Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 80f0fbcd by Salvatore Bonaccorso at 2024-03-26T21:54:29+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,51 +1,51 @@ CVE-2024-30235 (Missing Authorization vulnerability in Themeisle Multiple Page Generat ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30234 (Missing Authorization vulnerability in Wholesale Team WholesaleX.This ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30233 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30232 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30231 (Unrestricted Upload of File with Dangerous Type vulnerability in WebTo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2955 (T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 a ...) TODO: check CVE-2024-2951 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Registrat ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2929 (A memory corruption vulnerability in Rockwell Automation Arena Simulat ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2024-2921 (Improper access control in PAM vault permissions in Devolutions Server ...) - TODO: check + NOT-FOR-US: Devolutions Server CVE-2024-2915 (Improper access control in PAM JIT elevation in Devolutions Server 202 ...) - TODO: check + NOT-FOR-US: Devolutions Server CVE-2024-2906 (Missing Authorization vulnerability in SoftLab Radio Player.This issue ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2904 (Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calli ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2902 (A vulnerability was found in Tenda AC7 15.03.06.44 and classified as c ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2901 (A vulnerability has been found in Tenda AC7 15.03.06.44 and classified ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2900 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2899 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2898 (A vulnerability classified as critical was found in Tenda AC7 15.03.06 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2897 (A vulnerability classified as critical has been found in Tenda AC7 15. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2896 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2895 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been declar ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2894 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been classi ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2893 (A vulnerability was found in Tenda AC7 15.03.06.44 and classified as c ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2892 (A vulnerability has been found in Tenda AC7 15.03.06.44 and classified ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2891 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2802 REJECTED CVE-2024-2452 (In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control ...) @@ -59,17 +59,17 @@ CVE-2024-29883 (CreateWiki is Miraheze's MediaWiki extension for requesting & cr CVE-2024-29881 (TinyMCE is an open source rich text editor. A cross-site scripting (X ...) TODO: check CVE-2024-29833 (The image upload component allows SVG files and the regular expression ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29832 (The current_url parameter of the AJAX call to the GalleryBox action of ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29810 (The thumb_url parameter of the AJAX call to the editimage_bwg action o ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29809 (The image_url parameter of the AJAX call to the editimage_bwg action o ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29808 (The image_id parameter of the AJAX call to the editimage_bwg action of ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-29644 (Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before al ...) TODO: check CVE-2024-29401 (xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which ...) @@ -77,39 +77,39 @@ CVE-2024-29401 (xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, CVE-2024-29203 (TinyMCE is an open source rich text editor. Across-site scripting (XSS ...) TODO: check CVE-2024-29197 (Pimcore is an Open Source Data & Experience Management Platform. Any c ...) - TODO: check + NOT-FOR-US: Pimcore CVE-2024-28442 (Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows ...) - TODO: check + NOT-FOR-US: Yealink CVE-2024-28131 (EasyRange Ver 1.41 contains an issue with the executable file search p ...) - TODO: check + NOT-FOR-US: EasyRange CVE-2024-28126 (Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. ...) - TODO: check + NOT-FOR-US: 0ch BBS Script CVE-2024-28093 (The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is en ...) - TODO: check + NOT-FOR-US: AdTran NetVanta devices CVE-2024-28048 (OS command injection vulnerability exists in ffBull ver.4.11, which ma ...) - TODO: check + NOT-FOR-US: ffBull CVE-2024-28034 (Cross-site scripting vulnerability exists in Mini Thread Version 3.33\ ...) - TODO: check + NOT-FOR-US: Mini Thread Version CVE-2024-28033 (OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, ...) - TODO: check + NOT-FOR-US: WebProxy CVE-2024-26018 (Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitra ...) - TODO: check + NOT-FOR-US: TvRock CVE-2024-25958 (Dell Grab for Windows, versions up to and including 5.0.4, contain Wea ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-25957 (Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-25956 (Dell Grab for Windows, versions 5.0.4 and below, contains an improper ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-24805 (Missing Authorization vulnerability in Deepak anand WP Dummy Content G ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24799 (Missing Authorization vulnerability in WooCommerce WooCommerce Box Off ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24719 (Missing Authorization vulnerability in Uriahs Victor Location Picker a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24718 (Missing Authorization vulnerability in PropertyHive.This issue affects ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24711 (Missing Authorization vulnerability in weDevs WooCommerce Conversion T ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-23722 (In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be c ...) TODO: check CVE-2024-23520 (Missing Authorization vulnerability in AccessAlly PopupAlly.This issue ...) @@ -117,45 +117,45 @@ CVE-2024-23520 (Missing Authorization vulnerability in AccessAlly PopupAlly.This CVE-2024-23482 (The ZScaler service is susceptible to a local privilege escalation vul ...) TODO: check CVE-2024-22436 (A security vulnerability in HPE IceWall Agent products could be exploi ...) - TODO: check + NOT-FOR-US: HPE CVE-2024-22356 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 throug ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22156 (Missing Authorization vulnerability in SNP Digital SalesKing.This issu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-21920 (A memory buffer vulnerability in Rockwell Automation Arena Simulation ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2024-21919 (An uninitialized pointer in Rockwell Automation Arena Simulation softw ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2024-21918 (A memory buffer vulnerability in Rockwell Automation Arena Simulation ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2024-21913 (A heap-based memory buffer overflow vulnerability in Rockwell Automati ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2024-21912 (An arbitrary code execution vulnerability in Rockwell Automation Arena ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2024-1933 (Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote C ...) TODO: check CVE-2024-1455 (The XMLOutputParser in LangChain uses the etree module from the XML pa ...) - TODO: check + NOT-FOR-US: LangChain CVE-2024-1313 (It is possible for a user in a different organization from the owner o ...) TODO: check CVE-2023-7251 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6091 (Unrestricted Upload of File with Dangerous Type vulnerability in mndps ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2023-52214 (Missing Authorization vulnerability in voidCoders Void Contact Form 7 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-50895 (In Janitza GridVis through 9.0.66, exposed dangerous methods in the de ...) - TODO: check + NOT-FOR-US: Janitza GridVis CVE-2023-50894 (In Janitza GridVis through 9.0.66, use of hard-coded credentials in th ...) - TODO: check + NOT-FOR-US: Janitza GridVis CVE-2023-49838 (Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya the ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2023-47150 (IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-45771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-44989 (Insertion of Sensitive Information into Log File vulnerability in GShe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-41973 (ZSATray passes the previousInstallerName as a config parameter to Tray ...) TODO: check CVE-2023-41972 (In some rare cases, there is a password type validation missing in Rev ...) @@ -165,11 +165,11 @@ CVE-2023-41969 (An arbitrary file deletion in ZSATrayManager where it protects t CVE-2023-41696 REJECTED CVE-2023-33855 (Under certain conditions, RSA operations performed by IBM Common Crypt ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-33322 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32237 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2887 - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) @@ -66300,7 +66300,7 @@ CVE-2023-27632 (Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily CVE-2023-27631 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-27630 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-27629 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-27628 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) @@ -66884,7 +66884,7 @@ CVE-2023-27461 (Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugin CVE-2023-27460 RESERVED CVE-2023-27459 (Deserialization of Untrusted Data vulnerability in WPEverest User Regi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-27458 (Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream p ...) NOT-FOR-US: WordPress plugin CVE-2023-27457 (Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains A ...) @@ -66922,7 +66922,7 @@ CVE-2023-27442 (Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of s CVE-2023-27441 (Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman ...) NOT-FOR-US: WordPress plugin CVE-2023-27440 (Unrestricted Upload of File with Dangerous Type vulnerability in OnThe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-27439 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_S ...) NOT-FOR-US: WordPress plugin CVE-2023-27438 (Cross-Site Request Forgery (CSRF) vulnerability in Evgen Yurchenko WP ...) @@ -70882,7 +70882,7 @@ CVE-2023-25967 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Commun CVE-2023-25966 RESERVED CVE-2023-25965 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah ...) NOT-FOR-US: WordPress plugin CVE-2023-25963 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joom ...) @@ -76970,7 +76970,7 @@ CVE-2023-23993 (Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.C CVE-2023-23992 (Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin ...) NOT-FOR-US: WordPress plugin CVE-2023-23991 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23990 RESERVED CVE-2023-23989 @@ -78011,7 +78011,7 @@ CVE-2023-23658 CVE-2023-23657 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23656 (Unrestricted Upload of File with Dangerous Type vulnerability in MainW ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23655 RESERVED CVE-2023-23654 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spar ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80f0fbcd592da26a28861ea7a68ed5c37d0aa3ce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80f0fbcd592da26a28861ea7a68ed5c37d0aa3ce You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits