Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1cceb72c by Salvatore Bonaccorso at 2024-05-06T22:30:12+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -75,7 +75,7 @@ CVE-2024-34529 (Nebari through 2024.4.1 prints the temporary Keycloak root passw CVE-2024-34528 (WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race ...) TODO: check CVE-2024-34527 (spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print stateme ...) - TODO: check + NOT-FOR-US: SolidUI CVE-2024-34525 (FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext ...) NOT-FOR-US: FileCodeBox CVE-2024-34524 (In XLANG OpenAgents through fe73ac4, the allowed_file protection mecha ...) @@ -149,15 +149,15 @@ CVE-2024-34249 (wasm3 v0.5.0 was discovered to contain a heap buffer overflow wh CVE-2024-34246 (wasm3 v0.5.0 was discovered to contain an out-of-bound memory read whi ...) TODO: check CVE-2024-34093 (An issue was discovered in Archer Platform 6 before 2024.03. There is ...) - TODO: check + NOT-FOR-US: Archer Platform CVE-2024-34092 (An issue was discovered in Archer Platform 6 before 2024.04. Authentic ...) - TODO: check + NOT-FOR-US: Archer Platform CVE-2024-34091 (An issue was discovered in Archer Platform 6 before 2024.04. There is ...) - TODO: check + NOT-FOR-US: Archer Platform CVE-2024-34090 (An issue was discovered in Archer Platform 6 before 2024.04. There is ...) - TODO: check + NOT-FOR-US: Archer Platform CVE-2024-34089 (An issue was discovered in Archer Platform 6 before 2024.04. There is ...) - TODO: check + NOT-FOR-US: Archer Platform CVE-2024-34078 (html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typo ...) TODO: check CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The debugger ...) @@ -165,73 +165,73 @@ CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The de CVE-2024-34064 (Jinja is an extensible templating engine. The `xmlattr` filter in affe ...) TODO: check CVE-2024-33912 (Missing Authorization vulnerability in Academy LMS.This issue affects ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33910 (Missing Authorization vulnerability in Supsystic Digital Publications ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33908 (Missing Authorization vulnerability in Themesgrove WidgetKit.This issu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33907 (Missing Authorization vulnerability in Michael Nelson Print My Blog.Th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33830 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-33829 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-33788 (Linksys E5600 v1.1.0.26 was discovered to contain a command injection ...) - TODO: check + NOT-FOR-US: Linksys CVE-2024-33753 (Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allo ...) - TODO: check + NOT-FOR-US: Section Camera CVE-2024-33752 (An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and p ...) - TODO: check + NOT-FOR-US: Emlog Pro CVE-2024-33749 (DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_m ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-33576 (Missing Authorization vulnerability in Ollybach WPPizza.This issue aff ...) - TODO: check + NOT-FOR-US: Ollybach WPPizza CVE-2024-33570 (Missing Authorization vulnerability in Wpmet Metform Elementor Contact ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33411 (A SQL injection vulnerability in /model/get_admin_profile.php in Campc ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33410 (SQL injection vulnerability in /model/delete_range_grade.php in campco ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33409 (SQL injection vulnerability in index.php in campcodes Complete Web-Bas ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33408 (A SQL injection vulnerability in /model/get_classroom.php in campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33407 (SQL injection vulnerability in /model/delete_record.php in campcodes C ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33406 (SQL injection vulnerability in /model/delete_student_grade_subject.php ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33405 (SQL injection vulnerability in add_friends.php in campcodes Complete W ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33404 (A SQL injection vulnerability in /model/add_student_first_payment.php ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33403 (A SQL injection vulnerability in /model/get_events.php in campcodes Co ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33294 (An issue in Library System using PHP/MySQli with Source Code V1.0 allo ...) - TODO: check + NOT-FOR-US: Library System using PHP/MySQli with Source Code CVE-2024-33121 (Roothub v2.6 was discovered to contain a SQL injection vulnerability v ...) - TODO: check + NOT-FOR-US: Roothub CVE-2024-33118 (LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulne ...) - TODO: check + NOT-FOR-US: LuckyFrameWeb CVE-2024-33117 (crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forg ...) TODO: check CVE-2024-33113 (D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey ...) - TODO: check + NOT-FOR-US: D-LINK CVE-2024-33112 (D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command ...) - TODO: check + NOT-FOR-US: D-LINK CVE-2024-33111 (D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Script ...) - TODO: check + NOT-FOR-US: D-LINK CVE-2024-33110 (D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permissi ...) - TODO: check + NOT-FOR-US: D-LINK CVE-2024-32982 (Litestar and Starlite is an Asynchronous Server Gateway Interface (ASG ...) TODO: check CVE-2024-32972 (go-ethereum (geth) is a golang execution layer implementation of the E ...) TODO: check CVE-2024-32807 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2041 REJECTED CVE-2024-26312 (Archer Platform 6 before 2024.03 contains a sensitive information disc ...) - TODO: check + NOT-FOR-US: Archer Platform CVE-2024-23354 (Memory corruption when the IOCTL call is interrupted by a signal.) TODO: check CVE-2024-23351 (Memory corruption as GPU registers beyond the last protected range can ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cceb72cef5ae14e7da4acdaf9e316683b3a01c5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cceb72cef5ae14e7da4acdaf9e316683b3a01c5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits