 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Li ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-3273 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-3272 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-3270 (A vulnerability classified as problematic was found in ThingsBoard up ...) - TODO: check + NOT-FOR-US: ThingsBoard CVE-2024-3030 (The Announce from the Dashboard plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3022 (The BookingPress plugin for WordPress is vulnerable to arbitrary file ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31025 (SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain ...) - TODO: check + NOT-FOR-US: ECshop CVE-2024-30265 (Collabora Online is a collaborative online office suite based on Libre ...) - TODO: check + NOT-FOR-US: Collabora Online CVE-2024-2919 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) TODO: check CVE-2024-2868 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) @@ -99,7 +99,7 @@ CVE-2024-3178 (Concrete CMS versions 9 below 9.2.8 and versions below8.5.16 are CVE-2024-31420 (A NULL pointer dereference flaw was found in KubeVirt. This flaw allow ...) TODO: check CVE-2024-31419 (An information disclosure flaw was found in OpenShift Virtualization. ...) - TODO: check + NOT-FOR-US: Red Hat OpenShift Virtualization CVE-2024-31393 (Dragging Javascript URLs to the address bar could cause them to be loa ...) TODO: check CVE-2024-31392 (If an insecure element was added to a page after a delay, Firefox woul ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0736fae2b49b9737bdbebf464b1c7d0b2dbdb943 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0736fae2b49b9737bdbebf464b1c7d0b2dbdb943 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
536cec60 by Salvatore Bonaccorso at 2024-04-03T23:05:24+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -17,13 +17,13 @@ CVE-2024-3252 (A vulnerability classified as critical has
been found in SourceCo
CVE-2024-3251 (A vulnerability was found in SourceCodester Computer Laboratory
Manage ...)
NOT-FOR-US: SourceCodester Computer Laboratory Management System
CVE-2024-3181 (Concrete CMS version 9 prior to 9.2.8 and previous versions
prior to 8 ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2024-3180 (Concrete CMS version 9 below 9.2.8 and previous versions below
8.5.16 ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2024-3179 (Concrete CMS version 9 before 9.2.8 and previous versions
before 8.5.1 ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2024-3178 (Concrete CMS versions 9 below 9.2.8 and versions below8.5.16
are vulne ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2024-31420 (A NULL pointer dereference flaw was found in KubeVirt. This
flaw allow ...)
TODO: check
CVE-2024-31419 (An information disclosure flaw was found in OpenShift
Virtualization. ...)
@@ -33,51 +33,51 @@ CVE-2024-31393 (Dragging Javascript URLs to the address bar
could cause them to
CVE-2024-31392 (If an insecure element was added to a page after a delay,
Firefox woul ...)
TODO: check
CVE-2024-31390 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31380 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30572 (Netgear R6850 1.1.0.88 was discovered to contain a command
injection v ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-30571 (An information leak in the BRS_top.html component of Netgear
R6850 v1. ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-30570 (An information leak in debuginfo.htm of Netgear R6850
v1.1.0.88 allows ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-30569 (An information leak in currentsetting.htm of Netgear R6850
v1.1.0.88 a ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-30568 (Netgear R6850 1.1.0.88 was discovered to contain a command
injection v ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-30366 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30334 (Foxit PDF Reader Doc Object Use-After-Free Remote Code
Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30333 (Foxit PDF Reader Doc Object Use-After-Free Remote Code
Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30332 (Foxit PDF Reader Doc Object Use-After-Free Remote Code
Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30331 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30330 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30329 (Foxit PDF Reader Annotation Use-After-Free Information
Disclosure Vuln ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30328 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30327 (Foxit PDF Reader template Use-After-Free Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30326 (Foxit PDF Reader Doc Object Use-After-Free Remote Code
Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30325 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30324 (Foxit PDF Reader Doc Object Use-After-Free Remote Code
Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30323 (Foxit PDF Reader template Out-Of-Bounds Read Remote Code
Execution Vul ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30322 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-2758 (Tempesta FW rate limits are not enabled by default. They are
either se ...)
- TODO: check
+ NOT-FOR-US: Tempesta FW
CVE-2024-2753 (Concrete CMS version 9 before 9.2.8 and previous versions prior
to 8.5 ...)
- TODO: check
+
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9013f2dd by Salvatore Bonaccorso at 2024-04-03T22:54:55+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,21 +1,21 @@ CVE-2024-3259 (A vulnerability was found in SourceCodester Internship Portal Manageme ...) - TODO: check + NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3258 (A vulnerability was found in SourceCodester Internship Portal Manageme ...) - TODO: check + NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3257 (A vulnerability was found in SourceCodester Internship Portal Manageme ...) - TODO: check + NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3256 (A vulnerability has been found in SourceCodester Internship Portal Man ...) - TODO: check + NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3255 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3254 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3253 (A vulnerability classified as critical was found in SourceCodester Int ...) - TODO: check + NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3252 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3251 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3181 (Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8 ...) TODO: check CVE-2024-3180 (Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9013f2dd7d293d61dae266ad18fb592c65499196 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9013f2dd7d293d61dae266ad18fb592c65499196 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a05de6d0 by Salvatore Bonaccorso at 2024-04-03T22:32:15+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -83,7 +83,7 @@ CVE-2024-2653 (amphp/http will collect CONTINUATION frames in
an unbounded buffe
CVE-2024-29477 (Lack of sanitization during Installation Process in Dolibarr
ERP CRM u ...)
TODO: check
CVE-2024-28782 (IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM
Cloud Pa ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-28275 (Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was
discovere ...)
TODO: check
CVE-2024-27972 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
@@ -119,7 +119,7 @@ CVE-2024-27336 (Kofax Power PDF PNG File Parsing
Out-Of-Bounds Read Information
CVE-2024-27335 (Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote
Code Execut ...)
TODO: check
CVE-2024-27254 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 10.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-27201 (An improper input validation vulnerability exists in the OAS
Engine Us ...)
TODO: check
CVE-2024-27191 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
@@ -131,9 +131,9 @@ CVE-2024-25918 (Unrestricted Upload of File with Dangerous
Type vulnerability in
CVE-2024-25096 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
TODO: check
CVE-2024-25046 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-25030 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-24976 (A denial of service vulnerability exists in the OAS Engine
File Data S ...)
TODO: check
CVE-2024-24707 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
@@ -141,7 +141,7 @@ CVE-2024-24707 (Improper Control of Generation of Code
('Code Injection') vulner
CVE-2024-23540 (The HCL BigFix Inventory server is vulnerable to path
traversal which ...)
TODO: check
CVE-2024-22360 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-22178 (A file write vulnerability exists in the OAS Engine Save
Security Conf ...)
TODO: check
CVE-2024-21870 (A file write vulnerability exists in the OAS Engine Tags
Configuration ...)
@@ -183,7 +183,7 @@ CVE-2024-0172 (Dell PowerEdge Server BIOS and Dell
Precision Rack BIOS contain a
CVE-2023-5755
REJECTED
CVE-2023-52296 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-45552 (In VeridiumID before 3.5.0, a stored cross-site scripting
(XSS) vulner ...)
TODO: check
CVE-2023-44040 (In VeridiumID before 3.5.0, the identity provider page is
susceptible ...)
@@ -193,7 +193,7 @@ CVE-2023-44039 (In VeridiumID before 3.5.0, the WebAuthn
API allows an internal
CVE-2023-44038 (In VeridiumID before 3.5.0, the identity provider page allows
an unaut ...)
TODO: check
CVE-2023-38729 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server)10.5, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-35812 (An issue was discovered in the Amazon Linux packages of
OpenSSH 7.4 fo ...)
TODO: check
CVE-2024-26779 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a05de6d0f16446ec6ba3a32c719227a15f224aa0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a05de6d0f16446ec6ba3a32c719227a15f224aa0
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f4b16bb by Salvatore Bonaccorso at 2024-04-03T10:46:56+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,25 +3,25 @@ CVE-2024-3248 (In Xpdf 4.05 (and earlier), a PDF object loop in the attachments CVE-2024-3247 (In Xpdf 4.05 (and earlier), a PDF object loop in an object stream lead ...) TODO: check CVE-2024-3227 (A vulnerability was found in Panwei eoffice OA up to 9.5. It has been ...) - TODO: check + NOT-FOR-US: Panwei eoffice OA CVE-2024-3226 (A vulnerability was found in Campcodes Online Patient Record Managemen ...) - TODO: check + NOT-FOR-US: Campcodes Online Patient Record Management System CVE-2024-3225 (A vulnerability was found in SourceCodester PHP Task Management System ...) - TODO: check + NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-3224 (A vulnerability has been found in SourceCodester PHP Task Management S ...) - TODO: check + NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-3223 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-3222 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-3221 (A vulnerability classified as critical was found in SourceCodester PHP ...) - TODO: check + NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-3218 (A vulnerability classified as critical has been found in Shibang Commu ...) - TODO: check + NOT-FOR-US: Shibang Communications IP Network Intercom Broadcasting System CVE-2024-3209 (A vulnerability was found in UPX up to 4.2.2. It has been rated as cri ...) TODO: check CVE-2024-3207 (A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been ...) - TODO: check + NOT-FOR-US: ermig1979 Simd CVE-2024-3205 (A vulnerability was found in yaml libyaml up to 0.2.5 and classified a ...) TODO: check CVE-2024-3204 (A vulnerability has been found in c-blosc2 up to 2.13.2 and classified ...) @@ -29,89 +29,89 @@ CVE-2024-3204 (A vulnerability has been found in c-blosc2 up to 2.13.2 and class CVE-2024-3203 (A vulnerability, which was classified as critical, was found in c-blos ...) TODO: check CVE-2024-3202 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: codelyfe Stupid Simple CMS CVE-2024-3162 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31013 (Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, all ...) - TODO: check + NOT-FOR-US: emlog CVE-2024-31012 (An issue was discovered in SEMCMS v.4.8, allows remote attackers to ex ...) - TODO: check + NOT-FOR-US: SEMCMS CVE-2024-31011 (Arbitrary file write vulnerability in beescms v.4.0, allows a remote a ...) - TODO: check + NOT-FOR-US: beescms CVE-2024-31010 (SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker ...) - TODO: check + NOT-FOR-US: SEMCMS CVE-2024-31009 (SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker ...) - TODO: check + NOT-FOR-US: SEMCMS CVE-2024-31008 (An issue was discovered in WUZHICMS version 4.1.0, allows an attacker ...) - TODO: check + NOT-FOR-US: WUZHICMS CVE-2024-30998 (SQL Injection vulnerability in PHPGurukul Men Salon Management System ...) - TODO: check + NOT-FOR-US: PHPGurukul Men Salon Management System CVE-2024-30371 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30370 (RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability ...) TODO: check CVE-2024-30367 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30365 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30364 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Discl ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30363 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Discl ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30362 (Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 35640d10 by Salvatore Bonaccorso at 2024-04-02T10:44:12+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -274,7 +274,7 @@ CVE-2024-29435 (An issue discovered in Alldata v0.4.6 allows attacker to run arb CVE-2024-29433 (A deserialization vulnerability in the FASTJSON component of Alldata v ...) TODO: check CVE-2024-28232 (Go package IceWhaleTech/CasaOS-UserService provides user management fu ...) - TODO: check + NOT-FOR-US: IceWhaleTech/CasaOS-UserService CVE-2024-25574 (SQL injection vulnerability exists in GetDIAE_usListParameters.) TODO: check CVE-2024-25080 (WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attac ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35640d10685d59d463dedcba3216c6bdfed676f5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35640d10685d59d463dedcba3216c6bdfed676f5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f52b1ab0 by Salvatore Bonaccorso at 2024-04-02T06:49:43+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,47 +1,47 @@ CVE-2024-3135 (The web server lacked CSRF tokens allowing an attacker to host malicio ...) TODO: check CVE-2024-3131 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3130 (Hard-coded Credentialsin CoolKit eWeLlink app are before 5.4.x on Andr ...) - TODO: check + NOT-FOR-US: CoolKit eWeLlink app CVE-2024-3129 (A vulnerability was found in SourceCodester Image Accordion Gallery Ap ...) - TODO: check + NOT-FOR-US: SourceCodester Image Accordion Gallery App CVE-2024-3128 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) - TODO: check + NOT-FOR-US: Replify-Messenger CVE-2024-3125 (A vulnerability classified as problematic was found in Zebra ZTC GK420 ...) - TODO: check + NOT-FOR-US: Zebra ZTC GK420d CVE-2024-3124 (A vulnerability classified as problematic has been found in fridgecow ...) - TODO: check + NOT-FOR-US: fridgecow smartalarm CVE-2024-31099 (Missing Authorization vulnerability in Averta Shortcodes and extra fea ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30872 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /include/authr ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30871 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/appl ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30870 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/address ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30868 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_get ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30867 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_vi ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30866 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/menu.php.) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30865 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_us ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30864 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30863 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/hist ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30862 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/index.php.) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30861 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configg ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30860 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_ ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30859 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-30858 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fi ...) - TODO: check + NOT-FOR-US: netentsec NS-ASG CVE-2024-29435 (An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary ...) TODO: check CVE-2024-29433 (A deserialization vulnerability in the FASTJSON component of Alldata v ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f52b1ab0a14d62f90922391d7bc513e31fb6ec58 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f52b1ab0a14d62f90922391d7bc513e31fb6ec58 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7c177721 by Salvatore Bonaccorso at 2024-04-01T21:23:35+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -62,11 +62,11 @@ CVE-2024-20039 (In modem protocol, there is a possible out
of bounds write due t
CVE-2024-1526 (The Hubbub Lite WordPress plugin before 1.33.1 does not ensure
that u ...)
NOT-FOR-US: WordPress plugin
CVE-2023-51803 (LinuxServer.io Heimdall before 2.5.7 does not prevent use of
icons tha ...)
- TODO: check
+ NOT-FOR-US: LinuxServer.io Heimdall
CVE-2016-15038 (A vulnerability, which was classified as critical, was found
in NUUO N ...)
- TODO: check
+ NOT-FOR-US: NUUO NVRmini
CVE-2014-125110 (A vulnerability has been found in wp-file-upload Plugin up to
2.4.3 on ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31123 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-31122 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c177721c47ef7ba0fd23a07e407b47c1371585b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c177721c47ef7ba0fd23a07e407b47c1371585b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5693d1de by Salvatore Bonaccorso at 2024-04-01T10:43:10+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,51 +1,51 @@
CVE-2024-31033 (JJWT (aka Java JWT) through 0.12.5 ignores certain characters
and thus ...)
TODO: check
CVE-2024-2278 (Themify WordPress plugin before 1.4.4 does not sanitise and
escape so ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2263 (Themify WordPress plugin before 1.4.4 does not sanitise and
escape a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2262 (Themify WordPress plugin before 1.4.4 does not have CSRF check
in its ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-28895 ('Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo!
JAPAN' A ...)
- TODO: check
+ NOT-FOR-US: 'Yahoo! JAPAN' App
CVE-2024-27609 (Bonita before 2023.2-u2 allows stored XSS via a UI screen in
the admin ...)
- TODO: check
+ NOT-FOR-US: Bonita
CVE-2024-20055 (In imgsys, there is a possible information disclosure due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20054 (In gnss, there is a possible escalation of privilege due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20053 (In flashc, there is a possible out of bounds write due to an
uncaught ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20052 (In flashc, there is a possible information disclosure due to
an uncaug ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20051 (In flashc, there is a possible system crash due to an uncaught
excepti ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20050 (In flashc, there is a possible information disclosure due to
an uncaug ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20049 (In flashc, there is a possible information disclosure due to
an uncaug ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20048 (In flashc, there is a possible information disclosure due to
an uncaug ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20047 (In battery, there is a possible out of bounds read due to an
integer o ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20046 (In battery, there is a possible escalation of privilege due to
an inte ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20045 (In audio, there is a possible out of bounds read due to an
incorrect c ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20044 (In da, there is a possible out of bounds write due to a
missing bounds ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20043 (In da, there is a possible out of bounds write due to a
missing bounds ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20042 (In da, there is a possible out of bounds write due to a
missing bounds ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20041 (In da, there is a possible out of bounds read due to a missing
bounds ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20040 (In wlan firmware, there is a possible out of bounds write due
to impro ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20039 (In modem protocol, there is a possible out of bounds write due
to a mi ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-1526 (The Hubbub Lite WordPress plugin before 1.33.1 does not ensure
that u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51803 (LinuxServer.io Heimdall before 2.5.7 does not prevent use of
icons tha ...)
TODO: check
CVE-2016-15038 (A vulnerability, which was classified as critical, was found
in NUUO N ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5693d1de74b7c6399f1fcd5f36260f85edc8106e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5693d1de74b7c6399f1fcd5f36260f85edc8106e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a1c499ca by Salvatore Bonaccorso at 2024-03-31T22:52:47+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,107 +1,107 @@
CVE-2024-31123 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31122 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31121 (Contributor Cross Site Scripting (XSS) in HeartThis <= 0.1.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31120 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31117 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31116 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31115 (Unrestricted Upload of File with Dangerous Type vulnerability
in Quant ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31114 (Unrestricted Upload of File with Dangerous Type vulnerability
in biplo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31112 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31110 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31108 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31107 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31106 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31104 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31103 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31102 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31101 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31100 (Cross-Site Request Forgery (CSRF) vulnerability in Festi-Team
Popup Ca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31097 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31096 (Cross-Site Request Forgery (CSRF) vulnerability in kopatheme
Nictitate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31095 (Authorization Bypass Through User-Controlled Key vulnerability
in Rica ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31094 (Deserialization of Untrusted Data vulnerability in Filter
Custom Field ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31092 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31091 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31090 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31089 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31087 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31085 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31084 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30561 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30559 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aac9c650 by Salvatore Bonaccorso at 2024-03-31T22:41:57+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -103,13 +103,13 @@ CVE-2024-30523 (Insertion of Sensitive Information into
Log File vulnerability i
CVE-2024-30489 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2024-25027 (IBM Security Verify Access 10.0.6 could disclose sensitive
snapshot in ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-22353 (IBM WebSphere Application Server Liberty 17.0.0.3 through
24.0.0.3 is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-50959 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1,
18.0.2,19.0.1, 1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-50311 (IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3
transmits ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-36828 (A vulnerability was found in DiscuzX up to 3.4-20200818. It
has been c ...)
TODO: check
CVE-2017-20191 (A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1.
It has ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac9c650c2a06c4ecb00ce547e5f9f408c21fd18
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac9c650c2a06c4ecb00ce547e5f9f408c21fd18
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7b20882a by Salvatore Bonaccorso at 2024-03-30T21:19:06+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,21 +1,21 @@ CVE-2024-3091 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) - TODO: check + NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3090 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) - TODO: check + NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3089 (A vulnerability has been found in PHPGurukul Emergency Ambulance Hirin ...) - TODO: check + NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3088 (A vulnerability, which was classified as critical, was found in PHPGur ...) - TODO: check + NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3087 (A vulnerability, which was classified as critical, has been found in P ...) - TODO: check + NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3086 (A vulnerability classified as problematic was found in PHPGurukul Emer ...) - TODO: check + NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3085 (A vulnerability classified as critical has been found in PHPGurukul Em ...) - TODO: check + NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3018 (The Essential Addons for Elementor plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2491 (The PowerPack Addons for Elementor plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1522 (I have activated the CORS because I had a development ui that uses ano ...) TODO: check CVE-2024-3084 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b20882aaac2ed5318f674d992bea200bff7b508 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b20882aaac2ed5318f674d992bea200bff7b508 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cd5fee28 by Salvatore Bonaccorso at 2024-03-30T11:18:32+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,35 +1,35 @@ CVE-2024-3084 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) - TODO: check + NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-2948 (The Favorites plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2794 (The Gutenberg Block Editor Toolkit \u2013 EditorsKit plugin for WordPr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2144 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2143 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2142 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2141 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2140 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2086 (The Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Pla ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2047 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29278 (funboot v1.1 is vulnerable to Cross Site Scripting (XSS) via the title ...) TODO: check CVE-2024-28288 (Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when re ...) - TODO: check + NOT-FOR-US: Ruijie RG-NBR700GW router CVE-2024-1692 (The BoldGrid Easy SEO \u2013 Simple and Effective SEO plugin for WordP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1238 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1051 (The List category posts plugin for WordPress is vulnerable to Stored C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0367 (The Unlimited Elements For Elementor plugin for WordPress is vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3081 (A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has be ...) NOT-FOR-US: EasyCorp EasyAdmin CVE-2024-3078 (A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd5fee2856bd315a41267d210d90b00a495a3418 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd5fee2856bd315a41267d210d90b00a495a3418 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ded99e0f by Salvatore Bonaccorso at 2024-03-29T22:51:26+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -201,43 +201,43 @@ CVE-2024-30247 (NextcloudPi is a ready to use image for Virtual Machines, Raspbe CVE-2024-30246 (Tuleap is an Open Source Suite to improve management of software devel ...) NOT-FOR-US: Tuleap CVE-2024-2970 (The News Wall plugin for WordPress is vulnerable to Cross-Site Request ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2969 (The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Reques ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2968 (The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2964 (The Pocket News Generator plugin for WordPress is vulnerable to Cross- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2963 (The Pocket News Generator plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2936 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2848 (The Responsive theme for WordPress is vulnerable to unauthorized modif ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2844 (The Easy Appointments plugin for WordPress is vulnerable to unauthoriz ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2842 (The Easy Appointments plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2841 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2476 (The OceanWP theme for WordPress is vulnerable to unauthorized access o ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2475 (The Media Library Assistant plugin for WordPress is vulnerable to Stor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2411 (The MasterStudy LMS plugin for WordPress is vulnerable to Local File I ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2409 (The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2280 (The Better Elementor Addons plugin for WordPress is vulnerable to Stor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2250 (The 130+ Widgets | Best Addons For Elementor \u2013 FREE plugin for Wo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2116 (The Christmas Greetings plugin for WordPress is vulnerable to Reflecte ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2113 (The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2108 (The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29904 (CodeIgniter is a PHP full-stack web framework A vulnerability was foun ...) - codeigniter (bug #471583) CVE-2024-29901 (The AuthKit library for Next.js provides helpers for authentication an ...) @@ -245,45 +245,45 @@ CVE-2024-29901 (The AuthKit library for Next.js provides helpers for authenticat CVE-2024-29900 (Electron Packager bundles Electron-based application source code with ...) TODO: check CVE-2024-29893 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) - TODO: check + NOT-FOR-US: Argo CD CVE-2024-29890 (DataLens is a business intelligence and data visualization system. A s ...) - TODO: check + NOT-FOR-US: DataLens CVE-2024-29686 (Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1. ...) - TODO: check + NOT-FOR-US: Winter CMS CVE-2024-29667 (SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 ...) - TODO: check + NOT-FOR-US: Tongtianxing CVE-2024-29640 (An issue in aliyundrive-webdav v.2.3.3 and before allows a remote atta ...) TODO: check CVE-2024-29489 (Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:23 ...) TODO: check CVE-2024-29316 (NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-pr ...) - TODO: check + NOT-FOR-US: NodeBB CVE-2024-29202 (JumpServer is an open source bastion host and an operation and mainten ...) - TODO: check + NOT-FOR-US: JumpServer CVE-2024-29201 (JumpServer is an open source bastion host
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
82e47499 by Salvatore Bonaccorso at 2024-03-29T21:43:56+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,205 +1,205 @@
CVE-2024-3081 (A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It
has be ...)
- TODO: check
+ NOT-FOR-US: EasyCorp EasyAdmin
CVE-2024-3078 (A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and
classi ...)
TODO: check
CVE-2024-3077 (An malicious BLE device can crash BLE victim device by sending
malform ...)
- TODO: check
+ NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
CVE-2024-3061 (The HUSKY \u2013 Products Filter Professional for WooCommerce
plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31032 (An issue in Huashi Private Cloud CDN Live Streaming
Acceleration Serve ...)
- TODO: check
+ NOT-FOR-US: Huashi Private Cloud CDN Live Streaming Acceleration Server
hgateway-sixport
CVE-2024-30645 (Tenda AC15V1.0 V15.03.20_multi has a command injection
vulnerability v ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30639 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability
in the p ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30638 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability
via the ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30637 (Tenda F1202 v1.2.0.20(408) has a command injection
vulnerablility in t ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30636 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability
via the ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30635 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability
located ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30634 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability
via the ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30633 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability
in the s ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30632 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability
in the s ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30631 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability
in the s ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30630 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability
in the t ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30629 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability
in the l ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30628 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability
in the p ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30627 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability
in the d ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30626 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability
in the s ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30625 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability
in the e ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30624 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability
in the u ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30623 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability
in the p ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30622 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability
in the m ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30613 (Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in
the time ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-30521 (Cross-Site Request Forgery (CSRF) vulnerability in Landingi
Landingi L ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30520 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30519 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30518 (Cross-Site Request Forgery (CSRF) vulnerability in
ThemeLocation Custo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30514 (Insertion of Sensitive Information into Log File vulnerability
in Paid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30513 (Authorization Bypass Through User-Controlled Key vulnerability
in Meta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30511 (Insertion of Sensitive Information into Log File vulnerability
in Fr\x ...)
- TODO: check
+ NOT-FOR-US:
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
afefaf83 by Salvatore Bonaccorso at 2024-03-29T21:25:51+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -285,11 +285,11 @@ CVE-2024-24407 (SQL Injection vulnerability in Best
Courier management system v.
CVE-2024-23727 (The YI Smart Kami Vision com.kamivision.yismart application
through 1. ...)
TODO: check
CVE-2024-23539 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Apache Fineract
CVE-2024-23538 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Apache Fineract
CVE-2024-23537 (Improper Privilege Management vulnerability in Apache
Fineract.This is ...)
- TODO: check
+ NOT-FOR-US: Apache Fineract
CVE-2024-23449 (An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1
occurs wh ...)
TODO: check
CVE-2024-1872 (The Button plugin for WordPress is vulnerable to PHP Object
Injection ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afefaf83e77f2bc9a6640e5f2c8d1ca5f574e891
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afefaf83e77f2bc9a6640e5f2c8d1ca5f574e891
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bd70652f by Salvatore Bonaccorso at 2024-03-29T09:10:50+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -103,7 +103,7 @@ CVE-2024-29897 (CreateWiki is Miraheze's MediaWiki
extension for requesting & cr
CVE-2024-29896 (Astro-Shield is a library to compute the subresource integrity
hashes ...)
TODO: check
CVE-2024-29882 (SRS is a simple, high-efficiency, real-time video server.
SRS's `/api/ ...)
- TODO: check
+ NOT-FOR-US: SRS video server
CVE-2024-29200 (Kimai is a web-based multi-user time-tracking application. The
permiss ...)
NOT-FOR-US: Kimai
CVE-2024-28713 (An issue in Mblog Blog system v.3.5.0 allows an attacker to
execute ar ...)
@@ -295,29 +295,29 @@ CVE-2024-29100 (Unrestricted Upload of File with
Dangerous Type vulnerability in
CVE-2024-29090 (Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow
AI Engi ...)
NOT-FOR-US: WordPress plugin
CVE-2024-28016 (Improper Access Controlvulnerability in NEC Corporation Aterm
WG1800HP ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28015 (Improper Neutralization of Special Elements used in an OS
Command vuln ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28014 (Stack-based Buffer Overflow vulnerability in NEC Corporation
Aterm WG1 ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28013 (Use of Insufficiently Random Values vulnerability in NEC
Corporation A ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28012 (Improper authentication vulnerability in NEC Corporation Aterm
WG1800H ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28011 (Hidden Functionality vulnerability in NEC Corporation Aterm
WG1800HP4, ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28010 (Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4,
WG1200H ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28009 (Improper authentication vulnerability in NEC Corporation Aterm
WG1800H ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28008 (Active Debug Code in NEC Corporation Aterm WG1800HP4,
WG1200HS3, WG190 ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28007 (Improper authentication vulnerability in NEC Corporation Aterm
WG1800H ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28006 (Improper authentication vulnerability in NEC Corporation Aterm
WG1800H ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28005 (Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3,
WG1200HS2 ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28004 (Missing Authorization vulnerability in ExtendThemes Colibri
Page Build ...)
NOT-FOR-US: WordPress plugin
CVE-2024-28003 (Missing Authorization vulnerability in Megamenu Max Mega
Menu.This iss ...)
@@ -337,7 +337,7 @@ CVE-2024-25599 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2024-25354 (RegEx Denial of Service in domain-suffix 1.0.8 allows
attackers to cra ...)
TODO: check
CVE-2024-23500 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP
Gutenbe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22138 (Insertion of Sensitive Information into Log File vulnerability
in Sera ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1770 (The Meta Tag Manager plugin for WordPress is vulnerable to PHP
Object ...)
@@ -474,9 +474,9 @@ CVE-2024-29891 (ZITADEL users can upload their own avatar
image and various imag
CVE-2024-29888 (Saleor is an e-commerce platform that serves high-volume
companies. Wh ...)
NOT-FOR-US: Saleor
CVE-2024-29887 (Serverpod is an app and web server, built for the Flutter and
Dart eco ...)
- TODO: check
+ NOT-FOR-US: Serverpod
CVE-2024-29886 (Serverpod is an app and web server, built for the Flutter and
Dart eco ...)
- TODO: check
+ NOT-FOR-US: Serverpod
CVE-2024-29819 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-29818 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -590,7 +590,7 @@ CVE-2024-28233 (JupyterHub is an open source multi-user
server for Jupyter noteb
CVE-2024-27270 (IBM WebSphere Application Server Liberty 23.0.0.3 through
24.0.0.3 is ...)
NOT-FOR-US: IBM
CVE-2024-27091 (GeoNode is a geospatial content management system, a platform
for the ...)
- TODO: check
+ NOT-FOR-US: GeoNode
CVE-2024-25962 (Dell InsightIQ, version 5.0, contains an improper access
control vulne ...)
NOT-FOR-US: Dell
CVE-2024-23515 (Cross-Site Request Forgery (CSRF) vulnerability in Cincopa
Post Video ...)
@@ -638,7 +638,7 @@ CVE-2024-20265 (A vulnerability in the boot
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6aa435c8 by Salvatore Bonaccorso at 2024-03-28T21:36:11+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,91 +1,91 @@ CVE-2024-3042 (A vulnerability was found in SourceCodester Simple Subscription Websit ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Subscription Website CVE-2024-3041 (A vulnerability has been found in Netentsec NS-ASG Application Securit ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-3040 (A vulnerability, which was classified as critical, was found in Netent ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-3039 (A vulnerability classified as critical has been found in Shanghai Brad ...) - TODO: check + NOT-FOR-US: Shanghai Brad Technology BladeX CVE-2024-3019 (A flaw was found in PCP. The default pmproxy configuration exposes the ...) TODO: check CVE-2024-31140 (In JetBrains TeamCity before 2024.03 server administrators could remov ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31139 (In JetBrains TeamCity before 2024.03 xXE was possible in the Maven bui ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31138 (In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distri ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31137 (In JetBrains TeamCity before 2024.03 reflected XSS was possible via Sp ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31136 (In JetBrains TeamCity before 2024.03 2FA could be bypassed by providin ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31135 (In JetBrains TeamCity before 2024.03 open redirect was possible on the ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31134 (In JetBrains TeamCity before 2024.03 authenticated users without admin ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31065 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) - TODO: check + NOT-FOR-US: Insurance Mangement System CVE-2024-31064 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) - TODO: check + NOT-FOR-US: Insurance Mangement System CVE-2024-31063 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) - TODO: check + NOT-FOR-US: Insurance Mangement System CVE-2024-31062 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) - TODO: check + NOT-FOR-US: Insurance Mangement System CVE-2024-31061 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) - TODO: check + NOT-FOR-US: Insurance Mangement System CVE-2024-30612 (Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the dev ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30607 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the device ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30606 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page p ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30604 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30603 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls p ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30602 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedS ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30601 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time p ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30600 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedE ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30599 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the device ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30598 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30597 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30596 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30595 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30594 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fd899c30 by Salvatore Bonaccorso at 2024-03-28T09:49:13+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,81 +1,81 @@
CVE-2024-3024 (A vulnerability was found in appneta tcpreplay up to 4.4.4. It
has bee ...)
TODO: check
CVE-2024-3015 (A vulnerability classified as critical was found in
SourceCodester Sim ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Simple Subscription Website
CVE-2024-3014 (A vulnerability classified as critical has been found in
SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Simple Subscription Website
CVE-2024-3013 (A vulnerability was found in FLIR AX8 up to 1.46.16. It has
been rated ...)
- TODO: check
+ NOT-FOR-US: FLIR AX8
CVE-2024-3012 (A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has
been de ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-3011 (A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has
been cl ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-3010 (A vulnerability was found in Tenda FH1205 2.0.0.7(775) and
classified ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-3009 (A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and
classi ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-3008 (A vulnerability, which was classified as critical, was found in
Tenda ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-3007 (A vulnerability, which was classified as critical, has been
found in T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-3006 (A vulnerability classified as critical was found in Tenda
FH1205 2.0.0 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-3004 (A vulnerability was found in code-projects Online Book System
1.0 and ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Book System
CVE-2024-3003 (A vulnerability has been found in code-projects Online Book
System 1.0 ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Book System
CVE-2024-3002 (A vulnerability, which was classified as critical, was found in
code-p ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Book System
CVE-2024-3001 (A vulnerability, which was classified as critical, has been
found in c ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Book System
CVE-2024-3000 (A vulnerability classified as critical was found in
code-projects Onli ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Book System
CVE-2024-30245 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30244 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30243 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30242 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30241 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Metagauss ProfileGrid
CVE-2024-30240 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30239 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30237 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30236 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30230 (Deserialization of Untrusted Data vulnerability in Acowebs PDF
Invoice ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30229 (Deserialization of Untrusted Data vulnerability in GiveWP.This
issue a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30228 (Deserialization of Untrusted Data vulnerability in Hercules
Design Her ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30227 (Deserialization of Untrusted Data vulnerability in INFINITUM
FORM Geo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30226 (Deserialization of Untrusted Data vulnerability in WPDeveloper
BetterD ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30225 (Deserialization of Untrusted Data vulnerability in WPENGINE,
INC. WP M ...)
- TODO: check
+
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d588e16e by Salvatore Bonaccorso at 2024-03-27T09:29:11+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,67 +1,67 @@
CVE-2024-30201 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30199 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30198 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30197 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30196 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30195 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30194 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30193 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30192 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2971 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered
by negat ...)
TODO: check
CVE-2024-2956 (The Simple Ajax Chat \u2013 Add a Fast, Secure Chat Box plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2954 (The Action Network plugin for WordPress is vulnerable to SQL
Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2945 (A vulnerability was found in Campcodes Online Examination
System 1.0. ...)
- TODO: check
+ NOT-FOR-US: Campcodes Online Examination System
CVE-2024-2944 (A vulnerability was found in Campcodes Online Examination
System 1.0 a ...)
- TODO: check
+ NOT-FOR-US: Campcodes Online Examination System
CVE-2024-2943 (A vulnerability has been found in Campcodes Online Examination
System ...)
- TODO: check
+ NOT-FOR-US: Campcodes Online Examination System
CVE-2024-2942 (A vulnerability, which was classified as critical, was found in
Campco ...)
- TODO: check
+ NOT-FOR-US: Campcodes Online Examination System
CVE-2024-2941 (A vulnerability, which was classified as critical, has been
found in C ...)
- TODO: check
+ NOT-FOR-US: Campcodes Online Examination System
CVE-2024-2940 (A vulnerability classified as problematic was found in
Campcodes Onlin ...)
- TODO: check
+ NOT-FOR-US: Campcodes Online Examination System
CVE-2024-2939 (A vulnerability classified as problematic has been found in
Campcodes ...)
- TODO: check
+ NOT-FOR-US: Campcodes Online Examination System
CVE-2024-2938 (A vulnerability was found in Campcodes Online Examination
System 1.0. ...)
- TODO: check
+ NOT-FOR-US: Campcodes Online Examination System
CVE-2024-2935 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Todo List in Kanban Board
CVE-2024-2934 (A vulnerability classified as critical was found in
SourceCodester Tod ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Todo List in Kanban Board
CVE-2024-2932 (A vulnerability classified as critical has been found in
SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Chatting System
CVE-2024-2930 (A vulnerability was found in SourceCodester Music Gallery Site
1.0. It ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Music Gallery Site
CVE-2024-2927 (A vulnerability was found in code-projects Mobile Shop 1.0. It
has bee ...)
- TODO: check
+ NOT-FOR-US: code-projects Mobile Shop
CVE-2024-2917 (A vulnerability was found in Campcodes House Rental Management
System ...)
- TODO: check
+ NOT-FOR-US: Campcodes House Rental Management System
CVE-2024-2916 (A vulnerability was found in Campcodes House Rental Management
System ...)
- TODO: check
+ NOT-FOR-US: Campcodes House Rental Management System
CVE-2024-2911 (A vulnerability, which was classified as problematic, was found
in Tia ...)
- TODO: check
+ NOT-FOR-US: Tianjin PubliCMS
CVE-2024-2910 (A vulnerability, which was classified as critical, has been
found in R ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-2909 (A vulnerability
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
80f0fbcd by Salvatore Bonaccorso at 2024-03-26T21:54:29+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,51 +1,51 @@
CVE-2024-30235 (Missing Authorization vulnerability in Themeisle Multiple Page
Generat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30234 (Missing Authorization vulnerability in Wholesale Team
WholesaleX.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30233 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30232 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30231 (Unrestricted Upload of File with Dangerous Type vulnerability
in WebTo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2955 (T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to
4.0.13 a ...)
TODO: check
CVE-2024-2951 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss
Registrat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2929 (A memory corruption vulnerability in Rockwell Automation Arena
Simulat ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-2921 (Improper access control in PAM vault permissions in Devolutions
Server ...)
- TODO: check
+ NOT-FOR-US: Devolutions Server
CVE-2024-2915 (Improper access control in PAM JIT elevation in Devolutions
Server 202 ...)
- TODO: check
+ NOT-FOR-US: Devolutions Server
CVE-2024-2906 (Missing Authorization vulnerability in SoftLab Radio
Player.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2904 (Cross-Site Request Forgery (CSRF) vulnerability in Extend
Themes Calli ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2902 (A vulnerability was found in Tenda AC7 15.03.06.44 and
classified as c ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2901 (A vulnerability has been found in Tenda AC7 15.03.06.44 and
classified ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2900 (A vulnerability, which was classified as critical, was found in
Tenda ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2899 (A vulnerability, which was classified as critical, has been
found in T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2898 (A vulnerability classified as critical was found in Tenda AC7
15.03.06 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2897 (A vulnerability classified as critical has been found in Tenda
AC7 15. ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2896 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been
rated ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2895 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been
declar ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2894 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been
classi ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2893 (A vulnerability was found in Tenda AC7 15.03.06.44 and
classified as c ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2892 (A vulnerability has been found in Tenda AC7 15.03.06.44 and
classified ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2891 (A vulnerability, which was classified as critical, was found in
Tenda ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2802
REJECTED
CVE-2024-2452 (In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can
control ...)
@@ -59,17 +59,17 @@ CVE-2024-29883 (CreateWiki is Miraheze's MediaWiki
extension for requesting & cr
CVE-2024-29881 (TinyMCE is an open source rich text editor. A cross-site
scripting (X ...)
TODO: check
CVE-2024-29833 (The image upload component allows SVG files and the regular
expression ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29832 (The current_url parameter of the AJAX call to the GalleryBox
action of ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29810 (The thumb_url parameter of the AJAX call to the editimage_bwg
action o ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29809 (The image_url parameter of the AJAX call to the editimage_bwg
action o ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29808 (The image_id parameter of the AJAX call to the editimage_bwg
action of ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request
Forgery (C ...)
- TODO:
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9f3b9ece by Salvatore Bonaccorso at 2024-03-25T21:54:38+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -25,29 +25,29 @@ CVE-2024-30202 (In Emacs before 29.3, arbitrary Lisp code
is evaluated as part o
NOTE: https://list.orgmode.org/87o7b3eczr@bzg.fr/T/#t
NOTE:
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9
CVE-2024-2865 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Mergen Software Quality Management System
CVE-2024-2864 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29666 (Insecure Permissions vulnerability in Vehicle Monitoring
platform syst ...)
- TODO: check
+ NOT-FOR-US: Vehicle Monitoring platform system CMSV6
CVE-2024-29650 (An issue in @thi.ng/paths v.5.1.62 and before allows a remote
attacker ...)
TODO: check
CVE-2024-29515 (File Upload vulnerability in lepton v.7.1.0 allows a remote
authentica ...)
- TODO: check
+ NOT-FOR-US: Lepton CMS
CVE-2024-29025 (Netty is an asynchronous event-driven network application
framework fo ...)
TODO: check
CVE-2024-28850 (WP Crontrol controls the cron events on WordPress websites.
WP Crontr ...)
- TODO: check
+ NOT-FOR-US: WP Crontrol
CVE-2024-28435 (The CRM platform Twenty version 0.3.0 is vulnerable to SSRF
via file u ...)
- TODO: check
+ NOT-FOR-US: Twenty CRM
CVE-2024-28434 (The CRM platform Twenty is vulnerable to stored cross site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Twenty CRM
CVE-2024-28393 (SQL injection vulnerability in scalapay v.1.2.41 and before
allows a r ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-28387 (An issue in axonaut v.3.1.23 and before allows a remote
attacker to ob ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-28386 (An issue in Home-Made.io fastmagsync v.1.7.51 and before
allows a remo ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-28246 (KaTeX is a JavaScript library for TeX math rendering on the
web. Code ...)
TODO: check
CVE-2024-28245 (KaTeX is a JavaScript library for TeX math rendering on the
web. KaTeX ...)
@@ -59,27 +59,27 @@ CVE-2024-28243 (KaTeX is a JavaScript library for TeX math
rendering on the web.
CVE-2024-28183 (ESP-IDF is the development framework for Espressif SoCs
supported on W ...)
TODO: check
CVE-2024-28108 (phpMyFAQ is an open source FAQ web application for PHP 8.1+
and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-28107 (phpMyFAQ is an open source FAQ web application for PHP 8.1+
and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-28106 (phpMyFAQ is an open source FAQ web application for PHP 8.1+
and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-28105 (phpMyFAQ is an open source FAQ web application for PHP 8.1+
and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-27300 (phpMyFAQ is an open source FAQ web application for PHP 8.1+
and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-27299 (phpMyFAQ is an open source FAQ web application for PHP 8.1+
and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-25964 (Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert
timing ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-25175 (An issue in Kickdler before v1.107.0 allows attackers to
provide an XS ...)
- TODO: check
+ NOT-FOR-US: Kickdler
CVE-2024-25002 (Command Injection in the diagnostics interface of the Bosch
Network Sy ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2023-48296 (OroPlatform is a PHP Business Application Platform (BAP).
Navigation ...)
- TODO: check
+ NOT-FOR-US: OroPlatform
CVE-2023-45824 (OroPlatform is a PHP Business Application Platform (BAP). A
logged in ...)
- TODO: check
+ NOT-FOR-US: OroPlatform
CVE-2021-47180 (In the Linux kernel, the following vulnerability has been
resolved: N ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
@@ -330,9 +330,9 @@ CVE-2023-37886 (Missing Authorization vulnerability in
InspiryThemes RealHomes.T
CVE-2023-37885 (Missing Authorization vulnerability in InspiryThemes
RealHomes.This is ...)
NOT-FOR-US: WordPress theme
CVE-2023-33923 (Missing Authorization vulnerability in HashThemes Viral News,
HashThem ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2020-36826 (A vulnerability was found in AwesomestCode LiveBot. It has
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5e34b99e by Salvatore Bonaccorso at 2024-03-25T09:53:45+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,53 +1,53 @@
CVE-2024-2863 (This vulnerability allows remote attackers to traverse paths
via file ...)
- TODO: check
+ NOT-FOR-US: LG
CVE-2024-2862 (This vulnerability allows remote attackers to reset the
password of an ...)
- TODO: check
+ NOT-FOR-US: LG
CVE-2024-29216 (Exposed IOCTL with insufficient access control issue exists in
cg6kwin ...)
- TODO: check
+ NOT-FOR-US: cg6kwin2k.sys
CVE-2024-29194 (OneUptime is a solution for monitoring and managing online
services. T ...)
- TODO: check
+ NOT-FOR-US: OneUptime
CVE-2024-29188 (WiX toolset lets developers create installers for Windows
Installer, t ...)
TODO: check
CVE-2024-29187 (WiX toolset lets developers create installers for Windows
Installer, t ...)
TODO: check
CVE-2024-29071 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of
week creden ...)
- TODO: check
+ NOT-FOR-US: HGW BL1500HM
CVE-2024-29034 (CarrierWave is a solution for file uploads for Rails, Sinatra
and othe ...)
TODO: check
CVE-2024-29009 (Cross-site request forgery (CSRF) vulnerability in
easy-popup-show all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-28041 (HGW BL1500HM Ver 002.001.013 and earlier allows a
network-adjacent una ...)
- TODO: check
+ NOT-FOR-US: HGW BL1500HM
CVE-2024-24899 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- TODO: check
+ NOT-FOR-US: openEuler aops-zeus
CVE-2024-24897 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
- TODO: check
+ NOT-FOR-US: openEuler A-Tune-Collector
CVE-2024-24892 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- TODO: check
+ NOT-FOR-US: openEuler migration-tools
CVE-2024-24890 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- TODO: check
+ NOT-FOR-US: openEuler gala-gopher
CVE-2024-21865 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of
week creden ...)
- TODO: check
+ NOT-FOR-US: HGW BL1500HM
CVE-2024-21505 (Versions of the package web3-utils before 4.2.1 are vulnerable
to Prot ...)
TODO: check
CVE-2024-1962 (The CM Download Manager WordPress plugin before 2.9.1 does not
have C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1564 (The wp-schema-pro WordPress plugin before 2.7.16 does not
validate pos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1232 (The CM Download Manager WordPress plugin before 2.9.0 does not
have C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1231 (The CM Download Manager WordPress plugin before 2.9.0 does not
have C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37886 (Missing Authorization vulnerability in InspiryThemes
RealHomes.This is ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-37885 (Missing Authorization vulnerability in InspiryThemes
RealHomes.This is ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-33923 (Missing Authorization vulnerability in HashThemes Viral News,
HashThem ...)
TODO: check
CVE-2020-36826 (A vulnerability was found in AwesomestCode LiveBot. It has
been classi ...)
TODO: check
CVE-2020-36825 (A vulnerability has been found in cyberaz0r WebRAT up to
20191222 and ...)
- TODO: check
+ NOT-FOR-US: cyberaz0r WebRAT
CVE-2024-27281 [RCE vulnerability with .rdoc_options in RDoc]
- ruby3.2
- ruby3.1
@@ -56691,7 +56691,7 @@ CVE-2023-30482 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2023-30481 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Alexey G ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30480 (Missing Authorization vulnerability in Sparkle WP
Educenter.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-30479
RESERVED
CVE-2023-30478 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant
Newslette ...)
@@ -119788,7 +119788,7 @@ CVE-2018-25045 (Django REST framework (aka
django-rest-framework) before 3.9.1 a
- djangorestframework 3.10.2-1
NOTE:
https://github.com/encode/django-rest-framework/commit/4bb9a3c48427867ef1e46f7dee945a4c25a4f9b8
(3.9.1)
CVE-2022-36407 (Insertion of Sensitive Information into Log File vulnerability
in Hita ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2022-36389 (Cross-Site Request Forgery (CSRF) vulnerability in WordPlus
Better Mes ...)
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
14ab63be by Salvatore Bonaccorso at 2024-03-24T21:53:32+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -28,7 +28,7 @@ CVE-2024-2851 (A vulnerability was found in Tenda AC15
15.03.05.18/15.03.20_mult
CVE-2024-2850 (A vulnerability was found in Tenda AC15 15.03.05.18 and
classified as ...)
NOT-FOR-US: Tenda
CVE-2024-24725 (Gibbon through 26.0.00 allows remote authenticated users to
conduct PH ...)
- TODO: check
+ NOT-FOR-US: GibbonEdu Gibbon
CVE-2024-23755 (ClickUp Desktop before 3.3.77 on macOS and Windows allows code
injecti ...)
NOT-FOR-US: ClickUp Desktop
CVE-2020-36827 (The XAO::Web module before 1.84 for Perl mishandles < and >
characters ...)
@@ -111,9 +111,9 @@ CVE-2024-2723 (SQL injection vulnerability in the CIGESv2
system, through/ajaxSu
CVE-2024-2722 (SQL injection vulnerability in the CIGESv2 system,
through/ajaxConfigT ...)
NOT-FOR-US: CIGESv2 system
CVE-2024-2449 (A cross-site request forgery vulnerability has been identified
in Load ...)
- TODO: check
+ NOT-FOR-US: LoadMaster
CVE-2024-2448 (An OS command injection vulnerability has been identified in
LoadMaste ...)
- TODO: check
+ NOT-FOR-US: LoadMaster
CVE-2024-2228 (This vulnerability allows an authenticated user to perform a
Lifecycle ...)
NOT-FOR-US: Sailpoint
CVE-2024-2227 (This vulnerability allows access to arbitrary files in the
application ...)
@@ -138,13 +138,13 @@ CVE-2024-29366 (A command injection vulnerability exists
in the cgibin binary in
CVE-2024-29338 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site
Request Forg ...)
NOT-FOR-US: Anchor CMS
CVE-2024-29186 (Bref is an open-source project that helps users go serverless
on Amazo ...)
- TODO: check
+ NOT-FOR-US: Bref
CVE-2024-29185 (FreeScout is a self-hosted help desk and shared mailbox.
Versions prio ...)
NOT-FOR-US: FreeScout
CVE-2024-29184 (FreeScout is a self-hosted help desk and shared mailbox. A
Stored Cros ...)
NOT-FOR-US: FreeScout
CVE-2024-29042 (Translate is a package that allows users to convert text to
different ...)
- TODO: check
+ NOT-FOR-US: translate Node.js module
CVE-2024-28861 (Symfony 1 is a community-driven fork of the 1.x branch of
Symfony, a P ...)
NOT-FOR-US: Symfony1 (community fork of symfony 1.4 with some
enhancements)
CVE-2024-28824 (Least privilege violation and reliance on untrusted inputs in
the mk_i ...)
@@ -200089,7 +200089,7 @@ CVE-2021-33635 (When malicious images are pulled by
isula pull, attackers can ex
CVE-2021-33634 (iSulad uses the lcr+lxc runtime (default) to run malicious
images, whi ...)
NOT-FOR-US: OpenEuler lcr
CVE-2021-33633 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- TODO: check
+ NOT-FOR-US: openEuler aops-ceres
CVE-2021-33632
RESERVED
CVE-2021-33631 (Integer Overflow or Wraparound vulnerability in openEuler
kernel on Li ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14ab63be8518a9b7673d43426edee20fa51a7d2d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14ab63be8518a9b7673d43426edee20fa51a7d2d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84a52fea by Salvatore Bonaccorso at 2024-03-24T12:11:23+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,25 +3,25 @@ CVE-2024-30161 (In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component ma CVE-2024-30156 (Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 L ...) TODO: check CVE-2024-2856 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2855 (A vulnerability classified as critical was found in Tenda AC15 15.03.0 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2854 (A vulnerability classified as critical has been found in Tenda AC18 15 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2853 (A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It h ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2852 (A vulnerability was found in Tenda AC15 15.03.20_multi. It has been de ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2851 (A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2850 (A vulnerability was found in Tenda AC15 15.03.05.18 and classified as ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-24725 (Gibbon through 26.0.00 allows remote authenticated users to conduct PH ...) TODO: check CVE-2024-23755 (ClickUp Desktop before 3.3.77 on macOS and Windows allows code injecti ...) - TODO: check + NOT-FOR-US: ClickUp Desktop CVE-2020-36827 (The XAO::Web module before 1.84 for Perl mishandles < and > characters ...) - TODO: check + NOT-FOR-US: XAO::Web Perl module CVE-2018-25100 (The Mojolicious module before 7.66 for Perl may leak cookies in certai ...) TODO: check CVE-2024- [possibility to reset password for suspended accounts] @@ -36,7 +36,7 @@ CVE-2024-24835 (Missing Authorization vulnerability in realmag777 BEAR.This issu CVE-2024-24832 (Missing Authorization vulnerability in Metagauss EventPrime.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-1603 (paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision ...) - TODO: check + NOT-FOR-US: PaddlePaddle CVE-2024-2832 (A vulnerability classified as problematic was found in Campcodes Onlin ...) NOT-FOR-US: Campcodes Online Shopping System CVE-2024-2688 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84a52fea415a7c8e90627f4d46c0b156ef54dac4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84a52fea415a7c8e90627f4d46c0b156ef54dac4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 27daf9f3 by Salvatore Bonaccorso at 2024-03-23T21:20:27+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2024-2849 (A vulnerability classified as critical was found in SourceCodester Sim ...) - TODO: check + NOT-FOR-US: SourceCodester Simple File Manager CVE-2024-24840 (Missing Authorization vulnerability in BdThemes Element Pack Elementor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24835 (Missing Authorization vulnerability in realmag777 BEAR.This issue affe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24832 (Missing Authorization vulnerability in Metagauss EventPrime.This issue ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1603 (confirmed) TODO: check CVE-2024-2832 (A vulnerability classified as problematic was found in Campcodes Onlin ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27daf9f3a91b5bc99e3c587f6b9d0e0b75a45d73 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27daf9f3a91b5bc99e3c587f6b9d0e0b75a45d73 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 02c63403 by Salvatore Bonaccorso at 2024-03-23T09:34:42+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,29 +1,29 @@ CVE-2024-2832 (A vulnerability classified as problematic was found in Campcodes Onlin ...) - TODO: check + NOT-FOR-US: Campcodes Online Shopping System CVE-2024-2688 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2468 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2326 (The Pretty Links \u2013 Affiliate Links, Link Branding, Link Tracking ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2202 (The Page Builder by SiteOrigin plugin for WordPress is vulnerable to S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2131 (The Move Addons for Elementor plugin for WordPress is vulnerable to St ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2025 (The "BuddyPress WooCommerce My Account Integration. Create WooCommerce ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29190 (Mobile Security Framework (MobSF) is a pen-testing, malware analysis a ...) - TODO: check + NOT-FOR-US: Mobile Security Framework (MobSF) CVE-2024-29059 (.NET Framework Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-29057 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26247 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-1697 (The Custom WooCommerce Checkout Fields Editor plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1049 (The Page Builder Gutenberg Blocks \u2013 CoBlocks plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2828 (A vulnerability, which was classified as critical, was found in lakern ...) NOT-FOR-US: lakernote EasyAdmin CVE-2024-2827 (A vulnerability, which was classified as critical, has been found in l ...) @@ -62,9 +62,9 @@ CVE-2024-2449 (A cross-site request forgery vulnerability has been identified in CVE-2024-2448 (An OS command injection vulnerability has been identified in LoadMaste ...) TODO: check CVE-2024-2228 (This vulnerability allows an authenticated user to perform a Lifecycle ...) - TODO: check + NOT-FOR-US: Sailpoint CVE-2024-2227 (This vulnerability allows access to arbitrary files in the application ...) - TODO: check + NOT-FOR-US: Sailpoint CVE-2024-29944 (An attacker was able to inject an event handler into a privileged obje ...) - firefox 124.0.1-1 (bug #1067523) - firefox-esr 115.9.1esr-1 @@ -104,7 +104,7 @@ CVE-2024-28559 (SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before CVE-2024-25168 (SQL injection vulnerability in snow snow v.2.0.0 allows a remote attac ...) NOT-FOR-US: snow snow CVE-2024-1848 (Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out ...) - TODO: check + NOT-FOR-US: Solidworks CVE-2024-1742 (Invocation of the sqlplus command with sensitive information in the co ...) - check-mk CVE-2024-0638 (Least privilege violation in the Checkmk agent plugins mk_oracle, mk_o ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02c63403e80a520e5ce9a530eb3606c86f762c0e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02c63403e80a520e5ce9a530eb3606c86f762c0e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60bd2da5 by Salvatore Bonaccorso at 2024-03-22T22:28:16+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,35 +1,35 @@ CVE-2024-2828 (A vulnerability, which was classified as critical, was found in lakern ...) - TODO: check + NOT-FOR-US: lakernote EasyAdmin CVE-2024-2827 (A vulnerability, which was classified as critical, has been found in l ...) - TODO: check + NOT-FOR-US: lakernote EasyAdmin CVE-2024-2826 (A vulnerability classified as problematic was found in lakernote EasyA ...) - TODO: check + NOT-FOR-US: lakernote EasyAdmin CVE-2024-2825 (A vulnerability classified as critical has been found in lakernote Eas ...) - TODO: check + NOT-FOR-US: lakernote EasyAdmin CVE-2024-2824 (A vulnerability was found in Matthias-Wandel jhead 3.08 and classified ...) TODO: check CVE-2024-2823 (A vulnerability has been found in DedeCMS 5.7 and classified as proble ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-2822 (A vulnerability, which was classified as problematic, was found in Ded ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-2821 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-2820 (A vulnerability classified as problematic was found in DedeCMS 5.7. Af ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-2728 (Information exposure vulnerability in the CIGESv2 system. This vulnera ...) - TODO: check + NOT-FOR-US: CIGESv2 system CVE-2024-2727 (HTML injection vulnerability affecting the CIGESv2 system, which allow ...) - TODO: check + NOT-FOR-US: CIGESv2 system CVE-2024-2726 (Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the C ...) - TODO: check + NOT-FOR-US: CIGESv2 system CVE-2024-2725 (Information exposure vulnerability in the CIGESv2 system. A remote att ...) - TODO: check + NOT-FOR-US: CIGESv2 system CVE-2024-2724 (SQL injection vulnerability in the CIGESv2 system, through/ajaxServici ...) - TODO: check + NOT-FOR-US: CIGESv2 system CVE-2024-2723 (SQL injection vulnerability in the CIGESv2 system, through/ajaxSubServ ...) - TODO: check + NOT-FOR-US: CIGESv2 system CVE-2024-2722 (SQL injection vulnerability in the CIGESv2 system, through/ajaxConfigT ...) - TODO: check + NOT-FOR-US: CIGESv2 system CVE-2024-2449 (A cross-site request forgery vulnerability has been identified in Load ...) TODO: check CVE-2024-2448 (An OS command injection vulnerability has been identified in LoadMaste ...) @@ -47,35 +47,35 @@ CVE-2024-29943 (An attacker was able to perform an out-of-bounds read or write o - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29943 CVE-2024-29865 (Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page ...) - TODO: check + NOT-FOR-US: Logpoint CVE-2024-29499 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...) - TODO: check + NOT-FOR-US: Anchor CMS CVE-2024-29385 (DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execu ...) - TODO: check + NOT-FOR-US: DIR-845L router CVE-2024-29366 (A command injection vulnerability exists in the cgibin binary in DIR-8 ...) - TODO: check + NOT-FOR-US: DIR-845L router CVE-2024-29338 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...) - TODO: check + NOT-FOR-US: Anchor CMS CVE-2024-29186 (Bref is an open-source project that helps users go serverless on Amazo ...) TODO: check CVE-2024-29185 (FreeScout is a self-hosted help desk and shared mailbox. Versions prio ...) - TODO: check + NOT-FOR-US: FreeScout CVE-2024-29184 (FreeScout is a self-hosted help desk and shared mailbox. A Stored Cros ...) - TODO: check + NOT-FOR-US: FreeScout CVE-2024-29042 (Translate is a package that allows users to convert text to different ...) TODO: check CVE-2024-28861 (Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a P ...) - TODO: check + NOT-FOR-US: Symfony1 (community fork of symfony 1.4 with some enhancements) CVE-2024-28824 (Least privilege violation and reliance on untrusted inputs in the mk_i ...) TODO: check CVE-2024-28593 (The Chat activity in Moodle 4.3.3 allows students to insert a potentia ...) TODO: check CVE-2024-28560 (SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows ...) - TODO: check + NOT-FOR-US: Niushop B2B2C CVE-2024-28559 (SQL injection vulnerability in Niushop B2B2C v.5.3.3 and
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b1be86f5 by Salvatore Bonaccorso at 2024-03-22T21:45:59+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -129558,17 +129558,17 @@ CVE-2022-32758 CVE-2022-32757 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequ ...) NOT-FOR-US: IBM CVE-2022-32756 (IBM Security Verify Directory 10.0.0 could allow a remote attacker to ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-32755 (IBM Security Directory Server 6.4.0 is vulnerable to an XML External E ...) NOT-FOR-US: IBM CVE-2022-32754 (IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scrip ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-32753 (IBM Security Verify Directory 10.0.0 uses weaker than expected cryptog ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-32752 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a r ...) NOT-FOR-US: IBM CVE-2022-32751 (IBM Security Verify Directory 10.0.0 could disclose sensitive server i ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-32750 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...) NOT-FOR-US: IBM CVE-2022-32749 (Improper Check for Unusual or Exceptional Conditions vulnerability han ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1be86f546db62555fcf918d66c58fb48c344dcb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1be86f546db62555fcf918d66c58fb48c344dcb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 186a0191 by Salvatore Bonaccorso at 2024-03-22T09:20:31+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -63,13 +63,13 @@ CVE-2024-2392 (The Blocksy Companion plugin for WordPress is vulnerable to Store CVE-2024-2080 (The LiquidPoll \u2013 Polls, Surveys, NPS and Feedback Reviews plugin ...) TODO: check CVE-2024-29275 (SQL injection vulnerability in SeaCMS version 12.9, allows remote unau ...) - TODO: check + NOT-FOR-US: SeaCMS CVE-2024-29273 (There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 ...) - TODO: check + NOT-FOR-US: dzzoffice CVE-2024-29272 (Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, a ...) - TODO: check + NOT-FOR-US: VvvebJs CVE-2024-29271 (Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before v ...) - TODO: check + NOT-FOR-US: VvvebJs CVE-2024-29031 (Meshery is an open source, cloud native manager that enables the desig ...) TODO: check CVE-2024-28891 (SQL injection vulnerability exists in the script Handler_CFG.ashx.) @@ -77,11 +77,11 @@ CVE-2024-28891 (SQL injection vulnerability exists in the script Handler_CFG.ash CVE-2024-28863 (node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no ...) TODO: check CVE-2024-28756 (The SolarEdge mySolarEdge application before 2.20.1 for Android has a ...) - TODO: check + NOT-FOR-US: SolarEdge mySolarEdge CVE-2024-28521 (SQL Injection vulnerability in Netcome NS-ASG Application Security Gat ...) - TODO: check + NOT-FOR-US: Netcome NS-ASG Application Security Gateway CVE-2024-28441 (File Upload vulnerability in magicflue v.7.0 and before allows a remot ...) - TODO: check + NOT-FOR-US: magicflue CVE-2024-28171 (It is possible to perform a path traversal attack and write outside of ...) TODO: check CVE-2024-28119 (Grav is an open-source, flat-file content management system. Prior to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/186a0191467cbbf3835ae1add26df26104859cb7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/186a0191467cbbf3835ae1add26df26104859cb7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ba397bab by Salvatore Bonaccorso at 2024-03-21T09:30:04+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,15 +1,15 @@ CVE-2024-2754 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Complete E-Commerce Site CVE-2024-2748 (A Cross Site Request Forgery vulnerability was identified in GitHub En ...) TODO: check CVE-2024-2720 (A vulnerability classified as problematic was found in Campcodes Compl ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2719 (A vulnerability classified as problematic has been found in Campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2718 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2717 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2469 (An attacker with an Administrator role in GitHub Enterprise Server cou ...) TODO: check CVE-2024-2443 (A command injection vulnerability was identified in GitHub Enterprise ...) @@ -19,33 +19,33 @@ CVE-2024-2162 (An OS Command Injection vulnerability in Kiloview NDI allows a lo CVE-2024-2161 (Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated ...) TODO: check CVE-2024-29864 (Distrobox before 1.7.0.1 allows attackers to execute arbitrary code vi ...) - TODO: check + NOT-FOR-US: Distrobox CVE-2024-29862 (The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4. ...) - TODO: check + NOT-FOR-US: Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder CVE-2024-29859 (In MISP before 2.4.187, add_misp_export in app/Controller/EventsContro ...) - TODO: check + NOT-FOR-US: MISP CVE-2024-29858 (In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsCo ...) - TODO: check + NOT-FOR-US: MISP CVE-2024-29474 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) - TODO: check + NOT-FOR-US: OneBlog CVE-2024-29473 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) - TODO: check + NOT-FOR-US: OneBlog CVE-2024-29472 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) - TODO: check + NOT-FOR-US: OneBlog CVE-2024-29471 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) - TODO: check + NOT-FOR-US: OneBlog CVE-2024-29470 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) - TODO: check + NOT-FOR-US: OneBlog CVE-2024-29469 (A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 al ...) - TODO: check + NOT-FOR-US: OneBlog CVE-2024-29037 (datahub-helm provides the Kubernetes Helm charts for deploying Datahub ...) TODO: check CVE-2024-29036 (Saleor Storefront is software for building e-commerce experiences. Pri ...) - TODO: check + NOT-FOR-US: Saleor Storefront CVE-2024-29033 (OAuthenticator provides plugins for JupyterHub to use common OAuth pro ...) TODO: check CVE-2024-29032 (Qiskit IBM Runtime is an environment that streamlines quantum computat ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-29026 (Owncast is an open source, self-hosted, decentralized, single user liv ...) TODO: check CVE-2024-29018 (Moby is an open source container framework that is a key component of ...) @@ -55,7 +55,7 @@ CVE-2024-28916 (Xbox Gaming Services Elevation of Privilege Vulnerability) CVE-2024-28835 (A flaw has been discovered in GnuTLS where an application crash can be ...) TODO: check CVE-2024-28635 (Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v. ...) - TODO: check + NOT-FOR-US: SurveyJS Survey Creator CVE-2024-25294 (An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sens ...) TODO: check CVE-2024-24050 (Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Jou ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba397babf77183ca211fd2ac7f084d9367a19b1b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba397babf77183ca211fd2ac7f084d9367a19b1b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 13912e40 by Salvatore Bonaccorso at 2024-03-20T21:46:21+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -43,11 +43,11 @@ CVE-2024-2684 (A vulnerability, which was classified as problematic, has been fo CVE-2024-2683 (A vulnerability classified as problematic was found in Campcodes Onlin ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2291 (In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.1 ...) - TODO: check + NOT-FOR-US: Progress MOVEit Transfer CVE-2024-29419 (There is a Cross-site scripting (XSS) vulnerability in the Wireless se ...) NOT-FOR-US: TOTOLINK CVE-2024-28868 (Umbraco is an ASP.NET content management system. Umbraco 10 prior to 1 ...) - TODO: check + NOT-FOR-US: Umbraco CVE-2024-28735 (An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 ...) NOT-FOR-US: Unit4 Financials by Coda CVE-2024-28396 (An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a r ...) @@ -63,55 +63,55 @@ CVE-2024-28231 (eprosima Fast DDS is a C++ implementation of the Data Distributi NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w NOTE: https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b (v2.14.0) CVE-2024-28179 (Jupyter Server Proxy allows users to run arbitrary external processes ...) - TODO: check + NOT-FOR-US: Jupyter Server Proxy CVE-2024-27286 (Zulip is an open-source team collaboration. When a user moves a Zulip ...) - TODO: check + NOT-FOR-US: Zulip CVE-2024-27105 (Frappe is a full-stack web application framework. Prior to versions 14 ...) NOT-FOR-US: Frappe Framework CVE-2024-24813 (Frappe is a full-stack web application framework. Prior to versions 14 ...) NOT-FOR-US: Frappe Framework CVE-2024-23821 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23819 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23818 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23721 (A Directory Traversal issue was discovered in process_post on Draytek ...) - TODO: check + NOT-FOR-US: Draytek Vigor3910 devices CVE-2024-23643 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23642 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23640 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23634 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-1992 REJECTED CVE-2024-1856 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q1 (18.0. ...) - TODO: check + NOT-FOR-US: Progress Telerik Reporting CVE-2024-1811 (A potential vulnerability has been identified in OpenText ArcSight Pla ...) - TODO: check + NOT-FOR-US: OpenText CVE-2024-1801 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q1 (18.0. ...) - TODO: check + NOT-FOR-US: Progress Telerik Reporting CVE-2024-1800 (In Progress\xae Telerik\xae Report Server versions prior to 2024 Q1 (1 ...) - TODO: check + NOT-FOR-US: Progress Telerik Reporting CVE-2023-52229 (Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51445 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2023-51444 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2023-50967 (latchset jose through version 11 allows attackers to cause a denial of ...) TODO: check CVE-2023-45177 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-41877 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2023-41038 (Firebird is a relational database. Versions 4.0.0 through 4.0.3 and ve ...) TODO: check CVE-2023-35888 (IBM Security Verify Governance 10.0.2 could allow a remote attacker to ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a1bad7b by Salvatore Bonaccorso at 2024-03-20T21:30:30+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,63 +1,63 @@ CVE-2024-2721 (Deserialization of Untrusted Data vulnerability in Social Media Share ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2716 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2715 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2714 (A vulnerability has been found in Campcodes Complete Online DJ Booking ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2713 (A vulnerability, which was classified as critical, was found in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2712 (A vulnerability, which was classified as critical, has been found in C ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2711 (A vulnerability was found in Tenda AC10U 15.03.06.48. It has been rate ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2710 (A vulnerability was found in Tenda AC10U 15.03.06.49. It has been decl ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2709 (A vulnerability was found in Tenda AC10U 15.03.06.49. It has been clas ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2708 (A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2707 (A vulnerability has been found in Tenda AC10U 15.03.06.49 and classifi ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2706 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2705 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2704 (A vulnerability classified as critical was found in Tenda AC10U 15.03. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2703 (A vulnerability classified as critical has been found in Tenda AC10U 1 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2702 (Missing Authorization vulnerability in Olive Themes Olive One Click De ...) - TODO: check + NOT-FOR-US: Olive Themes Olive One Click Demo Import CVE-2024-2690 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...) - TODO: check + NOT-FOR-US: SourceCodester Online Discussion Forum Site CVE-2024-2687 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2686 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2685 (A vulnerability, which was classified as problematic, was found in Cam ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2684 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2683 (A vulnerability classified as problematic was found in Campcodes Onlin ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2291 (In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.1 ...) TODO: check CVE-2024-29419 (There is a Cross-site scripting (XSS) vulnerability in the Wireless se ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-28868 (Umbraco is an ASP.NET content management system. Umbraco 10 prior to 1 ...) TODO: check CVE-2024-28735 (An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 ...) - TODO: check + NOT-FOR-US: Unit4 Financials by Coda CVE-2024-28396 (An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a r ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-28395 (SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and befo ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-28392 (SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and befor ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-28286 (In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was de ...) - TODO: check + NOT-FOR-US: libIEC61850 CVE-2024-28231 (eprosima Fast DDS is a
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5f7ea1ba by Salvatore Bonaccorso at 2024-03-20T14:49:07+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -85,15 +85,15 @@ CVE-2024-2387 (The Advanced Form Integration \u2013 Connect WooCommerce and Cont CVE-2024-2384 (The WooCommerce POS plugin for WordPress is vulnerable to information ...) NOT-FOR-US: WordPress plugin CVE-2024-2304 (The Animated Headline plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2255 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2197 (Chirp Access improperly stores credentials within its source code, pot ...) - TODO: check + NOT-FOR-US: Chirp Access CVE-2024-2129 (The WPBITS Addons For Elementor Page Builder plugin for WordPress is v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2124 (The Translate WordPress and go Multilingual \u2013 Weglot plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28715 (Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows ...) NOT-FOR-US: DOraCMS CVE-2024-28584 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7ea1bacac85fc83c0d279e5027e2f2a96f904b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7ea1bacac85fc83c0d279e5027e2f2a96f904b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a4eeebb3 by Salvatore Bonaccorso at 2024-03-18T21:36:53+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,45 +1,45 @@ CVE-2024-2599 (File upload restriction evasion vulnerability in AMSS++ version 4.31. ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2598 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2597 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2596 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2595 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2594 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2593 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2592 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2591 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2590 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2589 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2588 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2587 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2586 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2585 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2584 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2390 (As a part of Tenable\u2019s vulnerability disclosure program, a vulner ...) - TODO: check + NOT-FOR-US: Tenable CVE-2024-2229 (CWE-502: Deserialization of Untrusted Data vulnerability exists that c ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2024-2052 (CWE-552: Files or Directories Accessible to External Parties vulnerabi ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2024-2051 (CWE-307: Improper Restriction of Excessive Authentication Attempts vul ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2024-2050 (CWE-79: Improper Neutralization of Input During Web Page Generation (\ ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2024-28550 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the file ...) NOT-FOR-US: Tenda CVE-2024-28547 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the fire ...) @@ -74,7 +74,7 @@ CVE-2024-27769 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 CVE-2024-27768 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE- ...) NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27767 (CWE-287: Improper Authentication may allow Authentication Bypass) - TODO: check + NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27104 (GLPI is a Free Asset and IT Management Software package, Data center m ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-prc3-cx5m-h5mj @@ -172,89 +172,89 @@ CVE-2024-26030 (Adobe Experience Manager versions 6.5.19 and earlier are affecte CVE-2024-26028 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-25657 (An open redirect in the Login/Logout functionality of web management i ...) - TODO: check + NOT-FOR-US: AVSystem Unified Management Platform (UMP) CVE-2024-25656 (Improper input validation in AVSystem Unified Management Platform (UMP ...) - TODO: check + NOT-FOR-US: AVSystem Unified Management Platform (UMP) CVE-2024-25655 (Insecure storage of LDAP passwords in the authentication functionality ...) - TODO: check + NOT-FOR-US: AVSystem Unified Management Platform (UMP) CVE-2024-25654 (Insecure permissions for log files of AVSystem Unified Management Plat
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 835750ea by Salvatore Bonaccorso at 2024-03-18T21:26:48+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -41,13 +41,13 @@ CVE-2024-2051 (CWE-307: Improper Restriction of Excessive Authentication Attempt CVE-2024-2050 (CWE-79: Improper Neutralization of Input During Web Page Generation (\ ...) TODO: check CVE-2024-28550 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the file ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-28547 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the fire ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-28537 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-28039 (Improper restriction of XML external entity references vulnerability e ...) - TODO: check + NOT-FOR-US: FitNesse CVE-2024-27937 (GLPI is a Free Asset and IT Management Software package, Data center m ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-98qw-hpg3-2hpj @@ -60,19 +60,19 @@ CVE-2024-27914 (GLPI is a Free Asset and IT Management Software package, Data ce NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-rcxj-fqr4-q34r NOTE: https://github.com/glpi-project/glpi/commit/69e0dee8de0c0df139b42dbfa1a8997888c2af95 CVE-2024-27774 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...) - TODO: check + NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27773 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...) - TODO: check + NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27772 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...) - TODO: check + NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27771 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...) - TODO: check + NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27770 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CW ...) - TODO: check + NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27769 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CW ...) - TODO: check + NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27768 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE- ...) - TODO: check + NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27767 (CWE-287: Improper Authentication may allow Authentication Bypass) TODO: check CVE-2024-27104 (GLPI is a Free Asset and IT Management Software package, Data center m ...) @@ -88,89 +88,89 @@ CVE-2024-27096 (GLPI is a Free Asset and IT Management Software package, Data ce NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-2x8m-vrcm-2jqv NOTE: https://github.com/glpi-project/glpi/commit/61a0c2302b4f633f5065358adc36058e1abc37f9 CVE-2024-26125 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26124 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26120 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26119 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26118 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26107 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26106 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26105 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26104 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26103 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26102 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26101 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-26096 (Adobe Experience Manager versions 6.5.19 and earlier
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6003cffe by Salvatore Bonaccorso at 2024-03-17T21:18:41+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,41 +1,41 @@
CVE-2024-2566 (A vulnerability was found in Fujian Kelixin Communication
Command and ...)
- TODO: check
+ NOT-FOR-US: Fujian Kelixin Communication Command and Dispatch Platform
CVE-2024-2565 (A vulnerability was found in PandaXGO PandaX up to 20240310. It
has be ...)
- TODO: check
+ NOT-FOR-US: PandaXGO PandaX
CVE-2024-2564 (A vulnerability was found in PandaXGO PandaX up to 20240310 and
classi ...)
- TODO: check
+ NOT-FOR-US: PandaXGO PandaX
CVE-2024-2563 (A vulnerability has been found in PandaXGO PandaX up to
20240310 and c ...)
- TODO: check
+ NOT-FOR-US: PandaXGO PandaX
CVE-2024-2562 (A vulnerability, which was classified as critical, was found in
PandaX ...)
- TODO: check
+ NOT-FOR-US: PandaXGO PandaX
CVE-2024-2561 (A vulnerability, which was classified as critical, has been
found in 7 ...)
- TODO: check
+ NOT-FOR-US: 74CMS
CVE-2024-2560 (A vulnerability classified as problematic was found in Tenda
AC18 15.0 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2559 (A vulnerability classified as problematic has been found in
Tenda AC18 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2558 (A vulnerability was found in Tenda AC18 15.03.05.05. It has
been rated ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2557 (A vulnerability was found in kishor-23 Food Waste Management
System 1. ...)
- TODO: check
+ NOT-FOR-US: kishor-23 Food Waste Management System
CVE-2024-27961 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27960 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27959 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27958 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27957 (Unrestricted Upload of File with Dangerous Type vulnerability
in Pie R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25933 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25903 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25591 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24867 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2556 (A vulnerability was found in SourceCodester Employee Task
Management S ...)
NOT-FOR-US: SourceCodester Employee Task Management System
CVE-2024-2555 (A vulnerability was found in SourceCodester Employee Task
Management S ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6003cffe7d7b9152532c9834d8c0b309297fa9fb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6003cffe7d7b9152532c9834d8c0b309297fa9fb
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e5dc6b16 by Salvatore Bonaccorso at 2024-03-17T09:18:52+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,27 +1,27 @@ CVE-2024-2556 (A vulnerability was found in SourceCodester Employee Task Management S ...) - TODO: check + NOT-FOR-US: SourceCodester Employee Task Management System CVE-2024-2555 (A vulnerability was found in SourceCodester Employee Task Management S ...) - TODO: check + NOT-FOR-US: SourceCodester Employee Task Management System CVE-2024-2554 (A vulnerability has been found in SourceCodester Employee Task Managem ...) - TODO: check + NOT-FOR-US: SourceCodester Employee Task Management System CVE-2024-2553 (A vulnerability, which was classified as problematic, was found in Sou ...) - TODO: check + NOT-FOR-US: SourceCodester Product Review Rating System CVE-2024-2547 (A vulnerability was found in Tenda AC18 15.03.05.05 and classified as ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2546 (A vulnerability has been found in Tenda AC18 15.13.07.09 and classifie ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2535 (A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2534 (A vulnerability, which was classified as critical, was found in MAGESH ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2533 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2532 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2531 (A vulnerability classified as critical has been found in MAGESH-K21 On ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2530 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2529 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2528 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5dc6b16b51dbab49fd588822b4f5d2fe0be4312 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5dc6b16b51dbab49fd588822b4f5d2fe0be4312 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5ca1e271 by Salvatore Bonaccorso at 2024-03-16T09:23:36+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2024-2514 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...) - TODO: check + NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2308 (The ElementInvader Addons for Elementor plugin for WordPress is vulner ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2294 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2042 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28862 (The Ruby One Time Password library (ROTP) is an open source library fo ...) - ruby-rotp NOTE: https://github.com/mdp/rotp/security/advisories/GHSA-x2h8-qmj4-g62f @@ -13,59 +13,59 @@ CVE-2024-28862 (The Ruby One Time Password library (ROTP) is an open source libr CVE-2024-28859 (Symfony1 is a community fork of symfony 1.4 with DIC, form enhancement ...) TODO: check CVE-2024-28640 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...) - TODO: check + NOT-FOR-US: TOTOLink CVE-2024-28639 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...) - TODO: check + NOT-FOR-US: TOTOLink CVE-2024-28070 (A vulnerability in the legacy chat component of Mitel MiContact Center ...) - TODO: check + NOT-FOR-US: Mitel CVE-2024-28069 (A vulnerability in the legacy chat component of Mitel MiContact Center ...) - TODO: check + NOT-FOR-US: Mitel CVE-2024-27197 (Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27195 (Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Waterm ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27194 (Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Font ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24845 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24156 (Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github ...) - TODO: check + NOT-FOR-US: Gnuboard CVE-2024-23523 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-23298 (A logic issue was addressed with improved state management.) - TODO: check + NOT-FOR-US: Apple CVE-2024-22513 (djangorestframework-simplejwt version 5.3.1 and before is vulnerable t ...) TODO: check CVE-2024-22259 (Applications that use UriComponentsBuilder in Spring Frameworkto parse ...) TODO: check CVE-2024-1733 (The Word Replacer Pro plugin for WordPress is vulnerable to unauthoriz ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1685 (The Social Media Share Buttons plugin for WordPress is vulnerable to P ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1239 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6525 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51521 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51512 (Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table b ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51510 (Cross-Site Request Forgery (CSRF) vulnerability in Atlas Gondal Export ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51491 (Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Sli ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51489 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51487 (Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51486 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51474 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu TerraClass ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 83db5455 by Salvatore Bonaccorso at 2024-03-15T22:14:55+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -116,7 +116,7 @@ CVE-2024-2446 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3. CVE-2024-2445 (Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x ...) - mattermost-server (bug #823556) CVE-2024-28854 (tls-listener is a rust lang wrapper around a connection listener to su ...) - TODO: check + NOT-FOR-US: tls-listener CVE-2024-28851 (The Snowflake Hive metastore connector provides an easy way to query H ...) NOT-FOR-US: Snowflake Hive metastore connector CVE-2024-28848 (OpenMetadata is a unified platform for discovery, observability, and g ...) @@ -192,23 +192,23 @@ CVE-2023-7248 (Certain functionality in OpenText Vertica Management console migh CVE-2023-7060 (Zephyr OS IP packet handling does not properly drop IP packets arrivin ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-7017 (Sciener locks' firmware update mechanism do not authenticate or valida ...) - TODO: check + NOT-FOR-US: Sciener locks' firmware CVE-2023-7009 (Some Sciener-based locks support plaintext message processing over Blu ...) - TODO: check + NOT-FOR-US: Sciener-based locks CVE-2023-7007 (Sciener server does not validate connection requests from the GatewayG ...) - TODO: check + NOT-FOR-US: Sciener server CVE-2023-7006 (The unlockKey character in a lock using Sciener firmware can be brute ...) - TODO: check + NOT-FOR-US: Sciener firmware CVE-2023-7004 (The TTLock App does not employ proper verification procedures to ensur ...) - TODO: check + NOT-FOR-US: TTLock App CVE-2023-7003 (The AES key utilized in the pairing process between a lock using Scien ...) - TODO: check + NOT-FOR-US: Sciener firmware CVE-2023-6960 (TTLock App virtual keys and settings are only deleted client side, and ...) - TODO: check + NOT-FOR-US: TTLock App CVE-2023-6725 (An access-control flaw was found in the OpenStack Designate component ...) TODO: check CVE-2023-51699 (Fluid is an open source Kubernetes-native Distributed Dataset Orchestr ...) - TODO: check + NOT-FOR-US: Fluid CVE-2023-51525 (Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg ...) NOT-FOR-US: WordPress plugin CVE-2023-51522 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Mem ...) @@ -299,7 +299,7 @@ CVE-2024-1795 (The HUSKY \u2013 Products Filter for WooCommerce Professional plu CVE-2024-1713 (A user who can create objects in a database with plv8 3.2.1 installed ...) TODO: check CVE-2024-0860 (The affected product is vulnerable to a cleartext transmission of sens ...) - TODO: check + NOT-FOR-US: Softing CVE-2024-0803 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) NOT-FOR-US: Mitsubishi CVE-2024-0802 (Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corpora ...) @@ -307,7 +307,7 @@ CVE-2024-0802 (Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Co CVE-2023-50677 (An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attac ...) NOT-FOR-US: NETGEAR CVE-2023-42286 (There is a PHP file inclusion vulnerability in the template configurat ...) - TODO: check + NOT-FOR-US: eyoucms CVE-2024-28054 - amavisd-new 1:2.13.0-5 [bookworm] - amavisd-new (Minor issue; will be fixed via point release) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83db5455f2305449b7fd0817332ba7f29dd38b83 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83db5455f2305449b7fd0817332ba7f29dd38b83 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3cc6066e by Salvatore Bonaccorso at 2024-03-15T21:35:37+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,17 +1,17 @@
CVE-2024-2537 (Improper Control of Dynamically-Managed Code Resources
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Logitech Logi Tune
CVE-2024-2497 (A vulnerability was found in RaspAP raspap-webgui 3.0.9 and
classified ...)
- TODO: check
+ NOT-FOR-US: RaspAP raspap-webgui
CVE-2024-2495 (Cryptographic key vulnerability encoded in the FriendlyWrt
firmware af ...)
- TODO: check
+ NOT-FOR-US: riendlyWrt firmware
CVE-2024-2490 (A vulnerability classified as critical was found in Tenda AC18
15.03.0 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2489 (A vulnerability classified as critical has been found in Tenda
AC18 15 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2488 (A vulnerability was found in Tenda AC18 15.03.05.05. It has
been rated ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2487 (A vulnerability was found in Tenda AC18 15.03.05.05. It has
been decla ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2450 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6,
9.3.x bef ...)
TODO: check
CVE-2024-2446 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6,
9.3.x bef ...)
@@ -23,77 +23,77 @@ CVE-2024-28854 (tls-listener is a rust lang wrapper around
a connection listener
CVE-2024-28851 (The Snowflake Hive metastore connector provides an easy way to
query H ...)
TODO: check
CVE-2024-28848 (OpenMetadata is a unified platform for discovery,
observability, and g ...)
- TODO: check
+ NOT-FOR-US: OpenMetadata
CVE-2024-28847 (OpenMetadata is a unified platform for discovery,
observability, and g ...)
- TODO: check
+ NOT-FOR-US: OpenMetadata
CVE-2024-28404 (TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored
Cross-s ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-28403 (TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to
Cross Si ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-28401 (TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store
Cross-si ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-28319 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to
contain an out ...)
TODO: check
CVE-2024-28318 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to
contain a out ...)
TODO: check
CVE-2024-28255 (OpenMetadata is a unified platform for discovery,
observability, and g ...)
- TODO: check
+ NOT-FOR-US: OpenMetadata
CVE-2024-28254 (OpenMetadata is a unified platform for discovery,
observability, and g ...)
- TODO: check
+ NOT-FOR-US: OpenMetadata
CVE-2024-28253 (OpenMetadata is a unified platform for discovery,
observability, and g ...)
- TODO: check
+ NOT-FOR-US: OpenMetadata
CVE-2024-28252 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
- TODO: check
+ NOT-FOR-US: CoreWCF
CVE-2024-28242 (Discourse is an open source platform for community discussion.
In affe ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-28053 (Resource Exhaustion in Mattermost Server versions 8.1.x before
8.1.10 ...)
TODO: check
CVE-2024-27987 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27920 (projectdiscovery/nuclei is a fast and customisable
vulnerability scann ...)
- TODO: check
+ NOT-FOR-US: projectdiscovery/nuclei
CVE-2024-27196 (Cross Site Scripting (XSS) vulnerability in Joel Starnes
postMash \u20 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27193 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27192 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27189 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27100 (Discourse is an open source platform for community discussion.
In affe ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-27085 (Discourse is an open source platform for community discussion.
In affe ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-25936 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25934 (Improper Neutralization of Input During Web Page
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61072614 by Salvatore Bonaccorso at 2024-03-15T21:24:05+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -125,17 +125,17 @@ CVE-2023-50886 (Cross-Site Request Forgery (CSRF), Incorrect Authorization vulne CVE-2023-50861 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY \u ...) TODO: check CVE-2023-47699 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-47162 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-47147 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to o ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-46182 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-46181 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be store ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-46179 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attr ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-2486 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been class ...) NOT-FOR-US: Tenda CVE-2024-2485 (A vulnerability was found in Tenda AC18 15.03.05.05 and classified as ...) @@ -184782,7 +184782,7 @@ CVE-2021-38940 CVE-2021-38939 (IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive informa ...) NOT-FOR-US: IBM CVE-2021-38938 (IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authent ...) NOT-FOR-US: IBM CVE-2021-38936 (IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitive info ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6107261485e563d9a1636190327ebcaea6511e17 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6107261485e563d9a1636190327ebcaea6511e17 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 98d2fe5d by Salvatore Bonaccorso at 2024-03-15T14:21:19+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,71 +1,71 @@ CVE-2024-2486 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been class ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2485 (A vulnerability was found in Tenda AC18 15.03.05.05 and classified as ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2483 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Surya2Developer Hostel Management Service CVE-2024-2482 (A vulnerability has been found in Surya2Developer Hostel Management Se ...) - TODO: check + NOT-FOR-US: Surya2Developer Hostel Management Service CVE-2024-2481 (A vulnerability, which was classified as critical, was found in Surya2 ...) - TODO: check + NOT-FOR-US: Surya2Developer Hostel Management Service CVE-2024-2480 (A vulnerability classified as critical was found in MHA Sistemas arMHA ...) - TODO: check + NOT-FOR-US: MHA Sistemas arMHAzena CVE-2024-2479 (A vulnerability classified as problematic has been found in MHA Sistem ...) - TODO: check + NOT-FOR-US: MHA Sistemas arMHAzena CVE-2024-2478 (A vulnerability was found in BradWenqiang HR 2.0. It has been rated as ...) - TODO: check + NOT-FOR-US: BradWenqiang HR CVE-2024-2399 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2256 (The oik plugin for WordPress is vulnerable to Stored Cross-Site Script ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2249 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2204 (Zemana AntiLogger v2.74.204.664 is vulnerable to a Denial of Service ( ...) - TODO: check + NOT-FOR-US: Zemana AntiLogger CVE-2024-2180 (Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information ...) - TODO: check + NOT-FOR-US: Zemana AntiLogger CVE-2024-28354 (There is a command injection vulnerability in the TRENDnet TEW-827DRU ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2024-28353 (There is a command injection vulnerability in the TRENDnet TEW-827DRU ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2024-27756 (An issue in GLPI v.10.0.12 and before allows a remote attacker to exec ...) TODO: check CVE-2024-26540 (A heap-based buffer overflow in Clmg before 3.3.3 can occur via a craf ...) TODO: check CVE-2024-26503 (Unrestricted File Upload vulnerability in Greek Universities Network O ...) - TODO: check + NOT-FOR-US: Greek Universities Network Open eClass CVE-2024-26475 (An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5 ...) TODO: check CVE-2024-26454 (A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7 ...) - TODO: check + NOT-FOR-US: Healthcare-Chatbot CVE-2024-26246 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26163 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-25227 (SQL Injection vulnerability in ABO.CMS version 5.8, allows remote atta ...) - TODO: check + NOT-FOR-US: ABO.CMS CVE-2024-1917 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2024-1916 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2024-1915 (Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corpora ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2024-1853 (Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process ...) - TODO: check + NOT-FOR-US: Zemana AntiLogger CVE-2024-1796 (The HUSKY \u2013 Products Filter for WooCommerce Professional plugin f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1795 (The HUSKY \u2013 Products Filter for WooCommerce Professional plugin f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1713 (A user who can create objects in a database with plv8 3.2.1 installed ...) TODO: check CVE-2024-0860 (The affected product is vulnerable to a cleartext transmission of sens ...) TODO: check CVE-2024-0803 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) - TODO: check + NOT-FOR-US: Mitsubishi
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
347e85f0 by Salvatore Bonaccorso at 2024-03-14T09:44:00+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,81 +1,81 @@
CVE-2024-2242 (The Contact Form 7 plugin for WordPress is vulnerable to
Reflected Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2079 (The WPBakery Page Builder Addons by Livemesh plugin for
WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-28662 (A Cross Site Scripting vulnerability exists in Piwigo before
14.3.0 sc ...)
- piwigo
CVE-2024-28391 (SQL injection vulnerability in FME Modules quickproducttable
module fo ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-28390 (An issue in Advanced Plugins ultimateimagetool module for
PrestaShop b ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-28388 (SQL injection vulnerability in SunnyToo stproductcomments
module for P ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-28251 (Querybook is a Big Data Querying UI, combining collocated
table metada ...)
- TODO: check
+ NOT-FOR-US: Querybook
CVE-2024-28193 (your_spotify is an open source, self hosted Spotify tracking
dashboard ...)
- TODO: check
+ NOT-FOR-US: your_spotify
CVE-2024-28192 (your_spotify is an open source, self hosted Spotify tracking
dashboard ...)
- TODO: check
+ NOT-FOR-US: your_spotify
CVE-2024-28175 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2024-27703 (Cross Site Scripting vulnerability in Leantime 3.0.6 allows a
remote a ...)
- TODO: check
+ NOT-FOR-US: Leantime
CVE-2024-27102 (Wings is the server control plane for Pterodactyl Panel. This
vulnerab ...)
TODO: check
CVE-2024-27097 (A user endpoint didn't perform filtering on an incoming
parameter, whi ...)
TODO: check
CVE-2024-25653 (Broken Access Control in the Report functionality of Delinea
PAM Secre ...)
- TODO: check
+ NOT-FOR-US: Delinea PAM Secret Server
CVE-2024-25652 (In Delinea PAM Secret Server 11.4, it is possible for a user
(with acc ...)
- TODO: check
+ NOT-FOR-US: Delinea PAM Secret Server
CVE-2024-25651 (User enumeration can occur in the Authentication REST API in
Delinea P ...)
- TODO: check
+ NOT-FOR-US: Delinea PAM Secret Server
CVE-2024-25650 (Insecure key exchange between Delinea PAM Secret Server 11.4
and the D ...)
- TODO: check
+ NOT-FOR-US: Delinea PAM Secret Server
CVE-2024-25649 (In Delinea PAM Secret Server 11.4, it is possible for an
attacker (wit ...)
- TODO: check
+ NOT-FOR-US: Delinea PAM Secret Server
CVE-2024-25250 (SQL Injection vulnerability in code-projects Agro-School
Management Sy ...)
- TODO: check
+ NOT-FOR-US: code-projects Agro-School Management System
CVE-2024-25228 (Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to
Authentic ...)
- TODO: check
+ NOT-FOR-US: Vinchin Backup and Recovery
CVE-2024-24105 (SQL Injection vulnerability in Code-projects Computer Science
Time Tab ...)
- TODO: check
+ NOT-FOR-US: Code-projects Computer Science Time Table System
CVE-2024-22398 (An improper Limitation of a Pathname to a Restricted Directory
(Path T ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-22397 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-22396 (An Integer-based buffer overflow vulnerability in the SonicOS
via IPSe ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-22167 (A potential DLL hijacking vulnerability in the SanDisk
PrivateAccess a ...)
- TODO: check
+ NOT-FOR-US: WesternDigital
CVE-2024-1884 (This is a Server-Side Request Forgery (SSRF) vulnerability in
the Pape ...)
- TODO: check
+ NOT-FOR-US: Papercut
CVE-2024-1883 (This is a reflected cross site scripting vulnerability in the
PaperCut ...)
- TODO: check
+ NOT-FOR-US: Papercut
CVE-2024-1882 (This vulnerability allows an already authenticated admin user
to creat ...)
- TODO: check
+ NOT-FOR-US: Papercut
CVE-2024-1654 (This vulnerability potentially allows unauthorized write
operations wh ...)
- TODO: check
+ NOT-FOR-US: Papercut
CVE-2024-1223 (This vulnerability potentially allows unauthorized enumeration
of info ...)
- TODO: check
+ NOT-FOR-US: Papercut
CVE-2024-1222 (This allows attackers to use a maliciously formed API request
to gain ...)
- TODO: check
+ NOT-FOR-US: Papercut
CVE-2024-1221 (This vulnerability potentially allows files on a
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8587b959 by Salvatore Bonaccorso at 2024-03-13T22:00:44+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,53 +1,53 @@ CVE-2024-2433 (An improper authorization vulnerability in Palo Alto Networks Panorama ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-2432 (A privilege escalation (PE) vulnerability in the Palo Alto Networks Gl ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-2431 (An issue in the Palo Alto Networks GlobalProtect app enables a non-pri ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-2418 (A vulnerability was found in SourceCodester Best POS Management System ...) - TODO: check + NOT-FOR-US: SourceCodester Best POS Management System CVE-2024-2416 (Cross-Site Request Forgery vulnerability in Movistar's 4G router affec ...) - TODO: check + NOT-FOR-US: Movistar CVE-2024-2415 (Command injection vulnerability in Movistar 4G router affecting versio ...) - TODO: check + NOT-FOR-US: Movistar CVE-2024-2414 (The primary channel is unprotected on Movistar 4G router affecting E v ...) - TODO: check + NOT-FOR-US: Movistar CVE-2024-2403 (Improper cleanup in temporary file handling component in Devolutions R ...) - TODO: check + NOT-FOR-US: Devolutions CVE-2024-2293 (The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2286 (The Sky Addons for Elementor (Free Templates Library, Live Copy, Anima ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2252 (The Droit Elementor Addons \u2013 Widgets, Blocks, Templates Library F ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2247 (JFrog Artifactory versions below 7.77.7, are vulnerable to DOM-based c ...) - TODO: check + NOT-FOR-US: JFrog Artifactory CVE-2024-2239 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2238 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2237 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2194 (The WP Statistics plugin for WordPress is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2172 (The Malware Scanner plugin and the Web Application Firewall plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2126 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2123 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2106 (The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Edu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2030 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2028 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2020 (The Calculated Fields Form plugin for WordPress is vulnerable to Store ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2006 (The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Guten ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2000 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28683 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) @@ -95,15 +95,15 @@ CVE-2024-28430 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forg CVE-2024-28429 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28196 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) - TODO: check + NOT-FOR-US: your_spotify CVE-2024-28195 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) - TODO: check + NOT-FOR-US: your_spotify CVE-2024-28194 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) - TODO: check + NOT-FOR-US: your_spotify
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b753d1cd by Salvatore Bonaccorso at 2024-03-13T21:28:47+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49,51 +49,51 @@ CVE-2024-2006 (The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, CVE-2024-2000 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) TODO: check CVE-2024-28684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28683 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28682 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28681 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28680 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28679 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28678 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28677 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28676 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28675 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28673 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28672 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28671 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28670 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28669 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28668 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28667 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28666 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28665 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28432 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28431 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28430 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28429 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28196 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) TODO: check CVE-2024-28195 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b753d1cd271f15ad5e874d1326e8998efc9d05a1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b753d1cd271f15ad5e874d1326e8998efc9d05a1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7aa5b794 by Salvatore Bonaccorso at 2024-03-13T21:19:36+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -377,11 +377,11 @@ CVE-2023-52608 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/437a310b22244d4e0b78665c3042e5d1c0f45306 (6.8-rc2) CVE-2023-43043 (IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 cou ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-38723 (IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-sit ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-32335 (IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Managemen ...) - TODO: check + NOT-FOR-US: IBM CVE-2018-25090 (An unauthenticated remote attacker can use an XSS attack due to improp ...) TODO: check CVE-2015-10123 (An unautheticated remote attacker could send specifically crafted pack ...) @@ -60021,7 +60021,7 @@ CVE-2023-28519 CVE-2023-28518 RESERVED CVE-2023-28517 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vul ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-28516 RESERVED CVE-2023-28515 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7aa5b7941189ea6eca48b16bfd0fe48ee3d5a153 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7aa5b7941189ea6eca48b16bfd0fe48ee3d5a153 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 67f37536 by Salvatore Bonaccorso at 2024-03-13T10:52:42+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,7 +11,7 @@ CVE-2024-2400 (Use after free in Performance Manager in Google Chrome prior to 1 CVE-2024-2395 (The Bulgarisation for WooCommerce plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-2107 (The Blossom Spa theme for WordPress is vulnerable to Sensitive Informa ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-28623 (RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: RiteCMS CVE-2024-28239 (Directus is a real-time API and App dashboard for managing SQL databas ...) @@ -27,7 +27,7 @@ CVE-2024-27305 (aiosmtpd is a reimplementation of the Python stdlib smtpd.py bas NOTE: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65 NOTE: https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb (1.4.5) CVE-2024-26529 (An issue in mz-automation libiec61850 v.1.5.3 and before, allows a rem ...) - TODO: check + NOT-FOR-US: libIEC61850 CVE-2024-24101 (Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Inject ...) NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-24097 (Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tra ...) @@ -37,47 +37,47 @@ CVE-2024-24093 (SQL Injection vulnerability in Code-projects Scholars Tracking S CVE-2024-24092 (SQL Injection vulnerability in Code-projects.org Scholars Tracking Sys ...) NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-23300 (A use-after-free issue was addressed with improved memory management. ...) - TODO: check + NOT-FOR-US: GarageBand CVE-2024-1582 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1503 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1502 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1450 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1421 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1397 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1326 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1278 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1214 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1213 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0966 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0386 (The weForms plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7072 (The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6500 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4839 (The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Script ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-43292 (Cross Site Scripting vulnerability in My Food Recipe Using PHP with So ...) - TODO: check + NOT-FOR-US: My Food Recipe Using PHP with Source Code CVE-2023-43279 (Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcprepla ...) TODO: check CVE-2023-42308 (Cross Site Scripting (XSS) vulnerability in Manage Fastrack Subjects i ...) - TODO: check + NOT-FOR-US: Code-Projects Exam Form Submission CVE-2023-42307 (Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Su ...) - TODO: check + NOT-FOR-US: Code-Projects Exam Form Submission CVE-2015-10130 (The Team Circle Image Slider With Lightbox plugin for WordPress is vul ...) -
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84074748 by Salvatore Bonaccorso at 2024-03-13T09:30:45+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,39 +1,39 @@ CVE-2024-2413 (Intumit SmartRobot uses a fixed encryption key for authentication. Rem ...) - TODO: check + NOT-FOR-US: Intumit SmartRobot CVE-2024-2412 (The disabling function of the user registration page for Heimavista Rp ...) - TODO: check + NOT-FOR-US: Heimavista Rpage and Epage CVE-2024-2406 (A vulnerability, which was classified as critical, was found in Gacjie ...) - TODO: check + NOT-FOR-US: Gacjie Server CVE-2024-2400 (Use after free in Performance Manager in Google Chrome prior to 122.0. ...) - chromium 122.0.6261.128-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-2395 (The Bulgarisation for WooCommerce plugin for WordPress is vulnerable t ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2107 (The Blossom Spa theme for WordPress is vulnerable to Sensitive Informa ...) TODO: check CVE-2024-28623 (RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) ...) - TODO: check + NOT-FOR-US: RiteCMS CVE-2024-28239 (Directus is a real-time API and App dashboard for managing SQL databas ...) - TODO: check + NOT-FOR-US: Directus CVE-2024-28238 (Directus is a real-time API and App dashboard for managing SQL databas ...) - TODO: check + NOT-FOR-US: Directus CVE-2024-28236 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...) TODO: check CVE-2024-27440 (The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyok ...) - TODO: check + NOT-FOR-US: Toyoko Inn official App CVE-2024-27305 (aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on ...) TODO: check CVE-2024-26529 (An issue in mz-automation libiec61850 v.1.5.3 and before, allows a rem ...) TODO: check CVE-2024-24101 (Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Inject ...) - TODO: check + NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-24097 (Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tra ...) - TODO: check + NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-24093 (SQL Injection vulnerability in Code-projects Scholars Tracking System ...) - TODO: check + NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-24092 (SQL Injection vulnerability in Code-projects.org Scholars Tracking Sys ...) - TODO: check + NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-23300 (A use-after-free issue was addressed with improved memory management. ...) TODO: check CVE-2024-1582 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84074748af68726611fbb86cb7056bfdd8f25afc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84074748af68726611fbb86cb7056bfdd8f25afc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 31bd1304 by Salvatore Bonaccorso at 2024-03-12T21:38:27+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7,11 +7,11 @@ CVE-2024-2391 (A vulnerability was found in EVE-NG 5.0.1-13 and classified as pr CVE-2024-2371 (Information exposure vulnerability in Korenix JetI/O 6550 affecting fi ...) NOT-FOR-US: Korenix JetI/O 6550 CVE-2024-2130 (The CWW Companion plugin for WordPress is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2049 (Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium E ...) - TODO: check + NOT-FOR-US: Citrix CVE-2024-2031 (The Video Conferencing with Zoom plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28553 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entr ...) NOT-FOR-US: Tenda CVE-2024-28535 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitI ...) @@ -25,7 +25,7 @@ CVE-2024-28338 (A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows a CVE-2024-28186 (FreeScout is an open source help desk and shared inbox built with PHP. ...) NOT-FOR-US: FreeScout CVE-2024-28121 (stimulus_reflex is a system to extend the capabilities of both Rails a ...) - TODO: check + NOT-FOR-US: stimulus_reflex CVE-2024-28114 (Peering Manager is a BGP session management tool. There is a Server Si ...) NOT-FOR-US: Peering Manager CVE-2024-28113 (Peering Manager is a BGP session management tool. In Peering Manager < ...) @@ -205,75 +205,75 @@ CVE-2024-21334 (Open Management Infrastructure (OMI) Remote Code Execution Vulne CVE-2024-21330 (Open Management Infrastructure (OMI) Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2024-20671 (Microsoft Defender Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-1765 (Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an u ...) TODO: check CVE-2024-1618 (A search path or unquoted item vulnerability in Faronics Deep Freeze S ...) - TODO: check + NOT-FOR-US: Faronics Deep Freeze Server Standard CVE-2024-1529 (Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently e ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2024-1528 (CMS Made Simple version 2.2.14, does not sufficiently encode user-cont ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2024-1527 (Unrestricted file upload vulnerability in CMS Made Simple, affecting v ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2024-1410 (Cloudflare quiche was discovered to be vulnerable to unbounded storage ...) - TODO: check + NOT-FOR-US: Cloudflare quiche CVE-2024-1328 (The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1304 (Cross-site scripting vulnerability in Badger Meter Monitool that affec ...) - TODO: check + NOT-FOR-US: Badger Meter Monitool CVE-2024-1303 (Incorrectly limiting the path to a restricted directory vulnerability ...) - TODO: check + NOT-FOR-US: Badger Meter Monitool CVE-2024-1302 (Information exposure vulnerability in Badger Meter Monitool affecting ...) - TODO: check + NOT-FOR-US: Badger Meter Monitool CVE-2024-1301 (SQL injection vulnerability in Badger Meter Monitool affecting version ...) - TODO: check + NOT-FOR-US: Badger Meter Monitool CVE-2024-1227 (An open redirect vulnerability, the exploitation of which could allow ...) TODO: check CVE-2024-1226 (The software does not neutralize or incorrectly neutralizes certain ch ...) TODO: check CVE-2024-1138 (The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterpri ...) - TODO: check + NOT-FOR-US: TIBCO CVE-2024-1137 (The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveS ...) - TODO: check + NOT-FOR-US: TIBCO CVE-2024-0906 (The f(x) Private Site plugin for WordPress is vulnerable to Sensitive ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5410 (A potential security vulnerability has been reported in the system BIO ...) - TODO: check + NOT-FOR-US: HP CVE-2023-4780 REJECTED CVE-2023-4731 (The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Fo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4729 (The LadiApp plugin for WordPress is vulnerable to Cross-Site Request F ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4728 (The LadiApp plugin for WordPress is
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 11d3ebd8 by Salvatore Bonaccorso at 2024-03-12T21:25:33+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2024-2394 (A vulnerability was found in SourceCodester Employee Management System ...) - TODO: check + NOT-FOR-US: SourceCodester Employee Management System CVE-2024-2393 (A vulnerability was found in SourceCodester CRUD without Page Reload 1 ...) - TODO: check + NOT-FOR-US: SourceCodester CRUD without Page Reload CVE-2024-2391 (A vulnerability was found in EVE-NG 5.0.1-13 and classified as problem ...) - TODO: check + NOT-FOR-US: EVE-NG CVE-2024-2371 (Information exposure vulnerability in Korenix JetI/O 6550 affecting fi ...) - TODO: check + NOT-FOR-US: Korenix JetI/O 6550 CVE-2024-2130 (The CWW Companion plugin for WordPress is vulnerable to Stored Cross-S ...) TODO: check CVE-2024-2049 (Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium E ...) @@ -13,197 +13,197 @@ CVE-2024-2049 (Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Prem CVE-2024-2031 (The Video Conferencing with Zoom plugin for WordPress is vulnerable to ...) TODO: check CVE-2024-28553 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entr ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-28535 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitI ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-28340 (An information leak in the currentsetting.htm component of Netgear CBR ...) - TODO: check + NOT-FOR-US: Netgear CVE-2024-28339 (An information leak in the debuginfo.htm component of Netgear CBR40 2. ...) - TODO: check + NOT-FOR-US: Netgear CVE-2024-28338 (A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attacke ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-28186 (FreeScout is an open source help desk and shared inbox built with PHP. ...) - TODO: check + NOT-FOR-US: FreeScout CVE-2024-28121 (stimulus_reflex is a system to extend the capabilities of both Rails a ...) TODO: check CVE-2024-28114 (Peering Manager is a BGP session management tool. There is a Server Si ...) - TODO: check + NOT-FOR-US: Peering Manager CVE-2024-28113 (Peering Manager is a BGP session management tool. In Peering Manager < ...) - TODO: check + NOT-FOR-US: Peering Manager CVE-2024-28112 (Peering Manager is a BGP session management tool. Affected versions of ...) - TODO: check + NOT-FOR-US: Peering Manager CVE-2024-28098 (The vulnerability allows authenticated users with only produce or cons ...) - TODO: check + NOT-FOR-US: Apache Pulsar CVE-2024-27907 (A vulnerability has been identified in Simcenter Femap (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-27894 (The Pulsar Functions Worker includes a capability that permits authent ...) - TODO: check + NOT-FOR-US: Apache Pulsar CVE-2024-27758 (In RPyC before 6.0.0, when a server exposes a method that calls the at ...) TODO: check CVE-2024-27317 (In Pulsar Functions Worker, authenticated users can upload functions i ...) - TODO: check + NOT-FOR-US: Apache Pulsar CVE-2024-27279 (Directory traversal vulnerability exists in a-blog cms Ver.3.1.x serie ...) - TODO: check + NOT-FOR-US: a-blog cms CVE-2024-27135 (Improper input validation in the Pulsar Function Worker allows a malic ...) - TODO: check + NOT-FOR-US: Apache Pulsar CVE-2024-26288 (An unauthenticated remote attacker can influence the communication due ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-26204 (Outlook for Android Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26203 (Azure Data Studio Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26201 (Microsoft Intune Linux Agent Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26199 (Microsoft Office Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26198 (Microsoft Exchange Server Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26197 (Windows Standards-Based Storage Management Service Denial of Service V ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26190 (Microsoft QUIC Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26185 (Windows Compressed Folder Tampering Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26182 (Windows
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d20aaeb by Salvatore Bonaccorso at 2024-03-12T09:51:59+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,49 +1,49 @@ CVE-2024-28199 (phlex is an open source framework for building object-oriented views i ...) TODO: check CVE-2024-28163 (Under certain conditions, Support Web Pages of SAP NetWeaver Process I ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-28120 (codeium-chrome is an open source code completion plugin for the chrome ...) TODO: check CVE-2024-27938 (Postal is an open source SMTP server. Postal versions less than 3.0.0 ...) TODO: check CVE-2024-27902 (Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - vers ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-27900 (Due to missing authorization check, attacker with business user accoun ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-27297 (Nix is a package manager for Linux and other Unix systems. A fixed-out ...) TODO: check CVE-2024-27121 (Path traversal vulnerability exists in Machine Automation Controller N ...) TODO: check CVE-2024-26521 (HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows ...) - TODO: check + NOT-FOR-US: CE Phoenix CVE-2024-25854 (Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance M ...) - TODO: check + NOT-FOR-US: Sourcecodester Insurance Management System CVE-2024-25645 (Under certain conditionSAPNetWeaver (Enterprise Portal) - version 7.50 ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-25644 (Under certain conditions SAP NetWeaverWSRM- version 7.50, allows an at ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-25331 (DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.0 ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-25325 (SQL injection vulnerability in Employee Management System v.1.0 allows ...) - TODO: check + NOT-FOR-US: Employee Management System CVE-2024-25114 (Collabora Online is a collaborative online office suite based on Libre ...) - TODO: check + NOT-FOR-US: Collabora Online CVE-2024-24964 (Improper access control vulnerability exists in the resident process o ...) - TODO: check + NOT-FOR-US: SKYSEA Client View CVE-2024-22133 (SAP Fiori Front End Server - version 605, allows altering of approver ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-22127 (SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-21805 (Improper access control vulnerability exists in the specific folder of ...) - TODO: check + NOT-FOR-US: SKYSEA Client View CVE-2024-21584 (Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulner ...) - TODO: check + NOT-FOR-US: Pleasanter CVE-2024-1645 (The Mollie Forms plugin for WordPress is vulnerable to unauthorized ac ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1400 (The Mollie Forms plugin for WordPress is vulnerable to unauthorized po ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6814 (Insertion of Sensitive Information into Log File vulnerability in Hita ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2023-49785 (NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat use ...) TODO: check CVE-2023-49453 (Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22 ...) @@ -86820,7 +86820,7 @@ CVE-2022-46072 (Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Inj CVE-2022-46071 (There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Log ...) NOT-FOR-US: Helmet Store Showroom CVE-2022-46070 (GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: GV-ASManager CVE-2022-46069 RESERVED CVE-2022-46068 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d20aaebdc9cc9d234f4bedcb7aa599252128fc0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d20aaebdc9cc9d234f4bedcb7aa599252128fc0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a497a2a by Salvatore Bonaccorso at 2024-03-11T21:25:41+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,163 +1,163 @@ CVE-2024-2370 (Unrestricted file upload vulnerability in ManageEngine Desktop Central ...) - TODO: check + NOT-FOR-US: ManageEngine CVE-2024-2357 (The Libreswan Project was notified of an issue causing libreswan to re ...) TODO: check CVE-2024-28198 (OpenOlat is an open source web-based e-learning platform for teaching, ...) - TODO: check + NOT-FOR-US: OpenOlat CVE-2024-28197 (Zitadel is an open source identity management system. Zitadel uses a c ...) - TODO: check + NOT-FOR-US: Zitadel CVE-2024-28187 (SOY CMS is an open source CMS (content management system) that allows ...) - TODO: check + NOT-FOR-US: SOY CMS CVE-2024-27237 (In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size c ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27236 (In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27235 (In plugin_extern_func of TBD, there is a possible out of bounds read d ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27234 (In fvp_set_target of fvp.c, there is a possible out of bounds read due ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27233 (In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission byp ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27230 (In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cp ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27229 (In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27228 (In TBD of TBD, there is a possible out of bounds write due to a heap b ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27227 (Android kernel allows Remote code execution.) - TODO: check + NOT-FOR-US: Android CVE-2024-27226 (In tmu_config_gov_params of TBD, there is a possible out of bounds wri ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27225 (In sendHciCommand of bluetooth_hci.cc, there is a possible out of boun ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27224 (In strncpy of strncpy.c, there is a possible out of bounds write due t ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27223 (In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27222 (In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible w ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27221 (In update_policy_data of TBD, there is a possible out of bounds write ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27220 (In lpm_req_handler of TBD, there is a possible out of bounds memory ac ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27219 (In tmu_set_pi of tmu.c, there is a possible out of bounds write due to ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27218 (In update_freq_data of TBD, there is a possible out of bounds read due ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27213 (In BroadcastSystemMessage of servicemgr.cpp, there is a possible Remot ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27212 (In init_data of TBD, there is a possible out of bounds write due to a ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27211 (In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write du ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27210 (In policy_check of fvp.c, there is a possible out of bounds write due ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27209 (In TBD of TBD, there is a possible out of bounds write due to a heap b ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27208 (In TBD of TBD, there is a possible out of bounds write due to a missin ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27207 (Android kernel allows Elevation of privilege.) - TODO: check + NOT-FOR-US: Android CVE-2024-27206 (In tbd of tbd, there is a possible out of bounds read due to a missing ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27205 (In tbd of tbd, there is a possible memory corruption due to a use afte ...) - TODO: check + NOT-FOR-US: Android CVE-2024-27204 (In tmu_set_gov_active of tmu.c, there is a possible out of bounds writ ...) - TODO: check + NOT-FOR-US: Android CVE-2024-25993 (In
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b506e44e by Salvatore Bonaccorso at 2024-03-11T09:46:22+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2024-2365 (A vulnerability classified as problematic was found in Musicshelf 1.0/ ...) - TODO: check + NOT-FOR-US: Musicshelf CVE-2024-2364 (A vulnerability classified as problematic has been found in Musicshelf ...) - TODO: check + NOT-FOR-US: Musicshelf CVE-2024-2363 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM T ...) - TODO: check + NOT-FOR-US: AOL AIM Triton CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load them ...) TODO: check CVE-2024-2313 (If kernel headers need to be extracted, bpftrace will attempt to load ...) @@ -13,7 +13,7 @@ CVE-2024-2184 (Buffer overflow in identifier field of WSD probe request process CVE-2024-28823 (Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 a ...) TODO: check CVE-2024-28816 (Student Information Chatbot a0196ab allows SQL injection via the usern ...) - TODO: check + NOT-FOR-US: Student Information Chatbot CVE-2024-2355 (A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project ...) NOT-FOR-US: keerti1924 Secret-Coder-PHP-Project CVE-2024-2354 (A vulnerability, which was classified as problematic, was found in Dre ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b506e44e5c741e43d902694da1bb02cb6da51927 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b506e44e5c741e43d902694da1bb02cb6da51927 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ac21bf1 by Salvatore Bonaccorso at 2024-03-09T21:15:24+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,13 @@ CVE-2024-2333 (A vulnerability classified as critical has been found in CodeAstro Mem ...) - TODO: check + NOT-FOR-US: CodeAstro Membership Management System CVE-2024-2332 (A vulnerability was found in SourceCodester Online Mobile Management S ...) - TODO: check + NOT-FOR-US: SourceCodester Online Mobile Management Store CVE-2024-2331 (A vulnerability was found in SourceCodester Tourist Reservation System ...) - TODO: check + NOT-FOR-US: SourceCodester Tourist Reservation System CVE-2024-2330 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-1870 (The Colibri Page Builder plugin for WordPress is vulnerable to unautho ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2329 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-28754 (RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to ca ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ac21bf1842028ec311e09c1ad853c9a63812fc0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ac21bf1842028ec311e09c1ad853c9a63812fc0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 30e46586 by Salvatore Bonaccorso at 2024-03-09T17:33:33+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,7 +11,7 @@ CVE-2024-28180 (Package jose aims to provide an implementation of the Javascript CVE-2024-28176 (jose is JavaScript module for JSON Object Signing and Encryption, prov ...) TODO: check CVE-2024-28123 (Wasmi is an efficient and lightweight WebAssembly interpreter with a f ...) - TODO: check + NOT-FOR-US: Wasmi CVE-2024-28122 (JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherw ...) TODO: check CVE-2024-28089 (Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote att ...) @@ -319,7 +319,7 @@ CVE-2024-1931 (NLnet Labs Unbound version 1.18.0 up to and including version 1.1 CVE-2024-1773 (The PDF Invoices and Packing Slips For WooCommerce plugin for WordPres ...) NOT-FOR-US: WordPress plugin CVE-2024-1725 (A flaw was found in the kubevirt-csi component of OpenShift Virtualiza ...) - TODO: check + NOT-FOR-US: kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP) CVE-2024-1534 (The Booster for WooCommerce plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-1442 (A user with the permissions to create a data source can use Grafana AP ...) @@ -490,9 +490,9 @@ CVE-2024-27304 (pgx is a PostgreSQL driver and toolkit for Go. SQL injection can NOTE: https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8 (v5.5.4) NOTE: https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df (v4.18.2) CVE-2024-27303 (electron-builder is a solution to package and build a ready for distri ...) - TODO: check + NOT-FOR-US: electron-builder CVE-2024-27302 (go-zero is a web and rpc framework. Go-zero allows user to specify a C ...) - TODO: check + NOT-FOR-US: go-zero CVE-2024-27289 (pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2 ...) - golang-github-jackc-pgx (bug #1065686) [bookworm] - golang-github-jackc-pgx (Minor issue) @@ -559,7 +559,7 @@ CVE-2023-49979 (A directory listing vulnerability in Customer Support System v1 CVE-2023-49978 (Incorrect access control in Customer Support System v1 allows non-admi ...) NOT-FOR-US: Customer Support System CVE-2023-48703 (RobotsAndPencils go-saml, a SAML client library written in Go, contain ...) - TODO: check + NOT-FOR-US: go-saml CVE-2023-38825 (SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allow ...) NOT-FOR-US: Vanderbilt REDCap CVE-2024-28160 (Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum p ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e4658675abbb5c8c7792b7e9258c0d2f2b7e43 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e4658675abbb5c8c7792b7e9258c0d2f2b7e43 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0bc3e86d by Salvatore Bonaccorso at 2024-03-09T09:46:16+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2024-2329 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-28754 (RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to ca ...) - TODO: check + NOT-FOR-US: RaspAP CVE-2024-28753 (RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to re ...) - TODO: check + NOT-FOR-US: RaspAP CVE-2024-28184 (WeasyPrint helps web developers to create PDF documents. Since version ...) - TODO: check + NOT-FOR-US: WeasyPrint CVE-2024-28180 (Package jose aims to provide an implementation of the Javascript Objec ...) TODO: check CVE-2024-28176 (jose is JavaScript module for JSON Object Signing and Encryption, prov ...) @@ -15,27 +15,27 @@ CVE-2024-28123 (Wasmi is an efficient and lightweight WebAssembly interpreter wi CVE-2024-28122 (JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherw ...) TODO: check CVE-2024-28089 (Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote att ...) - TODO: check + NOT-FOR-US: Hitron CODA-4582 2AHKM-CODA4589 CVE-2024-25951 (A command injection vulnerability exists in local RACADM. A malicious ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-25501 (An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker t ...) - TODO: check + NOT-FOR-US: WinMail CVE-2024-1767 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-1320 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1125 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1124 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1123 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-50015 (An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0 ...) - TODO: check + NOT-FOR-US: Grandstream CVE-2023-49341 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk versi ...) - TODO: check + NOT-FOR-US: Newland Nquire 1000 Interactive Kiosk CVE-2023-49340 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk versi ...) - TODO: check + NOT-FOR-US: Newland Nquire 1000 Interactive Kiosk CVE-2023-46427 (An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-mast ...) - gpac NOTE: https://github.com/gpac/gpac/issues/2641 @@ -45,7 +45,7 @@ CVE-2023-46426 (Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV NOTE: https://github.com/gpac/gpac/issues/2642 NOTE: https://github.com/gpac/gpac/commit/14ec709a1ffae23ad777c37320290caa0a754341 CVE-2023-32264 (CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16. ...) - TODO: check + NOT-FOR-US: OpenText CVE-2024-2339 (PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a use ...) NOT-FOR-US: PostgreSQL Anonymizer CVE-2024-2338 (PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that ...) @@ -633,7 +633,7 @@ CVE-2024-24276 (Cross Site Scripting (XSS) vulnerability in Teamwire Windows des CVE-2024-24275 (Cross Site Scripting vulnerability in Teamwire Windows desktop client ...) NOT-FOR-US: Teamwire Windows desktop client CVE-2024-22889 (Due to incorrect access control in Plone version v6.0.9, remote attack ...) - TODO: check + NOT-FOR-US: Plone CVE-2024-1989 (The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-1901 (Denial of service in PAM password rotation during the check-in process ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bc3e86d4e64005cf35ac26956d7a89f1eadc4c3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bc3e86d4e64005cf35ac26956d7a89f1eadc4c3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net
