Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: bd70652f by Salvatore Bonaccorso at 2024-03-29T09:10:50+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -103,7 +103,7 @@ CVE-2024-29897 (CreateWiki is Miraheze's MediaWiki extension for requesting & cr CVE-2024-29896 (Astro-Shield is a library to compute the subresource integrity hashes ...) TODO: check CVE-2024-29882 (SRS is a simple, high-efficiency, real-time video server. SRS's `/api/ ...) - TODO: check + NOT-FOR-US: SRS video server CVE-2024-29200 (Kimai is a web-based multi-user time-tracking application. The permiss ...) NOT-FOR-US: Kimai CVE-2024-28713 (An issue in Mblog Blog system v.3.5.0 allows an attacker to execute ar ...) @@ -295,29 +295,29 @@ CVE-2024-29100 (Unrestricted Upload of File with Dangerous Type vulnerability in CVE-2024-29090 (Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engi ...) NOT-FOR-US: WordPress plugin CVE-2024-28016 (Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28015 (Improper Neutralization of Special Elements used in an OS Command vuln ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28014 (Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1 ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28013 (Use of Insufficiently Random Values vulnerability in NEC Corporation A ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28012 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28011 (Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28010 (Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200H ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28009 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28008 (Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG190 ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28007 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28006 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28005 (Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2 ...) - TODO: check + NOT-FOR-US: NEC CVE-2024-28004 (Missing Authorization vulnerability in ExtendThemes Colibri Page Build ...) NOT-FOR-US: WordPress plugin CVE-2024-28003 (Missing Authorization vulnerability in Megamenu Max Mega Menu.This iss ...) @@ -337,7 +337,7 @@ CVE-2024-25599 (Improper Neutralization of Input During Web Page Generation ('Cr CVE-2024-25354 (RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to cra ...) TODO: check CVE-2024-23500 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenbe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-22138 (Insertion of Sensitive Information into Log File vulnerability in Sera ...) NOT-FOR-US: WordPress plugin CVE-2024-1770 (The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object ...) @@ -474,9 +474,9 @@ CVE-2024-29891 (ZITADEL users can upload their own avatar image and various imag CVE-2024-29888 (Saleor is an e-commerce platform that serves high-volume companies. Wh ...) NOT-FOR-US: Saleor CVE-2024-29887 (Serverpod is an app and web server, built for the Flutter and Dart eco ...) - TODO: check + NOT-FOR-US: Serverpod CVE-2024-29886 (Serverpod is an app and web server, built for the Flutter and Dart eco ...) - TODO: check + NOT-FOR-US: Serverpod CVE-2024-29819 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29818 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -590,7 +590,7 @@ CVE-2024-28233 (JupyterHub is an open source multi-user server for Jupyter noteb CVE-2024-27270 (IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is ...) NOT-FOR-US: IBM CVE-2024-27091 (GeoNode is a geospatial content management system, a platform for the ...) - TODO: check + NOT-FOR-US: GeoNode CVE-2024-25962 (Dell InsightIQ, version 5.0, contains an improper access control vulne ...) NOT-FOR-US: Dell CVE-2024-23515 (Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video ...) @@ -638,7 +638,7 @@ CVE-2024-20265 (A vulnerability in the boot process of Cisco Access Point (AP) S CVE-2024-20259 (A vulnerability in the DHCP snooping feature of Cisco IOS XE Software ...) NOT-FOR-US: Cisco CVE-2024-1540 (Previously, it was possible to exfiltrate secrets in Gradio's CI, but ...) - TODO: check + NOT-FOR-US: Gradio CVE-2023-6400 (Incorrect Authorization vulnerability in OpenText\u2122 ZENworks Confi ...) NOT-FOR-US: OpenText CVE-2023-6173 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) @@ -767,7 +767,7 @@ CVE-2024-2210 (The The Plus Addons for Elementor plugin for WordPress is vulnera CVE-2024-2209 (A user with administrative privileges can create a compromised dll fil ...) NOT-FOR-US: HP CVE-2024-2206 (The /proxy route allows a user to proxy arbitrary urls including poten ...) - TODO: check + NOT-FOR-US: Gradio CVE-2024-2203 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-2139 (The Master Addons for Elementor plugin for WordPress is vulnerable to ...) @@ -831,7 +831,7 @@ CVE-2024-28551 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in th CVE-2024-28545 (Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in ...) NOT-FOR-US: Tenda CVE-2024-28335 (Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell ...) - TODO: check + NOT-FOR-US: Lektor CMS CVE-2024-27521 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an u ...) NOT-FOR-US: TOTOLINK CVE-2024-27188 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -1095,7 +1095,7 @@ CVE-2024-23722 (In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference ca CVE-2024-23520 (Missing Authorization vulnerability in AccessAlly PopupAlly.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-23482 (The ZScaler service is susceptible to a local privilege escalation vul ...) - TODO: check + NOT-FOR-US: ZScaler CVE-2024-22436 (A security vulnerability in HPE IceWall Agent products could be exploi ...) NOT-FOR-US: HPE CVE-2024-22356 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 throug ...) @@ -1265,7 +1265,7 @@ CVE-2024-29179 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and CVE-2024-29041 (Express.js minimalist web framework for node. Versions of Express.js p ...) TODO: check CVE-2024-28421 (SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to ...) - TODO: check + NOT-FOR-US: Cobub Razor CVE-2024-21914 (A vulnerability exists in the affected product that allows a malicious ...) NOT-FOR-US: Rockwell Automation CVE-2024-1973 (By leveraging the vulnerability, lower-privileged users of Content Man ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd70652fa164754196313446ad2970671d682234 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd70652fa164754196313446ad2970671d682234 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits