Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a4eeebb3 by Salvatore Bonaccorso at 2024-03-18T21:36:53+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,45 +1,45 @@ CVE-2024-2599 (File upload restriction evasion vulnerability in AMSS++ version 4.31. ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2598 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2597 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2596 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2595 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2594 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2593 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2592 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2591 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2590 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2589 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2588 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2587 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2586 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2585 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2584 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) - TODO: check + NOT-FOR-US: AMSS++ CVE-2024-2390 (As a part of Tenable\u2019s vulnerability disclosure program, a vulner ...) - TODO: check + NOT-FOR-US: Tenable CVE-2024-2229 (CWE-502: Deserialization of Untrusted Data vulnerability exists that c ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2024-2052 (CWE-552: Files or Directories Accessible to External Parties vulnerabi ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2024-2051 (CWE-307: Improper Restriction of Excessive Authentication Attempts vul ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2024-2050 (CWE-79: Improper Neutralization of Input During Web Page Generation (\ ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2024-28550 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the file ...) NOT-FOR-US: Tenda CVE-2024-28547 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the fire ...) @@ -74,7 +74,7 @@ CVE-2024-27769 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 CVE-2024-27768 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE- ...) NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27767 (CWE-287: Improper Authentication may allow Authentication Bypass) - TODO: check + NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27104 (GLPI is a Free Asset and IT Management Software package, Data center m ...) - glpi <removed> NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-prc3-cx5m-h5mj @@ -172,89 +172,89 @@ CVE-2024-26030 (Adobe Experience Manager versions 6.5.19 and earlier are affecte CVE-2024-26028 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-25657 (An open redirect in the Login/Logout functionality of web management i ...) - TODO: check + NOT-FOR-US: AVSystem Unified Management Platform (UMP) CVE-2024-25656 (Improper input validation in AVSystem Unified Management Platform (UMP ...) - TODO: check + NOT-FOR-US: AVSystem Unified Management Platform (UMP) CVE-2024-25655 (Insecure storage of LDAP passwords in the authentication functionality ...) - TODO: check + NOT-FOR-US: AVSystem Unified Management Platform (UMP) CVE-2024-25654 (Insecure permissions for log files of AVSystem Unified Management Plat ...) - TODO: check + NOT-FOR-US: AVSystem Unified Management Platform (UMP) CVE-2024-22257 (In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5. ...) TODO: check CVE-2024-21662 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) - TODO: check + NOT-FOR-US: Argo CD CVE-2024-21661 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) - TODO: check + NOT-FOR-US: Argo CD CVE-2024-21652 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) - TODO: check + NOT-FOR-US: Argo CD CVE-2024-20768 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20767 (ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Imp ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20764 (Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bo ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20763 (Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bo ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20762 (Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bo ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20761 (Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bo ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20760 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20757 (Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20756 (Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20755 (Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-base ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20754 (Lightroom Desktop versions 7.1.2 and earlier are affected by an Untrus ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20752 (Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20746 (Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out- ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20745 (Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap- ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-1753 (A flaw was found in Buildah (and subsequently Podman Build) which allo ...) TODO: check CVE-2024-1658 (The Grid Shortcodes WordPress plugin before 1.1.1 does not validate an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1606 (Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.2 ...) - TODO: check + NOT-FOR-US: BMC CVE-2024-1605 (BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dyn ...) - TODO: check + NOT-FOR-US: BMC CVE-2024-1604 (Improper authorization in the report management and creation module of ...) - TODO: check + NOT-FOR-US: BMC CVE-2024-1333 (The Responsive Pricing Table WordPress plugin before 5.1.11 does not v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1331 (The Team Members WordPress plugin before 5.3.2 does not validate and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1013 (An out-of-bounds stack write flaw was found in unixODBC on 64-bit arch ...) TODO: check CVE-2024-0973 (The Widget for Social Page Feeds WordPress plugin before 6.4 does not ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0951 (The Advanced Social Feeds Widget & Shortcode WordPress plugin through ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0858 (The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF chec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0820 (The Jobs for WordPress plugin before 2.7.4 does not sanitise and escap ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0780 (The Enjoy Social Feed plugin for WordPress website WordPress plugin th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0779 (The Enjoy Social Feed plugin for WordPress website WordPress plugin th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0719 (The Tabs Shortcode and Widget WordPress plugin through 1.17 does not v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0711 (The Buttons Shortcode and Widget WordPress plugin through 1.16 does no ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0365 (The Fancy Product Designer WordPress plugin before 6.1.5 does not prop ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7236 (The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Inform ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7085 (The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does n ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6821 (The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 cont ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-41334 (Astropy is a project for astronomy in Python that fosters interoperabi ...) TODO: check CVE-2024-26641 (In the Linux kernel, the following vulnerability has been resolved: i ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4eeebb302d995e18285e13072bfe118c67540c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4eeebb302d995e18285e13072bfe118c67540c8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits