Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6aa435c8 by Salvatore Bonaccorso at 2024-03-28T21:36:11+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,91 +1,91 @@ CVE-2024-3042 (A vulnerability was found in SourceCodester Simple Subscription Websit ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Subscription Website CVE-2024-3041 (A vulnerability has been found in Netentsec NS-ASG Application Securit ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-3040 (A vulnerability, which was classified as critical, was found in Netent ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-3039 (A vulnerability classified as critical has been found in Shanghai Brad ...) - TODO: check + NOT-FOR-US: Shanghai Brad Technology BladeX CVE-2024-3019 (A flaw was found in PCP. The default pmproxy configuration exposes the ...) TODO: check CVE-2024-31140 (In JetBrains TeamCity before 2024.03 server administrators could remov ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31139 (In JetBrains TeamCity before 2024.03 xXE was possible in the Maven bui ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31138 (In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distri ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31137 (In JetBrains TeamCity before 2024.03 reflected XSS was possible via Sp ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31136 (In JetBrains TeamCity before 2024.03 2FA could be bypassed by providin ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31135 (In JetBrains TeamCity before 2024.03 open redirect was possible on the ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31134 (In JetBrains TeamCity before 2024.03 authenticated users without admin ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-31065 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) - TODO: check + NOT-FOR-US: Insurance Mangement System CVE-2024-31064 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) - TODO: check + NOT-FOR-US: Insurance Mangement System CVE-2024-31063 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) - TODO: check + NOT-FOR-US: Insurance Mangement System CVE-2024-31062 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) - TODO: check + NOT-FOR-US: Insurance Mangement System CVE-2024-31061 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) - TODO: check + NOT-FOR-US: Insurance Mangement System CVE-2024-30612 (Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the dev ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30607 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the device ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30606 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page p ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30604 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30603 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls p ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30602 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedS ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30601 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time p ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30600 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedE ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30599 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the device ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30598 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30597 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30596 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30595 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30594 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30593 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30592 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30591 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30590 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30589 (Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerabilit ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30588 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30587 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30586 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30585 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30584 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30583 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30422 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30421 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Man ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2947 (A flaw was found in Cockpit. Deleting a sosreport with a crafted name ...) TODO: check CVE-2024-29898 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...) @@ -97,73 +97,73 @@ CVE-2024-29896 (Astro-Shield is a library to compute the subresource integrity h CVE-2024-29882 (SRS is a simple, high-efficiency, real-time video server. SRS's `/api/ ...) TODO: check CVE-2024-29200 (Kimai is a web-based multi-user time-tracking application. The permiss ...) - TODO: check + NOT-FOR-US: Kimai CVE-2024-28713 (An issue in Mblog Blog system v.3.5.0 allows an attacker to execute ar ...) - TODO: check + NOT-FOR-US: Mblog Blog system CVE-2024-28109 (veraPDF-library is a PDF/A validation library. Executing policy checks ...) - TODO: check + NOT-FOR-US: veraPDF-library CVE-2024-28091 (Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T ...) - TODO: check + NOT-FOR-US: Technicolor CVE-2024-28090 (Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T ...) - TODO: check + NOT-FOR-US: Technicolor CVE-2024-27775 (SysAid before version 23.2.14 b18 -CWE-918: Server-Side Request Forger ...) - TODO: check + NOT-FOR-US: SysAid CVE-2024-27719 (A cross site scripting (XSS) vulnerability in rems FAQ Management Syst ...) - TODO: check + NOT-FOR-US: rems FAQ Management System CVE-2024-25971 (Dell PowerProtect Data Manager, version 19.15, contains an XML Externa ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-25963 (Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-25961 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an imp ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-25960 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a clea ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-25959 (Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an ins ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-25955 (Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injecti ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-25954 (Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an in ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-25953 (Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNI ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-25952 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNI ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-25946 (Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injecti ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-25506 (Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker ...) - TODO: check + NOT-FOR-US: Process Maker CVE-2024-0259 (Fortra's Robot Schedule Enterprise Agent for Windows prior to version ...) - TODO: check + NOT-FOR-US: Fortra CVE-2023-6437 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2023-45715 (The console may experience a service interruption when processing file ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-45706 (An administrative user of WebReports may perform a Cross Site Scriptin ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-45705 (An administrative user of WebReports may perform a Server Side Request ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-42974 (A race condition was addressed with improved state handling. This issu ...) TODO: check CVE-2023-42962 (This issue was addressed with improved checks This issue is fixed in i ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42947 (A path handling issue was addressed with improved validation. This iss ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42936 (This issue was addressed with improved redaction of sensitive informat ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42931 (The issue was addressed with improved checks. This issue is fixed in m ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42930 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42913 (This issue was addressed through improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42896 (An issue was addressed with improved handling of temporary files. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42893 (A permissions issue was addressed by removing vulnerable code and addi ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-42892 (A use-after-free issue was addressed with improved memory management. ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-40390 (A privacy issue was addressed by moving sensitive data to a protected ...) - TODO: check + NOT-FOR-US: Apple CVE-2024-3024 (A vulnerability was found in appneta tcpreplay up to 4.4.4. It has bee ...) TODO: check CVE-2024-3015 (A vulnerability classified as critical was found in SourceCodester Sim ...) @@ -243,49 +243,49 @@ CVE-2024-2998 (A vulnerability was found in Bdtask Multi-Store Inventory Managem CVE-2024-2997 (A vulnerability was found in Bdtask Multi-Store Inventory Management S ...) NOT-FOR-US: Bdtask Multi-Store Inventory Management System CVE-2024-2890 (Unrestricted Upload of File with Dangerous Type vulnerability in Tumul ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2818 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) TODO: check CVE-2024-2111 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2110 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2091 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29241 (Missing authorization vulnerability in System webapi component in Syno ...) - TODO: check + NOT-FOR-US: Synology CVE-2024-29240 (Missing authorization vulnerability in LayoutSave webapi component in ...) - TODO: check + NOT-FOR-US: Synology CVE-2024-29239 (Improper neutralization of special elements used in an SQL command ('S ...) - TODO: check + NOT-FOR-US: Synology CVE-2024-29238 (Improper neutralization of special elements used in an SQL command ('S ...) - TODO: check + NOT-FOR-US: Synology CVE-2024-29237 (Improper neutralization of special elements used in an SQL command ('S ...) - TODO: check + NOT-FOR-US: Synology CVE-2024-29236 (Improper neutralization of special elements used in an SQL command ('S ...) - TODO: check + NOT-FOR-US: Synology CVE-2024-29235 (Improper neutralization of special elements used in an SQL command ('S ...) - TODO: check + NOT-FOR-US: Synology CVE-2024-29234 (Improper neutralization of special elements used in an SQL command ('S ...) - TODO: check + NOT-FOR-US: Synology CVE-2024-29233 (Improper neutralization of special elements used in an SQL command ('S ...) - TODO: check + NOT-FOR-US: Synology CVE-2024-29232 (Improper neutralization of special elements used in an SQL command ('S ...) - TODO: check + NOT-FOR-US: Synology CVE-2024-29231 (Improper validation of array index vulnerability in UserPrivilege.Enum ...) - TODO: check + NOT-FOR-US: Synology CVE-2024-29230 (Improper neutralization of special elements used in an SQL command ('S ...) - TODO: check + NOT-FOR-US: Synology CVE-2024-29229 (Missing authorization vulnerability in GetLiveViewPath webapi componen ...) - TODO: check + NOT-FOR-US: Synology CVE-2024-29228 (Missing authorization vulnerability in GetStmUrlPath webapi component ...) - TODO: check + NOT-FOR-US: Synology CVE-2024-29227 (Improper neutralization of special elements used in an SQL command ('S ...) - TODO: check + NOT-FOR-US: Synology CVE-2024-29100 (Unrestricted Upload of File with Dangerous Type vulnerability in Jordy ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29090 (Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28016 (Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP ...) TODO: check CVE-2024-28015 (Improper Neutralization of Special Elements used in an OS Command vuln ...) @@ -311,37 +311,37 @@ CVE-2024-28006 (Improper authentication vulnerability in NEC Corporation Aterm W CVE-2024-28005 (Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2 ...) TODO: check CVE-2024-28004 (Missing Authorization vulnerability in ExtendThemes Colibri Page Build ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28003 (Missing Authorization vulnerability in Megamenu Max Mega Menu.This iss ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28002 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28001 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27999 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25924 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25923 (Insertion of Sensitive Information into Log File vulnerability in Peep ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25599 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25354 (RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to cra ...) TODO: check CVE-2024-23500 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenbe ...) TODO: check CVE-2024-22138 (Insertion of Sensitive Information into Log File vulnerability in Sera ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1770 (The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0980 (The Auto-update service for Okta Verify for Windows is vulnerable to t ...) - TODO: check + NOT-FOR-US: Okta CVE-2024-0677 (The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0673 (The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0672 (The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0079 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) TODO: check CVE-2024-0077 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) @@ -358,21 +358,21 @@ CVE-2023-52628 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux 5.10.205-1 NOTE: https://git.kernel.org/linus/fd94d9dadee58e09b49075240fe83423eb1dcd36 (6.6-rc1) CVE-2023-52234 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52231 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-50374 (Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP \u ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-47438 (SQL Injection vulnerability in Reportico Till 8.1.0 allows attackers t ...) - TODO: check + NOT-FOR-US: Reportico Till CVE-2023-39313 (Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada. ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2023-39309 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-36679 (Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-34370 (Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30238 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30186 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -1039,7 +1039,7 @@ CVE-2024-29684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forg CVE-2024-29644 (Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before al ...) NOT-FOR-US: dcat-admin CVE-2024-29401 (xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which ...) - TODO: check + NOT-FOR-US: xzs-mysql CVE-2024-29203 (TinyMCE is an open source rich text editor. Across-site scripting (XSS ...) TODO: check CVE-2024-29197 (Pimcore is an Open Source Data & Experience Management Platform. Any c ...) @@ -75634,7 +75634,7 @@ CVE-2023-0584 (The VK Blocks plugin for WordPress is vulnerable to improper auth CVE-2023-0583 (The VK Blocks plugin for WordPress is vulnerable to improper authoriza ...) NOT-FOR-US: VK Blocks plugin for WordPress CVE-2023-0582 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: ForgeRock CVE-2023-0581 (The PrivateContent plugin for WordPress is vulnerable to protection me ...) NOT-FOR-US: PrivateContent plugin for WordPress CVE-2023-0580 (Insecure Storage of Sensitive Information vulnerability in ABB My Cont ...) @@ -92415,7 +92415,7 @@ CVE-2022-45852 CVE-2022-45851 (Missing Authorization vulnerability in ShareThis ShareThis Dashboard f ...) NOT-FOR-US: WordPress plugin CVE-2022-45850 (Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pr ...) - TODO: check + NOT-FOR-US: Nickys Image Map CVE-2022-45849 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-45848 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability inContest Gall ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6aa435c8023dd4abae4ad85bb47253c3137e8805 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6aa435c8023dd4abae4ad85bb47253c3137e8805 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits