Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 851f485b by Salvatore Bonaccorso at 2024-05-15T22:30:17+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -17,19 +17,19 @@ CVE-2024-4903 (A vulnerability was found in Tongda OA 2017. It has been declared CVE-2024-4837 (In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or ea ...) NOT-FOR-US: Telerik Report Server CVE-2024-4702 (The Mega Elements plugin for WordPress is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4670 (The All-in-One Video Gallery plugin for WordPress is vulnerable to Loc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4622 (If misconfigured, alpitronic Hypercharger EV charging devices can expo ...) - TODO: check + NOT-FOR-US: alpitronic Hypercharger EV charging devices CVE-2024-4357 (An information disclosure vulnerability exists in Progress Telerik Rep ...) - TODO: check + NOT-FOR-US: Progress Telerik Report Server CVE-2024-4202 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2 (18.1. ...) - TODO: check + NOT-FOR-US: Telerik CVE-2024-4200 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2 (18.1. ...) - TODO: check + NOT-FOR-US: Telerik CVE-2024-4010 (The Email Subscribers by Icegram Express plugin for WordPress is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3970 (Server Side Request Forgery vulnerabilityhas been discovered in OpenTe ...) TODO: check CVE-2024-3968 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...) @@ -37,7 +37,7 @@ CVE-2024-3968 (Remote Code Execution has been discovered in OpenText\u2122 iMana CVE-2024-3967 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...) TODO: check CVE-2024-3892 (A local code execution vulnerability is possible in Telerik UI for Win ...) - TODO: check + NOT-FOR-US: Telerik CVE-2024-3488 (File Upload vulnerability in unauthenticated session found in OpenText ...) TODO: check CVE-2024-3487 (Broken Authentication vulnerability discovered in OpenText\u2122 iMana ...) @@ -51,105 +51,105 @@ CVE-2024-3484 (Path Traversal foundin OpenText\u2122 iManager 3.2.6.0200. This c CVE-2024-3483 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...) TODO: check CVE-2024-3319 (An issue was identified in the Identity Security Cloud (ISC) Transform ...) - TODO: check + NOT-FOR-US: Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints CVE-2024-3318 (A file path traversal vulnerability was identified in the DelimitedFil ...) - TODO: check + NOT-FOR-US: DelimitedFileConnector Cloud Connector CVE-2024-3317 (An improper access control was identified in the Identity Security Clo ...) - TODO: check + NOT-FOR-US: Identity Security Cloud (ISC) message server API CVE-2024-3182 (Install-type password disclosure vulnerability inUniversal Installer i ...) TODO: check CVE-2024-35179 (Stalwart Mail Server is an open-source mail server. Prior to version 0 ...) - TODO: check + NOT-FOR-US: Stalwart Mail Server CVE-2024-35102 (Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv- ...) - TODO: check + NOT-FOR-US: VITEC AvediaServer CVE-2024-34955 (Code-projects Budget Management 1.0 is vulnerable to SQL Injection via ...) - TODO: check + NOT-FOR-US: Code-projects Budget Management CVE-2024-34954 (Code-projects Budget Management 1.0 is vulnerable to Cross Site Script ...) - TODO: check + NOT-FOR-US: Code-projects Budget Management CVE-2024-34913 (An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and b ...) TODO: check CVE-2024-34909 (An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allow ...) - TODO: check + NOT-FOR-US: KYKMS CVE-2024-34906 (An arbitrary file upload vulnerability in dootask v0.30.13 allows atta ...) - TODO: check + NOT-FOR-US: dootask CVE-2024-34101 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-34100 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-34099 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-34098 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-34097 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-34096 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-34095 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-34094 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-34082 (Grav is a file-based Web platform. Prior to version 1.7.46, a low priv ...) - TODO: check + NOT-FOR-US: Grav CMS CVE-2024-34025 (CyberPower PowerPanel business application code contains a hard-coded ...) - TODO: check + NOT-FOR-US: CyberPower PowerPanel business application code CVE-2024-33625 (CyberPower PowerPanel business application code contains a hard-coded ...) - TODO: check + NOT-FOR-US: CyberPower PowerPanel business application code CVE-2024-33615 (A specially crafted Zip file containing path traversal characters can ...) - TODO: check + NOT-FOR-US: CyberPower PowerPanel server CVE-2024-32053 (Hard-coded credentials are used by the CyberPower PowerPanel platfo ...) - TODO: check + NOT-FOR-US: CyberPower PowerPanel CVE-2024-32047 (Hard-coded credentials for the CyberPower PowerPanel test server can ...) - TODO: check + NOT-FOR-US: CyberPower PowerPanel CVE-2024-32042 (The key used to encrypt passwords stored in the database can be found ...) - TODO: check + NOT-FOR-US: CyberPower PowerPanel CVE-2024-31856 (An attacker with certain MQTT permissions can create malicious message ...) TODO: check CVE-2024-31410 (The devices which CyberPower PowerPanel manages use identical certific ...) - TODO: check + NOT-FOR-US: CyberPower PowerPanel CVE-2024-31409 (Certain MQTT wildcards are not blocked on the CyberPower PowerPanel ...) - TODO: check + NOT-FOR-US: CyberPower PowerPanel CVE-2024-31216 (The source-controller is a Kubernetes operator, specialised in artifac ...) TODO: check CVE-2024-30312 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-30311 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-30310 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-30284 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-2248 (A Header Injection vulnerability in the JFrog platform in versions bel ...) TODO: check CVE-2024-28087 (In Bonitasoft runtime Community edition, the lack of dynamic permissio ...) - TODO: check + NOT-FOR-US: Bonitasoft CVE-2024-28042 (SUBNET Solutions Inc. has identified vulnerabilities in third-party co ...) TODO: check CVE-2024-27593 (A stored cross-site scripting (XSS) vulnerability in the Filter functi ...) TODO: check CVE-2024-27353 (A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde ...) - TODO: check + NOT-FOR-US: Insyde CVE-2024-25079 (A memory corruption vulnerability in HddPassword in Insyde InsydeH2O k ...) - TODO: check + NOT-FOR-US: Insyde CVE-2024-25078 (A memory corruption vulnerability in StorageSecurityCommandDxe in Insy ...) - TODO: check + NOT-FOR-US: Insyde CVE-2024-20394 (A vulnerability in Cisco AppDynamics Network Visibility Agent could al ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20392 (A vulnerability in the web-based management API of Cisco AsyncOS Softw ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20391 (A vulnerability in the Network Access Manager (NAM) module of Cisco Se ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20383 (A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20369 (A vulnerability in the web-based management interface of Cisco Crosswo ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20366 (A vulnerability in the Tail-f High Availability Cluster Communications ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20258 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20257 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20256 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-7258 (A denial of service exists in Gvisor Sandbox where a bug in reference ...) TODO: check CVE-2023-6324 (ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session ...) @@ -651,15 +651,15 @@ CVE-2024-26238 (Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vu CVE-2024-26007 (An improper check or handling of exceptional conditions vulnerability ...) NOT-FOR-US: FortiGuard CVE-2024-23105 (A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet Forti ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2024-22270 (VMware Workstation and Fusion contain an information disclosure vulner ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-22269 (VMware Workstation and Fusion contain an information disclosure vulner ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-22268 (VMware Workstation and Fusion contain a heap buffer-overflow vulnerabi ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-22267 (VMware Workstation and Fusion contain a use-after-free vulnerability i ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-1914 (An attacker who successfully exploited these vulnerabilities could cau ...) TODO: check CVE-2024-1913 (An attacker who successfully exploited these vulnerabilities could cau ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/851f485b8b37a7c6f0140234b9049514ba3805f9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/851f485b8b37a7c6f0140234b9049514ba3805f9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits