Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8fcaa299 by security tracker role at 2024-02-07T20:11:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,87 @@ +CVE-2024-25201 (Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bou ...) + TODO: check +CVE-2024-25200 (Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overf ...) + TODO: check +CVE-2024-25145 (Stored cross-site scripting (XSS) vulnerability in the Portal Search m ...) + TODO: check +CVE-2024-25143 (The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, a ...) + TODO: check +CVE-2024-24824 (Graylog is a free and open log management platform. Starting in versio ...) + TODO: check +CVE-2024-24823 (Graylog is a free and open log management platform. Starting in versio ...) + TODO: check +CVE-2024-24822 (Pimcore's Admin Classic Bundle provides a backend user interface for P ...) + TODO: check +CVE-2024-24816 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...) + TODO: check +CVE-2024-24815 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...) + TODO: check +CVE-2024-24812 (Frappe is a full-stack web application framework that uses Python and ...) + TODO: check +CVE-2024-24811 (SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnera ...) + TODO: check +CVE-2024-24771 (Open Forms allows users create and publish smart forms. Versions prior ...) + TODO: check +CVE-2024-24706 (Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp ...) + TODO: check +CVE-2024-24563 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) + TODO: check +CVE-2024-24488 (An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allo ...) + TODO: check +CVE-2024-24311 (Path Traversal vulnerability in Linea Grafica "Multilingual and Multis ...) + TODO: check +CVE-2024-24304 (In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before v ...) + TODO: check +CVE-2024-24303 (SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvance ...) + TODO: check +CVE-2024-24189 (Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-fr ...) + TODO: check +CVE-2024-24188 (Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src ...) + TODO: check +CVE-2024-24186 (Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overfl ...) + TODO: check +CVE-2024-24133 (Atmail v6.6.0 was discovered to contain a SQL injection vulnerability ...) + TODO: check +CVE-2024-24131 (SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cro ...) + TODO: check +CVE-2024-24130 (Mail2World v12 Business Control Center was discovered to contain a ref ...) + TODO: check +CVE-2024-23806 (Sensitive data can be extracted from HID iCLASS SE reader configuratio ...) + TODO: check +CVE-2024-23769 (Improper privilege control for the named pipe in Samsung Magician PC S ...) + TODO: check +CVE-2024-22984 + REJECTED +CVE-2024-22012 (In TBD of TBD, there is a possible out of bounds write due to a missin ...) + TODO: check +CVE-2024-20290 (A vulnerability in the OLE2 file format parser of ClamAV could allow a ...) + TODO: check +CVE-2024-20255 (A vulnerability in the SOAP API of Cisco Expressway Series and Cisco T ...) + TODO: check +CVE-2024-20254 (Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePres ...) + TODO: check +CVE-2024-20252 (Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePres ...) + TODO: check +CVE-2024-1118 (The Podlove Subscribe button plugin for WordPress is vulnerable to UNI ...) + TODO: check +CVE-2024-1110 (The Podlove Podcast Publisher plugin for WordPress is vulnerable to un ...) + TODO: check +CVE-2024-1109 (The Podlove Podcast Publisher plugin for WordPress is vulnerable to un ...) + TODO: check +CVE-2023-47700 (IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Stora ...) + TODO: check +CVE-2023-46914 (SQL Injection vulnerability in RM bookingcalendar module for PrestaSho ...) + TODO: check +CVE-2023-43017 (IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a pri ...) + TODO: check +CVE-2023-38995 (An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the ...) + TODO: check +CVE-2023-38369 (IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does n ...) + TODO: check +CVE-2023-32330 (IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure cal ...) + TODO: check +CVE-2023-32328 (IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure pro ...) + TODO: check CVE-2024-25140 (A default installation of RustDesk 1.2.3 on Windows places a WDKTestCe ...) NOT-FOR-US: RustDesk CVE-2024-24943 (In JetBrains Toolbox App before 2.2 a DoS attack was possible via a ma ...) @@ -7579,7 +7663,7 @@ CVE-2023-52084 (Winter is a free, open-source content management system. Prior t NOT-FOR-US: Winter CMS CVE-2023-52083 (Winter is a free, open-source content management system. Prior to 1.2 ...) NOT-FOR-US: Winter CMS -CVE-2023-51437 +CVE-2023-51437 (Observable timing discrepancy vulnerability in Apache Pulsar SASL Auth ...) NOT-FOR-US: Apache Pulsar CVE-2023-51435 (Some Honor products are affected by incorrect privilege assignment vul ...) NOT-FOR-US: Honor @@ -23778,7 +23862,7 @@ CVE-2023-40375 (Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 c NOT-FOR-US: IBM CVE-2023-40307 (An attacker with standard privileges on macOS when requesting administ ...) NOT-FOR-US: SAP -CVE-2023-39196 +CVE-2023-39196 (Improper Authentication vulnerability in Apache Ozone. The vulnerabil ...) NOT-FOR-US: Apache Ozone CVE-2023-39195 REJECTED @@ -43171,8 +43255,8 @@ CVE-2023-31004 (IBM Security Access Manager Container (IBM Security Verify Acces NOT-FOR-US: IBM CVE-2023-31003 (IBM Security Access Manager Container (IBM Security Verify Access Appl ...) NOT-FOR-US: IBM -CVE-2023-31002 - RESERVED +CVE-2023-31002 (IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 tempor ...) + TODO: check CVE-2023-31001 (IBM Security Access Manager Container (IBM Security Verify Access Appl ...) NOT-FOR-US: IBM CVE-2023-31000 @@ -74075,7 +74159,7 @@ CVE-2022-47438 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability NOT-FOR-US: WordPress plugin CVE-2022-47437 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bran ...) NOT-FOR-US: WordPress plugin -CVE-2022-47436 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mant ...) +CVE-2022-47436 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2022-47435 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...) NOT-FOR-US: WordPress plugin View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fcaa299747bf49998d2ba4ad513ee22d5fb969f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fcaa299747bf49998d2ba4ad513ee22d5fb969f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits