[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d4ef0e4a by security tracker role at 2024-06-10T20:12:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,9 +1,141 @@
-CVE-2024-36972 [af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue
lock.]
+CVE-2024-5786 (Cross-Site Request Forgery vulnerability in Comtrend router
WLD71-T1_v ...)
+ TODO: check
+CVE-2024-5785 (Command injection vulnerability in Comtrend router
WLD71-T1_v2.0.20182 ...)
+ TODO: check
+CVE-2024-5597 (Fuji Electric Monitouch V-SFTis vulnerable to a type confusion,
which ...)
+ TODO: check
+CVE-2024-5102 (A sym-linked file accessed via the repair function in Avast
Antivirus ...)
+ TODO: check
+CVE-2024-4745 (Missing Authorization vulnerability in RafflePress Giveaways
and Conte ...)
+ TODO: check
+CVE-2024-4744 (Missing Authorization vulnerability in Avirtum iPages
Flipbook.This is ...)
+ TODO: check
+CVE-2024-4403 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the
restar ...)
+ TODO: check
+CVE-2024-3850 (Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site
scripting ...)
+ TODO: check
+CVE-2024-3700 (Use of hard-coded password to the patients' database allows an
attacke ...)
+ TODO: check
+CVE-2024-3699 (Use of hard-coded password to the patients' database allows an
attacke ...)
+ TODO: check
+CVE-2024-37393 (Multiple LDAP injections vulnerabilities exist in SecurEnvoy
MFA befor ...)
+ TODO: check
+CVE-2024-37051 (GitHub access token could be exposed to third-party sites in
JetBrains ...)
+ TODO: check
+CVE-2024-37014 (Langflow through 0.6.19 allows remote code execution if
untrusted user ...)
+ TODO: check
+CVE-2024-36531 (nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and
before are vu ...)
+ TODO: check
+CVE-2024-36528 (nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and
before have a ...)
+ TODO: check
+CVE-2024-36417 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36415 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36414 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36413 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36412 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36411 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36410 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36409 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36408 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36407 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36406 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36405 (liboqs is a C-language cryptographic library that provides
implementat ...)
+ TODO: check
+CVE-2024-35754 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35749 (Authentication Bypass by Spoofing vulnerability in Acurax
Under Constr ...)
+ TODO: check
+CVE-2024-35747 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
+ TODO: check
+CVE-2024-35746 (Unrestricted Upload of File with Dangerous Type vulnerability
in Asgha ...)
+ TODO: check
+CVE-2024-35745 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35744 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35743 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35728 (Improper Neutralization of Special Elements in Output Used by
a Downst ...)
+ TODO: check
+CVE-2024-35712 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35680 (Improper Neutralization of Special Elements in Output Used by
a Downst ...)
+ TODO: check
+CVE-2024-35677 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35658 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35650 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c6b2428e by security tracker role at 2024-06-10T08:11:58+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,37 @@ +CVE-2024-5389 (In lunary-ai/lunary version 1.2.13, an insufficient granularity of acc ...) + TODO: check +CVE-2024-4746 (Missing Authorization vulnerability in Netgsm.This issue affects Netgs ...) + TODO: check +CVE-2024-4328 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_ ...) + TODO: check +CVE-2024-37880 (The Kyber reference implementation before 9b8d306, when compiled by LL ...) + TODO: check +CVE-2024-35742 (Missing Authorization vulnerability in Code Parrots Easy Forms for Mai ...) + TODO: check +CVE-2024-35741 (Missing Authorization vulnerability in Awesome Support Team Awesome Su ...) + TODO: check +CVE-2024-35735 (Missing Authorization vulnerability in CodePeople WP Time Slots Bookin ...) + TODO: check +CVE-2024-35729 (Missing Authorization vulnerability in Tickera.This issue affects Tick ...) + TODO: check +CVE-2024-35727 (Missing Authorization vulnerability in actpro Extra Product Options fo ...) + TODO: check +CVE-2024-35726 (Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue ...) + TODO: check +CVE-2024-35725 (Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit ...) + TODO: check +CVE-2024-35724 (Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addo ...) + TODO: check +CVE-2024-35723 (Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do Li ...) + TODO: check +CVE-2024-35722 (Missing Authorization vulnerability in A WP Life Slider Responsive Sli ...) + TODO: check +CVE-2024-35721 (Missing Authorization vulnerability in A WP Life Image Gallery \u2013 ...) + TODO: check +CVE-2024-35720 (Missing Authorization vulnerability in A WP Life Album Gallery \u2013 ...) + TODO: check +CVE-2024-35717 (Missing Authorization vulnerability in A WP Life Media Slider \u2013 P ...) + TODO: check CVE-2024-37570 (On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.h ...) TODO: check CVE-2024-37569 (An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x throug ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6b2428e7db18478b1e0788da3f99aebb9298edb -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6b2428e7db18478b1e0788da3f99aebb9298edb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bb24258b by security tracker role at 2024-06-09T20:11:58+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,194 @@ -CVE-2024-37535 +CVE-2024-37570 (On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.h ...) + TODO: check +CVE-2024-37569 (An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x throug ...) + TODO: check +CVE-2024-37568 (lepture Authlib before 1.3.1 has algorithm confusion with asymmetric p ...) + TODO: check +CVE-2024-35748 (Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.T ...) + TODO: check +CVE-2024-35669 (Missing Authorization vulnerability in Bowo Debug Log Manager.This iss ...) + TODO: check +CVE-2024-35662 (Missing Authorization vulnerability in Andreas Sofantzis Simple COD Fe ...) + TODO: check +CVE-2024-35661 (Missing Authorization vulnerability in SoftLab Upload Fields for WPFor ...) + TODO: check +CVE-2024-35660 (Missing Authorization vulnerability in Jewel Theme Master Addons for E ...) + TODO: check +CVE-2024-34802 (Missing Authorization vulnerability in AdFoxly AdFoxly \u2013 Ad Manag ...) + TODO: check +CVE-2024-34435 (Missing Authorization vulnerability in CodeRevolution Aiomatic.This is ...) + TODO: check +CVE-2024-33572 (Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Bl ...) + TODO: check +CVE-2024-33565 (Missing Authorization vulnerability in UkrSolution Barcode Scanner wit ...) + TODO: check +CVE-2024-33564 (Missing Authorization vulnerability in 8theme XStore.This issue affect ...) + TODO: check +CVE-2024-33563 (Missing Authorization vulnerability in 8theme XStore.This issue affect ...) + TODO: check +CVE-2024-33561 (Missing Authorization vulnerability in 8theme XStore.This issue affect ...) + TODO: check +CVE-2024-33555 (Missing Authorization vulnerability in 8theme XStore Core.This issue a ...) + TODO: check +CVE-2024-33547 (Missing Authorization vulnerability in AA-Team WZone.This issue affect ...) + TODO: check +CVE-2024-33545 (Missing Authorization vulnerability in AA-Team WZone.This issue affect ...) + TODO: check +CVE-2024-33543 (Missing Authorization vulnerability in CodePeople WP Time Slots Bookin ...) + TODO: check +CVE-2024-32824 (Missing Authorization vulnerability in Evergreen Content Poster.This i ...) + TODO: check +CVE-2024-32821 (Missing Authorization vulnerability in TotalSuite Total Poll Lite.This ...) + TODO: check +CVE-2024-32820 (Missing Authorization vulnerability in Social Share Pro Social Share I ...) + TODO: check +CVE-2024-32818 (Missing Authorization vulnerability in realmag777 WordPress Meta Data ...) + TODO: check +CVE-2024-32814 (Missing Authorization vulnerability in Zorem Advanced Local Pickup for ...) + TODO: check +CVE-2024-32813 (Missing Authorization vulnerability in SoftLab Integrate Google Drive. ...) + TODO: check +CVE-2024-32811 (Insertion of Sensitive Information into Log File vulnerability in Octo ...) + TODO: check +CVE-2024-32805 (Missing Authorization vulnerability in Social Snap.This issue affects ...) + TODO: check +CVE-2024-32804 (Missing Authorization vulnerability in Martin Gibson WP GoToWebinar.Th ...) + TODO: check +CVE-2024-32799 (Missing Authorization vulnerability in Merv Barrett Easy Property List ...) + TODO: check +CVE-2024-32798 (Missing Authorization vulnerability in WP Travel Engine.This issue aff ...) + TODO: check +CVE-2024-32797 (Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto ...) + TODO: check +CVE-2024-32792 (Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue ...) + TODO: check +CVE-2024-32787 (Missing Authorization vulnerability in Copy Content Protection Team Se ...) + TODO: check +CVE-2024-32784 (Missing Authorization vulnerability in CookieHub.This issue affects Co ...) + TODO: check +CVE-2024-32783 (Missing Authorization vulnerability in wpcreativeidea Advanced Testimo ...) + TODO: check +CVE-2024-32779 (Missing Authorization vulnerability in Avirtum Vision Interactive.This ...) + TODO: check +CVE-2024-32778 (Missing Authorization vulnerability in Contest Gallery.This issue affe ...) + TODO: check +CVE-2024-32777 (Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Br ...) + TODO: check +CVE-2024-32727 (Missing Authorization vulnerability in Rometheme RomethemeForm For Ele ...) + TODO: check +CVE-2024-32725 (Missing Authorization vulnerability in Saleswonder 5 Stars Rating Funn ...) + TODO: check +CVE-2024-32715 (Missing Authorization vulnerability in Olive Themes
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d67d8382 by security tracker role at 2024-06-09T08:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2024-5775 (A vulnerability was found in SourceCodester Vehicle Management System ...) + TODO: check +CVE-2024-5774 (A vulnerability has been found in SourceCodester Stock Management Syst ...) + TODO: check +CVE-2024-5773 (A vulnerability, which was classified as critical, was found in Netent ...) + TODO: check +CVE-2024-5772 (A vulnerability, which was classified as critical, has been found in N ...) + TODO: check +CVE-2024-5771 (A vulnerability classified as critical was found in LabVantage LIMS 20 ...) + TODO: check CVE-2024-5766 (A vulnerability was found in Likeshop up to 2.5.7 and classified as pr ...) NOT-FOR-US: Likeshop CVE-2024-5654 (The CF7 Google Sheets Connector plugin for WordPress is vulnerable to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d67d838234ba64ca502af274d5f026788f629f33 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d67d838234ba64ca502af274d5f026788f629f33 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
56e7e4bf by security tracker role at 2024-06-08T20:12:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,21 +1,145 @@
-CVE-2024-36970 [wifi: iwlwifi: Use request_module_nowait]
+CVE-2024-5766 (A vulnerability was found in Likeshop up to 2.5.7 and
classified as pr ...)
+ TODO: check
+CVE-2024-5654 (The CF7 Google Sheets Connector plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-4680 (A vulnerability in zenml-io/zenml version 0.56.3 allows
attackers to r ...)
+ TODO: check
+CVE-2024-4146 (In lunary-ai/lunary version v1.2.13, an improper authorization
vulnera ...)
+ TODO: check
+CVE-2024-37408 (fprintd through 1.94.3 lacks a security attention mechanism,
and thus ...)
+ TODO: check
+CVE-2024-37407 (Libarchive before 3.7.4 allows name out-of-bounds access when
a ZIP ar ...)
+ TODO: check
+CVE-2024-35756 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35755 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35753 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35752 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35751 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35750 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-35740 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35739 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35738 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35737 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35736 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-35734 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35733 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35732 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35731 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35730 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35719 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35718 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35715 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35714 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35713 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35711 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35710 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-35709 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35708 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35707 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35706 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35705 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35704 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35703 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35702 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35701 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35699 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35698 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35697 (Improper
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f9269492 by security tracker role at 2024-06-08T08:11:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,31 @@
+CVE-2024-5770 (The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-5758 (The Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013
PostX ...)
+ TODO: check
+CVE-2024-5663 (The Cards for Beaver Builder plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
+CVE-2024-5638 (The Formula theme for WordPress is vulnerable to Reflected
Cross-Site ...)
+ TODO: check
+CVE-2024-5613 (The Formula theme for WordPress is vulnerable to Reflected
Cross-Site ...)
+ TODO: check
+CVE-2024-5091 (The SKT Addons for Elementor plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
+CVE-2024-5087 (The Minimal Coming Soon \u2013 Coming Soon Page plugin for
WordPress i ...)
+ TODO: check
+CVE-2024-4661 (The WP Reset plugin for WordPress is vulnerable to unauthorized
modifi ...)
+ TODO: check
+CVE-2024-4468 (The Salon booking system plugin for WordPress is vulnerable to
unautho ...)
+ TODO: check
+CVE-2024-3668 (The PowerPack Pro for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-1694 (Inappropriate implementation in Google Updator prior to
1.3.36.351 in ...)
+ TODO: check
+CVE-2023-7261 (Inappropriate implementation in Google Updator prior to
1.3.36.351 in ...)
+ TODO: check
+CVE-2023-49224 (Precor touchscreen console P62, P80, and P82 contains a
default SSH pu ...)
+ TODO: check
+CVE-2023-49223 (Precor touchscreen console P62, P80, and P82 could allow a
remote atta ...)
+ TODO: check
CVE-2024-0092
- nvidia-graphics-drivers (bug #1072792)
[bookworm] - nvidia-graphics-drivers (Non-free not supported)
@@ -40432,7 +40460,7 @@ CVE-2023-48202 (Cross-Site Scripting (XSS)
vulnerability in Sunlight CMS 8.0.1 a
NOT-FOR-US: Sunlight CMS
CVE-2023-48201 (Cross Site Scripting (XSS) vulnerability in Sunlight CMS
v.8.0.1, allo ...)
NOT-FOR-US: Sunlight CMS
-CVE-2024-0444 [GStreamer-SA-2024-0001: AV1 codec parser potential buffer
overflow during tile list parsing]
+CVE-2024-0444 (GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote
Code Ex ...)
{DSA-5608-1}
- gst-plugins-bad1.0 1.22.9-1
[buster] - gst-plugins-bad1.0 (AV1 parser introduced in
1.17.1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f92694922c99cd13b1a649d86b9295255951eb81
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f92694922c99cd13b1a649d86b9295255951eb81
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 08f91f7f by security tracker role at 2024-06-07T20:12:37+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,87 @@ +CVE-2024-5761 + REJECTED +CVE-2024-5745 (A vulnerability was found in itsourcecode Bakery Online Ordering Syste ...) + TODO: check +CVE-2024-5734 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-5733 (A vulnerability was found in itsourcecode Online Discussion Forum 1.0. ...) + TODO: check +CVE-2024-5732 (A vulnerability was found in Clash up to 0.20.1 on Windows. It has bee ...) + TODO: check +CVE-2024-5645 (The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-5637 (The Market Exporter plugin for WordPress is vulnerable to unauthorized ...) + TODO: check +CVE-2024-5599 (The FileOrganizer \u2013 Manage WordPress and Website Files plugin for ...) + TODO: check +CVE-2024-5542 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...) + TODO: check +CVE-2024-5481 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...) + TODO: check +CVE-2024-5438 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) + TODO: check +CVE-2024-5426 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...) + TODO: check +CVE-2024-5382 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...) + TODO: check +CVE-2024-4610 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...) + TODO: check +CVE-2024-4152 + REJECTED +CVE-2024-3380 + REJECTED +CVE-2024-3133 + REJECTED +CVE-2024-37388 (An XML External Entity (XXE) vulnerability in the ebookmeta.get_metada ...) + TODO: check +CVE-2024-37163 (SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resou ...) + TODO: check +CVE-2024-37162 (zsa is a library for building typesafe server actions in Next.js. All ...) + TODO: check +CVE-2024-37160 (Formwork is a flat file-based Content Management System (CMS). An atta ...) + TODO: check +CVE-2024-36827 (An XML External Entity (XXE) vulnerability in the ebookmeta.get_metada ...) + TODO: check +CVE-2024-36811 (An arbitrary file upload vulnerability in the image upload function of ...) + TODO: check +CVE-2024-36792 (An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/ ...) + TODO: check +CVE-2024-36790 (Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store ...) + TODO: check +CVE-2024-36789 (An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attac ...) + TODO: check +CVE-2024-36788 (Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set th ...) + TODO: check +CVE-2024-36787 (An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attac ...) + TODO: check +CVE-2024-36773 (A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allow ...) + TODO: check +CVE-2024-36673 (Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vuln ...) + TODO: check +CVE-2024-32503 (An issue was discovered in Samsung Mobile Processor and Wearable Proce ...) + TODO: check +CVE-2024-32502 (An issue was discovered in Samsung Mobile Processor and Wearable Proce ...) + TODO: check +CVE-2024-31959 (An issue was discovered in Samsung Mobile Processor Exynos 2200, Exyno ...) + TODO: check +CVE-2024-31958 (An issue was discovered in Samsung Mobile Processor EExynos 2200, Exyn ...) + TODO: check +CVE-2024-31878 (IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable ...) + TODO: check +CVE-2024-30163 (Invision Community before 4.7.16 allow SQL injection via the applicati ...) + TODO: check +CVE-2024-30162 (Invision Community through 4.7.16 allows remote code execution via the ...) + TODO: check +CVE-2024-23595 + REJECTED +CVE-2023-6997 + REJECTED +CVE-2023-5424 (The WS Form LITE plugin for WordPress is vulnerable to CSV Injection i ...) + TODO: check +CVE-2023-49222 (Precor touchscreen console P82 contains a private SSH key that corresp ...) + TODO: check +CVE-2023-49221 (Precor touchscreen console P62, P80, and P82 could allow a remote atta ...) + TODO: check CVE-2024-23445 - elasticsearch CVE-2024-37279 @@ -193,7 +277,8 @@ CVE-2024-5186 (A Server-Side Request Forgery (SSRF) vulnerability exists in the NOT-FOR-US: privategpt CVE-2024-5133 (In lunary-ai/lunary version 1.2.4, an account takeover vulnerability e ...) NOT-FOR-US: lunary-ai/lunary -CVE-2024-5132 (In lunary-ai/lunary version
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9bb720ef by security tracker role at 2024-06-07T08:11:44+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,97 @@ +CVE-2024-5640 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) + TODO: check +CVE-2024-5612 (The Essential Addons for Elementor Pro plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-5607 (The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress ...) + TODO: check +CVE-2024-5425 (The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-5003 (The WP Stacker WordPress plugin through 1.8.5 does not have CSRF check ...) + TODO: check +CVE-2024-4902 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) + TODO: check +CVE-2024-4887 (The Qi Addons For Elementor plugin for WordPress is vulnerable to Remo ...) + TODO: check +CVE-2024-4756 (The WP Backpack WordPress plugin through 2.1 does not sanitise and esc ...) + TODO: check +CVE-2024-4703 (The One Page Express Companion plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-4621 (The ARForms - Premium WordPress Form Builder Plugin WordPress plugin b ...) + TODO: check +CVE-2024-4620 (The ARForms - Premium WordPress Form Builder Plugin WordPress plugin b ...) + TODO: check +CVE-2024-4489 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) + TODO: check +CVE-2024-4488 (The Royal Elementor Addons and Templates for WordPress is vulnerable t ...) + TODO: check +CVE-2024-4451 (The Colibri Page Builder plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-4354 (The TablePress \u2013 Tables in WordPress made easy plugin for WordPre ...) + TODO: check +CVE-2024-4042 (The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Block ...) + TODO: check +CVE-2024-4013 (A bug exists in the API, mesh_node_power_off(), which fails to copy th ...) + TODO: check +CVE-2024-3987 (The WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu plugin f ...) + TODO: check +CVE-2024-3592 (The Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin fo ...) + TODO: check +CVE-2024-3288 (The Logo Slider WordPress plugin before 4.0.0 does not validate and e ...) + TODO: check +CVE-2024-37385 (Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allow ...) + TODO: check +CVE-2024-37384 (Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via l ...) + TODO: check +CVE-2024-37383 (Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via S ...) + TODO: check +CVE-2024-36823 (The encrypt() function of Ninja Core v7.0.0 was discovered to use a we ...) + TODO: check +CVE-2024-36795 (Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 ...) + TODO: check +CVE-2024-36775 (A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allow ...) + TODO: check +CVE-2024-36774 (An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows at ...) + TODO: check +CVE-2024-36082 (SQL injection vulnerability in Music Store - WordPress eCommerce versi ...) + TODO: check +CVE-2024-32752 (Under certain circumstances communications between the ICU tool and an ...) + TODO: check +CVE-2024-24199 (smartdns commit 54b4dc was discovered to contain a misaligned address ...) + TODO: check +CVE-2024-24198 (smartdns commit 54b4dc was discovered to contain a misaligned address ...) + TODO: check +CVE-2024-24195 (robdns commit d76d2e6 was discovered to contain a misaligned address a ...) + TODO: check +CVE-2024-24194 (robdns commit d76d2e6 was discovered to contain a NULL pointer derefer ...) + TODO: check +CVE-2024-24192 (robdns commit d76d2e6 was discovered to contain a heap overflow via th ...) + TODO: check +CVE-2024-22525 (dnspod-sr 0dfbd37 contains a SEGV.) + TODO: check +CVE-2024-22524 (dnspod-sr 0dfbd37 is vulnerable to buffer overflow.) + TODO: check +CVE-2024-22074 (Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531 ...) + TODO: check +CVE-2024-1988 (The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Block ...) + TODO: check +CVE-2024-1768 (The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-1689 (The WooCommerce Tools plugin for WordPress is vulnerable to unauthoriz ...) + TODO: check +CVE-2023-6876 (The Clever Fox \u2013 One Click Website Importer by Nayra Themes plugi ...) + TODO: check +CVE-2023-6491 (The Strong Testimonials plugin for WordPress is
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 681bd296 by security tracker role at 2024-06-06T20:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,263 @@ +CVE-2024-5684 (An attacker with access to the private network (the charger is connect ...) + TODO: check +CVE-2024-5675 (Untrusted data deserialization vulnerability has been found in Mentor ...) + TODO: check +CVE-2024-5673 (Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. ...) + TODO: check +CVE-2024-5658 (The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reu ...) + TODO: check +CVE-2024-5657 (The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 ...) + TODO: check +CVE-2024-5609 + REJECTED +CVE-2024-5552 (kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Serv ...) + TODO: check +CVE-2024-5550 (In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information ...) + TODO: check +CVE-2024-5509 (Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remot ...) + TODO: check +CVE-2024-5508 (Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code ...) + TODO: check +CVE-2024-5507 (Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Rem ...) + TODO: check +CVE-2024-5506 (Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code ...) + TODO: check +CVE-2024-5505 (NETGEAR ProSAFE Network Management System UpLoadServlet Directory Trav ...) + TODO: check +CVE-2024-5489 (The Wbcom Designs \u2013 Custom Font Uploader plugin for WordPress is ...) + TODO: check +CVE-2024-5482 (A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_ ...) + TODO: check +CVE-2024-5480 (A vulnerability in the PyTorch's torch.distributed.rpc framework, spec ...) + TODO: check +CVE-2024-5478 (A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata ...) + TODO: check +CVE-2024-5452 (A remote code execution (RCE) vulnerability exists in the lightning-ai ...) + TODO: check +CVE-2024-5329 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-5328 (A Server-Side Request Forgery (SSRF) vulnerability exists in the lunar ...) + TODO: check +CVE-2024-5307 (Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-5306 (Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Executi ...) + TODO: check +CVE-2024-5305 (Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Co ...) + TODO: check +CVE-2024-5304 (Kofax Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execu ...) + TODO: check +CVE-2024-5303 (Kofax Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execu ...) + TODO: check +CVE-2024-5302 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execu ...) + TODO: check +CVE-2024-5301 (Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Cod ...) + TODO: check +CVE-2024-5278 (gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file uploa ...) + TODO: check +CVE-2024-5277 (In lunary-ai/lunary version 1.2.4, a vulnerability exists in the passw ...) + TODO: check +CVE-2024-5269 (Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Executi ...) + TODO: check +CVE-2024-5268 (Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-5267 (Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Ex ...) + TODO: check +CVE-2024-5259 (The MultiVendorX Marketplace \u2013 WooCommerce MultiVendor Marketplac ...) + TODO: check +CVE-2024-5256 (Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disc ...) + TODO: check +CVE-2024-5248 (In lunary-ai/lunary version 1.2.5, an improper access control vulnerab ...) + TODO: check +CVE-2024-5225 (An SQL Injection vulnerability exists in the berriai/litellm repositor ...) + TODO: check +CVE-2024-5221 (The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-5206 (A sensitive data leakage vulnerability was identified in scikit-learn' ...) + TODO: check +CVE-2024-5188 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-5187 (A vulnerability in the `download_model_with_test_data` function of the ...) + TODO: check +CVE-2024-5186 (A Server-Side Request Forgery (SSRF) vulnerability exists in the file ...) + TODO: check +CVE-2024-5133 (In lunary-ai/lunary version 1.2.4, an account takeover vulnerability e ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d9b79155 by security tracker role at 2024-06-06T08:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,77 @@
+CVE-2024-5665 (The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for
WordPr ...)
+ TODO: check
+CVE-2024-5656 (The Google CSE plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-5653 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2024-5615 (The Open Graph plugin for WordPress is vulnerable to Sensitive
Informa ...)
+ TODO: check
+CVE-2024-5449 (The WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved
Access ...)
+ TODO: check
+CVE-2024-5342 (The Simple Image Popup Shortcode plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-5324 (The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for
WordPr ...)
+ TODO: check
+CVE-2024-5224 (The Easy Social Like Box \u2013 Popup \u2013 Sidebar Widget
plugin for ...)
+ TODO: check
+CVE-2024-5179 (The Cowidgets \u2013 Elementor Addons plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-5162 (The WordPress prettyPhoto plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-5161 (The Magical Addons For Elementor ( Header Footer Builder, Free
Element ...)
+ TODO: check
+CVE-2024-5153 (The Startklar Elementor Addons plugin for WordPress is
vulnerable to D ...)
+ TODO: check
+CVE-2024-5152 (The ElementsReady Addons for Elementor plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2024-5141 (The Rotating Tweets (Twitter widget and shortcode) plugin for
WordPres ...)
+ TODO: check
+CVE-2024-5001 (The Image Hover Effects for Elementor with Lightbox and Flipbox
plugin ...)
+ TODO: check
+CVE-2024-4942 (The Custom Dash plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2024-4788 (The Boostify Header Footer Builder for Elementor plugin for
WordPress ...)
+ TODO: check
+CVE-2024-4707 (The Materialis Companion plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-4705 (The Testimonials Widget plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2024-4608 (The SellKit \u2013 Funnel builder and checkout optimizer for
WooCommer ...)
+ TODO: check
+CVE-2024-4459 (The Themesflat Addons For Elementor plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-4458 (The Themesflat Addons For Elementor plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-4364 (The Qi Addons For Elementor plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2024-4212 (The Themesflat Addons For Elementor plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-4194 (The The Album and Image Gallery plus Lightbox plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-4177 (A host whitelist parser issue in the proxy service implemented
in the ...)
+ TODO: check
+CVE-2024-3049 (A flaw was found in Booth, a cluster ticket manager. If a
specially-cr ...)
+ TODO: check
+CVE-2024-2922 (The Themesflat Addons For Elementor plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-2350 (The Clever Addons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-2017 (The Countdown, Coming Soon, Maintenance \u2013 Countdown &
Clock plugi ...)
+ TODO: check
+CVE-2024-1175 (The WP-Recall \u2013 Registration, Profile, Commerce & More
plugin for ...)
+ TODO: check
+CVE-2024-0972 (The BuddyPress Members Only plugin for WordPress is vulnerable
to Sens ...)
+ TODO: check
+CVE-2024-0912 (Under certain circumstances the Microsoft\xae Internet
Information Ser ...)
+ TODO: check
+CVE-2024-0910 (The Restrict for Elementor plugin for WordPress is vulnerable
to Sensi ...)
+ TODO: check
+CVE-2023-6968 (The The Moneytizer plugin for WordPress is vulnerable to
Cross-Site Re ...)
+ TODO: check
+CVE-2023-6966 (The The Moneytizer plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2023-6956 (The EasyAzon \u2013 Amazon Associates Affiliate Plugin plugin
for Word ...)
+ TODO: check
CVE-2024-5629 (An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or
earlier ...)
- pymongo
NOTE: https://jira.mongodb.org/browse/PYTHON-4305
@@ -20695,6 +20769,7 @@ CVE-2024-26275 (A vulnerability has been identified in
Parasolid V35.1 (All vers
CVE-2024-26257 (Microsoft Excel Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-26256 (libarchive Remote Code Execution Vulnerability)
+ {DSA-5706-1}
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e6ed021b by security tracker role at 2024-06-05T20:11:59+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,115 @@ +CVE-2024-5629 (An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier ...) + TODO: check +CVE-2024-5571 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) + TODO: check +CVE-2024-5536 (The GamiPress \u2013 Link plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-5526 (Grafana OnCall is an easy-to-use on-call management tool that will hel ...) + TODO: check +CVE-2024-5459 (The Restaurant Menu and Food Ordering plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-5184 (The EmailGPT service contains a prompt injection vulnerability.The ser ...) + TODO: check +CVE-2024-5037 (A flaw was found in OpenShift's Telemeter. If certain conditions are i ...) + TODO: check +CVE-2024-4821 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) + TODO: check +CVE-2024-4812 (A flaw was found in the Katello plugin for Foreman, where it is possib ...) + TODO: check +CVE-2024-4743 (The LifterLMS \u2013 WordPress LMS Plugin for eLearning plugin for Wor ...) + TODO: check +CVE-2024-4009 (Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BC ...) + TODO: check +CVE-2024-4008 (FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (ve ...) + TODO: check +CVE-2024-4001 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...) + TODO: check +CVE-2024-3716 (A flaw was found in foreman-installer when puppet-candlepin is invoked ...) + TODO: check +CVE-2024-3469 (The GP Premium plugin for WordPress is vulnerable to Reflected Cross-S ...) + TODO: check +CVE-2024-36837 (SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker ...) + TODO: check +CVE-2024-36670 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-36669 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-36668 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-36667 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-36129 (The OpenTelemetry Collector offers a vendor-agnostic implementation on ...) + TODO: check +CVE-2024-35674 (Missing Authorization vulnerability in Unlimited Elements Unlimited El ...) + TODO: check +CVE-2024-35673 (Cross-Site Request Forgery (CSRF) vulnerability in Pure Chat by Ruby P ...) + TODO: check +CVE-2024-31631 + REJECTED +CVE-2024-31630 + REJECTED +CVE-2024-31629 + REJECTED +CVE-2024-31628 + REJECTED +CVE-2024-31627 + REJECTED +CVE-2024-31626 + REJECTED +CVE-2024-31625 + REJECTED +CVE-2024-31624 + REJECTED +CVE-2024-31623 + REJECTED +CVE-2024-31622 + REJECTED +CVE-2024-28818 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...) + TODO: check +CVE-2024-27382 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) + TODO: check +CVE-2024-27381 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) + TODO: check +CVE-2024-27380 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) + TODO: check +CVE-2024-27379 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) + TODO: check +CVE-2024-27378 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) + TODO: check +CVE-2024-27377 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) + TODO: check +CVE-2024-27376 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) + TODO: check +CVE-2024-27375 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) + TODO: check +CVE-2024-27374 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) + TODO: check +CVE-2024-27373 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) + TODO: check +CVE-2024-27372 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) + TODO: check +CVE-2024-27371 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) + TODO: check +CVE-2024-27370 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) + TODO: check +CVE-2024-20405 (A vulnerability in the web-based management interface of Cisco Finesse ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 788bbba2 by security tracker role at 2024-06-05T08:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,76 @@ -CVE-2024-34055 +CVE-2024-5636 (A vulnerability was found in itsourcecode Bakery Online Ordering Syste ...) + TODO: check +CVE-2024-5635 (A vulnerability was found in itsourcecode Bakery Online Ordering Syste ...) + TODO: check +CVE-2024-5483 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-5453 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...) + TODO: check +CVE-2024-5439 (The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site ...) + TODO: check +CVE-2024-5317 (The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-5262 (Files or Directories Accessible to External Parties vulnerability in s ...) + TODO: check +CVE-2024-5222 (The Responsive Addons \u2013 Starter Templates, Advanced Features and ...) + TODO: check +CVE-2024-5149 (The BuddyForms plugin for WordPress is vulnerable to Email Verificatio ...) + TODO: check +CVE-2024-5006 (The Boostify Header Footer Builder for Elementor plugin for WordPress ...) + TODO: check +CVE-2024-4939 (The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4886 (The contains an IDOR vulnerability that allows a user to comment on a ...) + TODO: check +CVE-2024-4295 (The Email Subscribers by Icegram Express plugin for WordPress is vulne ...) + TODO: check +CVE-2024-4220 (Prior to 23.1, an information disclosure vulnerability exists within B ...) + TODO: check +CVE-2024-4219 (Prior to 23.2, it is possible to perform arbitrary Server-Side request ...) + TODO: check +CVE-2024-4088 (The Gutenberg Blocks and Page Layouts \u2013 Attire Blocks plugin for ...) + TODO: check +CVE-2024-4084 (A Server-Side Request Forgery (SSRF) vulnerability exists in the lates ...) + TODO: check +CVE-2024-3667 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-36675 (LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) ...) + TODO: check +CVE-2024-36121 (netty-incubator-codec-ohttp is the OHTTP implementation for netty. Bor ...) + TODO: check +CVE-2024-34364 (Envoy is a cloud-native, open source edge and service proxy. Envoy exp ...) + TODO: check +CVE-2024-34363 (Envoy is a cloud-native, open source edge and service proxy. Due to ho ...) + TODO: check +CVE-2024-34362 (Envoy is a cloud-native, open source edge and service proxy. There is ...) + TODO: check +CVE-2024-32976 (Envoy is a cloud-native, open source edge and service proxy. Envoyprox ...) + TODO: check +CVE-2024-32975 (Envoy is a cloud-native, open source edge and service proxy. There is ...) + TODO: check +CVE-2024-32974 (Envoy is a cloud-native, open source edge and service proxy. A crash w ...) + TODO: check +CVE-2024-32464 (Action Text brings rich text content and editing to Rails. Instances o ...) + TODO: check +CVE-2024-30889 (Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and f ...) + TODO: check +CVE-2024-2368 (The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Requ ...) + TODO: check +CVE-2024-2087 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-28103 (Action Pack is a framework for handling and responding to web requests ...) + TODO: check +CVE-2024-23669 (An improper authorization in Fortinet FortiWebManager version 7.2.0 an ...) + TODO: check +CVE-2024-23326 (Envoy is a cloud-native, open source edge and service proxy. A theoret ...) + TODO: check +CVE-2024-1940 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-1164 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-1161 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-34055 (Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authentica ...) - cyrus-imapd 3.8.3-1 NOTE: https://cyrus.topicbox.com/groups/announce/Ta8e3998446caf7f8/cyrus-imap-3-8-3-3-6-5-and-3-4-8-released CVE-2024-5463 (A vulnerability regarding buffer copy without checking the size of inp ...) @@ -168447,20 +168519,20 @@ CVE-2022-28660 (The querier component in Grafana Enterprise Logs 1.1.x through 1 NOT-FOR-US: Grafana Enterprise Logs CVE-2022-28659 RESERVED -CVE-2022-28658 -
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b8e0afde by security tracker role at 2024-06-04T20:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,207 @@ +CVE-2024-5463 (A vulnerability regarding buffer copy without checking the size of inp ...) + TODO: check +CVE-2024-5000 (An unauthenticated remote attacker can use amalicious OPC UA client to ...) + TODO: check +CVE-2024-4637 (The Slider Revolution plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-4581 (The Slider Revolution plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-4520 (An improper access control vulnerability exists in the gaizhenbiao/chu ...) + TODO: check +CVE-2024-4254 (The 'deploy-website.yml' workflow in the gradio-app/gradio repository, ...) + TODO: check +CVE-2024-37273 (An arbitrary file upload vulnerability in the /v1/app/appendFileSync i ...) + TODO: check +CVE-2024-37065 (Deserialization of untrusted data can occur in versions 0.6 or newer o ...) + TODO: check +CVE-2024-37064 (Deseriliazation of untrusted data can occur in versions 3.7.0 or newer ...) + TODO: check +CVE-2024-37063 (A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer ...) + TODO: check +CVE-2024-37062 (Deserialization of untrusted data can occur in versions 3.7.0 or newer ...) + TODO: check +CVE-2024-37061 (Remote Code Execution can occur in versions of the MLflow platform run ...) + TODO: check +CVE-2024-37060 (Deserialization of untrusted data can occur in versions of the MLflow ...) + TODO: check +CVE-2024-37059 (Deserialization of untrusted data can occur in versions of the MLflow ...) + TODO: check +CVE-2024-37058 (Deserialization of untrusted data can occur in versions of the MLflow ...) + TODO: check +CVE-2024-37057 (Deserialization of untrusted data can occur in versions of the MLflow ...) + TODO: check +CVE-2024-37056 (Deserialization of untrusted data can occur in versions of the MLflow ...) + TODO: check +CVE-2024-37055 (Deserialization of untrusted data can occur in versions of the MLflow ...) + TODO: check +CVE-2024-37054 (Deserialization of untrusted data can occur in versions of the MLflow ...) + TODO: check +CVE-2024-37053 (Deserialization of untrusted data can occur in versions of the MLflow ...) + TODO: check +CVE-2024-37052 (Deserialization of untrusted data can occur in versions of the MLflow ...) + TODO: check +CVE-2024-36858 (An arbitrary file upload vulnerability in the /v1/app/writeFileSync in ...) + TODO: check +CVE-2024-36857 (Jan v0.4.12 was discovered to contain an arbitrary file read vulnerabi ...) + TODO: check +CVE-2024-36801 (A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacke ...) + TODO: check +CVE-2024-36800 (A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacke ...) + TODO: check +CVE-2024-36604 (Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command I ...) + TODO: check +CVE-2024-36550 (idccms V1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-36549 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-36548 (idccms V1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-36547 (idccms V1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-36400 (nano-id is a unique string ID generator for Rust. Affected versions of ...) + TODO: check +CVE-2024-35782 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35700 (Improper Privilege Management vulnerability in DeluxeThemes Userpro al ...) + TODO: check +CVE-2024-35672 (Missing Authorization vulnerability in Netgsm.This issue affects Netgs ...) + TODO: check +CVE-2024-35670 (Broken Authentication vulnerability in SoftLab Integrate Google Drive. ...) + TODO: check +CVE-2024-35668 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35666 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35664 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35655 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35654 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35653 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d3969b9d by security tracker role at 2024-06-04T08:12:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,121 @@ +CVE-2024-5485 (The SureTriggers \u2013 Connect All Your Plugins, Apps, Tools & Automa ...) + TODO: check +CVE-2024-5422 (An uncontrolled resource consumption of file descriptors in SEH Comput ...) + TODO: check +CVE-2024-5421 (Missing input validation and OS command integration of the input in th ...) + TODO: check +CVE-2024-5420 (Missing input validation in theSEH Computertechnik utnserver Pro, SEH ...) + TODO: check +CVE-2024-4997 (The WPUpper Share Buttons plugin for WordPress is vulnerable to unauth ...) + TODO: check +CVE-2024-4870 (The Frontend Registration \u2013 Contact Form 7 plugin for WordPress i ...) + TODO: check +CVE-2024-4857 (The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitis ...) + TODO: check +CVE-2024-4856 (The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitis ...) + TODO: check +CVE-2024-4750 (The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR ...) + TODO: check +CVE-2024-4749 (The wp-eMember WordPress plugin before 10.3.9 does not sanitize and es ...) + TODO: check +CVE-2024-4697 (The Cowidgets \u2013 Elementor Addons plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-4552 (The Social Login Lite For WooCommerce plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-4462 (The Nafeza Prayer Time plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-4274 (The Essential Real Estate plugin for WordPress is vulnerable to unauth ...) + TODO: check +CVE-2024-4273 (The Essential Real Estate plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-4253 (A command injection vulnerability exists in the gradio-app/gradio repo ...) + TODO: check +CVE-2024-4180 (The Events Calendar WordPress plugin before 6.4.0.1 does not properly ...) + TODO: check +CVE-2024-4057 (The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3. ...) + TODO: check +CVE-2024-3888 (The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-3555 (The Social Link Pages: link-in-bio landing pages for your social media ...) + TODO: check +CVE-2024-3230 (The Download Attachments plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-3031 (The Fluid Notification Bar plugin for WordPress is vulnerable to Store ...) + TODO: check +CVE-2024-36782 (TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded ...) + TODO: check +CVE-2024-2470 (The Simple Ajax Chat WordPress plugin before 20240412 does not saniti ...) + TODO: check +CVE-2024-2382 (The Authorize.net Payment Gateway For WooCommerce plugin for WordPress ...) + TODO: check +CVE-2024-2019 (The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthori ...) + TODO: check +CVE-2024-29976 (** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vuln ...) + TODO: check +CVE-2024-29975 (** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vuln ...) + TODO: check +CVE-2024-29974 (** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerabilit ...) + TODO: check +CVE-2024-29973 (** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in ...) + TODO: check +CVE-2024-29972 (** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in ...) + TODO: check +CVE-2024-20887 (Arbitrary directory creation in GalaxyBudsManager PC prior to version ...) + TODO: check +CVE-2024-20886 (Arbitrary directory creation in Samsung Live Wallpaper PC prior to ver ...) + TODO: check +CVE-2024-20885 (Improper component protection vulnerability in Samsung Dialer prior to ...) + TODO: check +CVE-2024-20884 (Incorrect use of privileged API vulnerability in getSemBatteryUsageSta ...) + TODO: check +CVE-2024-20883 (Incorrect use of privileged API vulnerability in registerBatteryStatsC ...) + TODO: check +CVE-2024-20882 (Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 ...) + TODO: check +CVE-2024-20881 (Improper input validation vulnerability in chnactiv TA prior to SMR Ju ...) + TODO: check +CVE-2024-20880 (Stack-based buffer overflow vulnerability in bootloader prior to SMR J ...) + TODO: check +CVE-2024-20879 (Improper input validation vulnerability in libsavscmn.so prior to SMR ...) + TODO: check +CVE-2024-20878 (Heap out-of-bound write vulnerability in parsing grid image in libsavs ...) + TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
df08a2d1 by security tracker role at 2024-06-03T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,143 @@
+CVE-2024-5404 (An unauthenticated remote attackercan change the admin password
in amo ...)
+ TODO: check
+CVE-2024-5388
+ REJECTED
+CVE-2024-5387
+ REJECTED
+CVE-2024-5214
+ REJECTED
+CVE-2024-5197 (There exists interger overflows in libvpx in versions prior to
1.14.1. ...)
+ TODO: check
+CVE-2024-4540 (A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization
Request ...)
+ TODO: check
+CVE-2024-4332 (An authentication bypass vulnerability has been identified in
the REST ...)
+ TODO: check
+CVE-2024-3829 (qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file
read a ...)
+ TODO: check
+CVE-2024-37019 (Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before
3.7.4 ha ...)
+ TODO: check
+CVE-2024-36783 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to
contain a comm ...)
+ TODO: check
+CVE-2024-36729 (TRENDnet TEW-827DRU devices through 2.06B04 contain a
stack-based buff ...)
+ TODO: check
+CVE-2024-36728 (TRENDnet TEW-827DRU devices through 2.06B04 contain a
stack-based buff ...)
+ TODO: check
+CVE-2024-36674 (LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS)
via adm ...)
+ TODO: check
+CVE-2024-36569 (Sourcecodester Gas Agency Management System v1.0 is vulnerable
to arbi ...)
+ TODO: check
+CVE-2024-36568 (Sourcecodester Gas Agency Management System v1.0 is vulnerable
to SQL ...)
+ TODO: check
+CVE-2024-36128 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2024-36127 (apko is an apk-based OCI image builder. apko exposures HTTP
basic auth ...)
+ TODO: check
+CVE-2024-36124 (iq80 Snappy is a compression/decompression library. When
uncompressing ...)
+ TODO: check
+CVE-2024-36123 (Citizen is a MediaWiki skin that makes extensions part of the
cohesive ...)
+ TODO: check
+CVE-2024-35639 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35638 (Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND
Inc. Act ...)
+ TODO: check
+CVE-2024-35637 (Server-Side Request Forgery (SSRF) vulnerability in Church
Admin.This ...)
+ TODO: check
+CVE-2024-35635 (Server-Side Request Forgery (SSRF) vulnerability in
WPManageNinja LLC ...)
+ TODO: check
+CVE-2024-35633 (Server-Side Request Forgery (SSRF) vulnerability in
CreativeThemes Blo ...)
+ TODO: check
+CVE-2024-35632 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks.
Integrat ...)
+ TODO: check
+CVE-2024-35631 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35630 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-34987 (A SQL Injection vulnerability exists in the
`ofrs/admin/index.php` scr ...)
+ TODO: check
+CVE-2024-34803 (Missing Authorization vulnerability in Fastly.This issue
affects Fastl ...)
+ TODO: check
+CVE-2024-34801 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34798 (Insertion of Sensitive Information into Log File vulnerability
in Lukm ...)
+ TODO: check
+CVE-2024-34797 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34796 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34795 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34794 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34793 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34791 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34790 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34789 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34770 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34769 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34767 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34766 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8a8c25d0 by security tracker role at 2024-06-03T08:11:50+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,63 @@ +CVE-2024-5590 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) + TODO: check +CVE-2024-5589 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) + TODO: check +CVE-2024-5311 (DigiWin EasyFlow .NET lacks validation for certain input parameters. A ...) + TODO: check +CVE-2024-37031 (The Active Admin (aka activeadmin) framework before 3.2.2 for Ruby on ...) + TODO: check +CVE-2024-36964 (In the Linux kernel, the following vulnerability has been resolved: f ...) + TODO: check +CVE-2024-36963 (In the Linux kernel, the following vulnerability has been resolved: t ...) + TODO: check +CVE-2024-36962 (In the Linux kernel, the following vulnerability has been resolved: n ...) + TODO: check +CVE-2024-36961 (In the Linux kernel, the following vulnerability has been resolved: t ...) + TODO: check +CVE-2024-36960 (In the Linux kernel, the following vulnerability has been resolved: d ...) + TODO: check +CVE-2024-36042 (Silverpeas before 6.3.5 allows authentication bypass by omitting the P ...) + TODO: check +CVE-2024-35643 (Cross Site Scripting (XSS) vulnerability in Xabier Miranda WP Back But ...) + TODO: check +CVE-2024-35642 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35641 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35640 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-31493 (An improper removal of sensitive information before storage or transfe ...) + TODO: check +CVE-2024-23107 (An exposure of sensitive information to an unauthorized actor vulnerab ...) + TODO: check +CVE-2024-20075 (In eemgpu, there is a possible out of bounds write due to a missing bo ...) + TODO: check +CVE-2024-20074 (In dmc, there is a possible out of bounds write due to a missing bound ...) + TODO: check +CVE-2024-20073 (In wlan service, there is a possible out of bounds write due to improp ...) + TODO: check +CVE-2024-20072 (In wlan driver, there is a possible out of bounds write due to imprope ...) + TODO: check +CVE-2024-20071 (In wlan driver, there is a possible out of bounds read due to improper ...) + TODO: check +CVE-2024-20070 (In modem, there is a possible information disclosure due to using risk ...) + TODO: check +CVE-2024-20069 (In modem, there is a possible selection of less-secure algorithm durin ...) + TODO: check +CVE-2024-20068 (In modem, there is a possible system crash due to improper input valid ...) + TODO: check +CVE-2024-20067 (In modem, there is a possible out of bounds write due to improper inpu ...) + TODO: check +CVE-2024-20066 (In modem, there is a possible out of bounds write due to an incorrect ...) + TODO: check +CVE-2024-20065 (In telephony, there is a possible information disclosure due to a miss ...) + TODO: check +CVE-2023-51436 (Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX ver ...) + TODO: check +CVE-2023-48789 (A client-side enforcement of server-side security in Fortinet FortiPor ...) + TODO: check +CVE-2023-42427 (Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX ver ...) + TODO: check CVE-2024-5588 (A vulnerability was found in itsourcecode Learning Management System 1 ...) NOT-FOR-US: itsourcecode Learning Management System CVE-2024-5587 (A vulnerability was found in Casdoor up to 1.335.0. It has been classi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a8c25d0d1b3c15305d349f586457e2c72a3b4a3 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a8c25d0d1b3c15305d349f586457e2c72a3b4a3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ef60cfe3 by security tracker role at 2024-06-02T20:11:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,21 @@
+CVE-2024-5588 (A vulnerability was found in itsourcecode Learning Management
System 1 ...)
+ TODO: check
+CVE-2024-5587 (A vulnerability was found in Casdoor up to 1.335.0. It has been
classi ...)
+ TODO: check
+CVE-2024-36392 (MileSight DeviceHub -CWE-79: Improper Neutralization of Input
During W ...)
+ TODO: check
+CVE-2024-36391 (MileSight DeviceHub -CWE-320: Key Management Errors may allow
Authenti ...)
+ TODO: check
+CVE-2024-36390 (MileSight DeviceHub -CWE-20 Improper Input Validation may
allow Denial ...)
+ TODO: check
+CVE-2024-36389 (MileSight DeviceHub - CWE-330 Use of Insufficiently
Random Value ...)
+ TODO: check
+CVE-2024-36388 (MileSight DeviceHub - CWE-305 Missing Authentication for
Critical ...)
+ TODO: check
+CVE-2024-2178 (A path traversal vulnerability exists in the
parisneo/lollms-webui, sp ...)
+ TODO: check
+CVE-2024-27776 (MileSight DeviceHub - CWE-22 Improper Limitation of a
Pathname to a ...)
+ TODO: check
CVE-2024-4344 (The Shield Security \u2013 Smart Bot Blocking & Intrusion
Prevention S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-35647 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
@@ -365,6 +383,7 @@ CVE-2024-2089 (The Remote Content Shortcode plugin for
WordPress is vulnerable t
CVE-2024-1100 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Vadi Corporate Information Systems DIGIKENT GIS
CVE-2024-36959 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
+ {DSA-5703-1}
- linux 6.8.11-1
NOTE:
https://git.kernel.org/linus/a0cedbcc8852d6c77b00634b81e41f17f29d9404 (6.9-rc7)
CVE-2024-36958 (In the Linux kernel, the following vulnerability has been
resolved: N ...)
@@ -374,6 +393,7 @@ CVE-2024-36958 (In the Linux kernel, the following
vulnerability has been resolv
[buster] - linux (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/18180a4550d08be4eb0387fe83f02f703f92d4e7 (6.9-rc7)
CVE-2024-36957 (In the Linux kernel, the following vulnerability has been
resolved: o ...)
+ {DSA-5703-1}
- linux 6.8.11-1
[buster] - linux (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f299ee709fb45036454ca11e90cb2810fe771878 (6.9-rc7)
@@ -389,9 +409,11 @@ CVE-2024-36955 (In the Linux kernel, the following
vulnerability has been resolv
[buster] - linux (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c158cf914713efc3bcdc25680c7156c48c12ef6a (6.9-rc7)
CVE-2024-36954 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
+ {DSA-5703-1}
- linux 6.8.11-1
NOTE:
https://git.kernel.org/linus/97bf6f81b29a8efaf5d0983251a7450e5794370d (6.9-rc7)
CVE-2024-36953 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
+ {DSA-5703-1}
- linux 6.8.11-1
NOTE:
https://git.kernel.org/linus/6ddb4f372fc63210034b903d96ebbeb3c7195adb (6.9-rc7)
CVE-2024-36952 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
@@ -401,6 +423,7 @@ CVE-2024-36951 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.8.11-1
NOTE:
https://git.kernel.org/linus/0cac183b98d8a8c692c98e8dba37df15a9e9210d (6.9-rc2)
CVE-2024-36950 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
+ {DSA-5703-1}
- linux 6.8.11-1
NOTE:
https://git.kernel.org/linus/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9 (6.9-rc3)
CVE-2024-36949 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
@@ -415,6 +438,7 @@ CVE-2024-36947 (In the Linux kernel, the following
vulnerability has been resolv
[buster] - linux (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/aa23317d0268b309bb3f0801ddd0d61813ff5afb (6.9)
CVE-2024-36946 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
+ {DSA-5703-1}
- linux 6.8.11-1
NOTE:
https://git.kernel.org/linus/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7 (6.9)
CVE-2024-36945 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
@@ -435,12 +459,15 @@ CVE-2024-36942 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.8.11-1
NOTE:
https://git.kernel.org/linus/40d442f969fb1e871da6fca73d3f8aef1f888558 (6.9)
CVE-2024-36941 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
+
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 015f96e4 by security tracker role at 2024-06-02T08:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2024-4344 (The Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention S ...) + TODO: check +CVE-2024-35647 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35646 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35645 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check CVE-2024-5348 (The Elements For Elementor plugin for WordPress is vulnerable to Local ...) NOT-FOR-US: WordPress plugin CVE-2024-4148 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/015f96e423439889bd65217ccf045feb279a081a -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/015f96e423439889bd65217ccf045feb279a081a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 31f5f210 by security tracker role at 2024-06-01T20:12:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,15 @@ +CVE-2024-5348 (The Elements For Elementor plugin for WordPress is vulnerable to Local ...) + TODO: check +CVE-2024-4148 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...) + TODO: check +CVE-2024-3821 (The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table C ...) + TODO: check +CVE-2024-3820 (The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table C ...) + TODO: check +CVE-2024-3200 (The wpForo Forum plugin for WordPress is vulnerable to SQL Injection v ...) + TODO: check +CVE-2024-35636 (Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare Uploadca ...) + TODO: check CVE-2024-36041 [ksmserver: Unauthorized users can access session manager] - plasma-workspace 4:5.27.11.1-1 NOTE: https://kde.org/info/security/advisory-20240531-1.txt View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31f5f210863ba3491bd58509d5341879a6f37378 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31f5f210863ba3491bd58509d5341879a6f37378 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
be893c27 by security tracker role at 2024-06-01T08:12:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,47 @@
+CVE-2024-5501 (The Supreme Modules Lite \u2013 Divi Theme, Extra Theme and
Divi Build ...)
+ TODO: check
+CVE-2024-5138 (The snapctl component within snapd allows a confined snap to
interact ...)
+ TODO: check
+CVE-2024-4958 (The User Registration \u2013 Custom Registration Form, Login
Form, and ...)
+ TODO: check
+CVE-2024-4711 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for
WordPre ...)
+ TODO: check
+CVE-2024-4342 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-4087 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-3565 (The Content Blocks (Custom Post Widget) plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2024-3564 (The Content Blocks (Custom Post Widget) plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2024-34009 (Insufficient checks whether ReCAPTCHA was enabled made it
possible to ...)
+ TODO: check
+CVE-2024-34008 (Actions in the admin management of analytics models did not
include th ...)
+ TODO: check
+CVE-2024-34007 (The logout option within MFA did not include the necessary
token to av ...)
+ TODO: check
+CVE-2024-34006 (The site log report required additional encoding of event
descriptions ...)
+ TODO: check
+CVE-2024-34005 (In a shared hosting environment that has been misconfigured to
allow a ...)
+ TODO: check
+CVE-2024-34004 (In a shared hosting environment that has been misconfigured to
allow a ...)
+ TODO: check
+CVE-2024-34003 (In a shared hosting environment that has been misconfigured to
allow a ...)
+ TODO: check
+CVE-2024-34002 (In a shared hosting environment that has been misconfigured to
allow a ...)
+ TODO: check
+CVE-2024-34001 (Actions in the admin preset tool did not include the necessary
token t ...)
+ TODO: check
+CVE-2024-2933 (The Page Builder Gutenberg Blocks \u2013 CoBlocks plugin for
WordPress ...)
+ TODO: check
+CVE-2024-2506 (The Popup Builder \u2013 Create highly converting, mobile
friendly mar ...)
+ TODO: check
+CVE-2024-2295 (The Contact Form Manager plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-1324 (The QQWorld Auto Save Images plugin for WordPress is vulnerable
to una ...)
+ TODO: check
+CVE-2023-6382 (The Master Slider \u2013 Responsive Touch Slider plugin for
WordPress ...)
+ TODO: check
CVE-2024-5565 (The Vanna library uses a prompt function to present the user
with visu ...)
TODO: check
CVE-2024-5564 (A vulnerability was found in libndp. This flaw allows a local
maliciou ...)
@@ -2161,7 +2205,7 @@ CVE-2024-4563 (The Progress MOVEit Automation
configuration export function prio
CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local
Privilege ...)
NOT-FOR-US: WithSecure Elements Endpoint Protection
CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code
Execution ...)
- {DLA-3824-1}
+ {DSA-5702-1 DLA-3824-1}
- gst-plugins-base1.0 1.24.3-1
- gst-plugins-base0.10
NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0002.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be893c27ba2e9550ccaeefc3bffe73426062e220
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be893c27ba2e9550ccaeefc3bffe73426062e220
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 389956b0 by security tracker role at 2024-05-31T20:12:01+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,105 @@ +CVE-2024-5565 (The Vanna library uses a prompt function to present the user with visu ...) + TODO: check +CVE-2024-5564 (A vulnerability was found in libndp. This flaw allows a local maliciou ...) + TODO: check +CVE-2024-5538 + REJECTED +CVE-2024-5484 + REJECTED +CVE-2024-5436 (Type confusion in Snapchat LensCore could lead to denial of service or ...) + TODO: check +CVE-2024-5347 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-5176 (Insufficiently Protected Credentials vulnerability in Baxter Welch All ...) + TODO: check +CVE-2024-5144 + REJECTED +CVE-2024-5041 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-4160 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...) + TODO: check +CVE-2024-36845 (An invalid pointer in the modbus_receive() function of libmodbus v3.1. ...) + TODO: check +CVE-2024-36844 (libmodbus v3.1.6 was discovered to contain a use-after-free via the ct ...) + TODO: check +CVE-2024-36843 (libmodbus v3.1.6 was discovered to contain a heap overflow via the mod ...) + TODO: check +CVE-2024-36120 (javascript-deobfuscator removes common JavaScript obfuscation techniqu ...) + TODO: check +CVE-2024-36108 (casgate is an Open Source Identity and Access Management system. In af ...) + TODO: check +CVE-2024-35196 (Sentry is a developer-first error tracking and performance monitoring ...) + TODO: check +CVE-2024-35142 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a ...) + TODO: check +CVE-2024-35140 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a ...) + TODO: check +CVE-2024-34000 (ID numbers displayed in the lesson overview report required additional ...) + TODO: check +CVE-2024-33999 (The referrer URL used by MFA required additional sanitizing, rather th ...) + TODO: check +CVE-2024-33998 (Insufficient escaping of participants' names in the participants page ...) + TODO: check +CVE-2024-33997 (Additional sanitizing was required when opening the equation editor to ...) + TODO: check +CVE-2024-33996 (Incorrect validation of allowed event types in a calendar web service ...) + TODO: check +CVE-2024-31908 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross ...) + TODO: check +CVE-2024-31907 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site s ...) + TODO: check +CVE-2024-31889 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site s ...) + TODO: check +CVE-2024-31030 (An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote ...) + TODO: check +CVE-2024-29848 (An unrestricted file upload vulnerability in web component of Ivanti A ...) + TODO: check +CVE-2024-29846 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29830 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29829 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29828 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29827 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29826 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29825 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29824 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29823 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29822 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-28736 (An issue in Debezium Community debezium-ui v.2.5 allows a local attack ...) + TODO: check +CVE-2024-23692 (Rejetto HTTP File Server, up to and including version 2.3m, is vulnera ...) + TODO: check +CVE-2024-23316 (HTTP request desynchronization in Ping Identity PingAccess, all versio ...) + TODO: check +CVE-2024-22338 (IBM Security Verify Access OIDC Provider 22.09 through 23.03 could dis ...) + TODO: check +CVE-2024-22060 (An unrestricted file upload vulnerability in web component of Ivanti N ...) + TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4f654e3c by security tracker role at 2024-05-31T08:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,28 +1,66 @@
-CVE-2024-5499
+CVE-2024-5525 (Improper privilege management vulnerability in Astrotalks
affecting ve ...)
+ TODO: check
+CVE-2024-5524 (Information exposure vulnerability in Astrotalks affecting
version 10/ ...)
+ TODO: check
+CVE-2024-5523 (SQL injection vulnerability in Astrotalks affecting version
10/03/2023 ...)
+ TODO: check
+CVE-2024-5427 (The WPCafe \u2013 Online Food Ordering, Restaurant Menu,
Delivery, and ...)
+ TODO: check
+CVE-2024-5418 (The DethemeKit For Elementor plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
+CVE-2024-5345 (The Responsive Owl Carousel for Elementor plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2024-4469 (The WP STAGING WordPress Backup Plugin WordPress plugin before
3.5.0 ...)
+ TODO: check
+CVE-2024-4379 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-4376 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-4205 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-37032 (Ollama before 0.1.34 does not validate the format of the
digest (sha25 ...)
+ TODO: check
+CVE-2024-37018 (The OpenDaylight 0.15.3 controller allows topology poisoning
via API r ...)
+ TODO: check
+CVE-2024-37017 (asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2024-36246 (Missing authorization vulnerability exists in Unifier and
Unifier Cast ...)
+ TODO: check
+CVE-2024-36119 (Statamic is a, Laravel + Git powered CMS designed for building
website ...)
+ TODO: check
+CVE-2024-32850 (Improper neutralization of special elements used in a command
('Comman ...)
+ TODO: check
+CVE-2024-2793 (The Visual Website Collaboration, Feedback & Project Management
\u2013 ...)
+ TODO: check
+CVE-2024-23847 (Incorrect default permissions issue exists in Unifier and
Unifier Cast ...)
+ TODO: check
+CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where
an Atta ...)
+ TODO: check
+CVE-2024-5499 (Out of bounds write in Streams API in Google Chrome prior to
125.0.642 ...)
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
-CVE-2024-5498
+CVE-2024-5498 (Use after free in Presentation API in Google Chrome prior to
125.0.642 ...)
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
-CVE-2024-5497
+CVE-2024-5497 (Out of bounds memory access in Keyboard Inputs in Google Chrome
prior ...)
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
-CVE-2024-5496
+CVE-2024-5496 (Use after free in Media Session in Google Chrome prior to
125.0.6422.1 ...)
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
-CVE-2024-5495
+CVE-2024-5495 (Use after free in Dawn in Google Chrome prior to 125.0.6422.141
allowe ...)
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
-CVE-2024-5494
+CVE-2024-5494 (Use after free in Dawn in Google Chrome prior to 125.0.6422.141
allowe ...)
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
-CVE-2024-5493
+CVE-2024-5493 (Heap buffer overflow in WebRTC in Google Chrome prior to
125.0.6422.14 ...)
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
@@ -1985,6 +2023,7 @@ CVE-2024-4563 (The Progress MOVEit Automation
configuration export function prio
CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local
Privilege ...)
NOT-FOR-US: WithSecure Elements Endpoint Protection
CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code
Execution ...)
+ {DLA-3824-1}
- gst-plugins-base1.0 1.24.3-1
- gst-plugins-base0.10
NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0002.html
@@ -20572,8 +20611,8 @@ CVE-2024-27908 (A buffer overflow vulnerability was
reported in the HTTPS servic
NOT-FOR-US: Lenovo
CVE-2024-23592 (An authentication bypass vulnerability was reported in Lenovo
devices ...)
NOT-FOR-US: Lenovo
-CVE-2024-21506
- REJECTED
+CVE-2024-21506 (Versions of the package pymongo before 4.6.3 are vulnerable to
Out-of- ...)
+ TODO: check
CVE-2024-1994 (The Image Watermark plugin for
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: db127650 by security tracker role at 2024-05-30T20:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,393 +1,503 @@ -CVE-2024-36959 [pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()] +CVE-2024-5537 + REJECTED +CVE-2024-5521 (Two Cross-Site Scripting vulnerabilities have been discovered in Alkac ...) + TODO: check +CVE-2024-5520 (Two Cross-Site Scripting vulnerabilities have been discovered in Alkac ...) + TODO: check +CVE-2024-5519 (A vulnerability classified as critical was found in ItsourceCode Learn ...) + TODO: check +CVE-2024-5518 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-5517 (A vulnerability was found in itsourcecode Online Blood Bank Management ...) + TODO: check +CVE-2024-5516 (A vulnerability was found in itsourcecode Online Blood Bank Management ...) + TODO: check +CVE-2024-5515 (A vulnerability was found in SourceCodester Stock Management System 1. ...) + TODO: check +CVE-2024-5326 (The Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX ...) + TODO: check +CVE-2024-5271 (Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write ...) + TODO: check +CVE-2024-4842 + REJECTED +CVE-2024-4668 (The Gum Elementor Addon plugin for WordPress is vulnerable to Stored C ...) + TODO: check +CVE-2024-4427 (The Comparison Slider plugin for WordPress is vulnerable to unauthoriz ...) + TODO: check +CVE-2024-4426 (The Comparison Slider plugin for WordPress is vulnerable to Cross-Site ...) + TODO: check +CVE-2024-4422 (The Comparison Slider plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-4355 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spa ...) + TODO: check +CVE-2024-4330 (A path traversal vulnerability was identified in the parisneo/lollms-w ...) + TODO: check +CVE-2024-3924 (A code injection vulnerability exists in the huggingface/text-generati ...) + TODO: check +CVE-2024-3584 (qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to ...) + TODO: check +CVE-2024-3583 (The Simple Like Page Plugin plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2024-3301 (An unsafe .NET object deserialization vulnerability in DELMIA Apriso R ...) + TODO: check +CVE-2024-3300 (An unsafe .NET object deserialization vulnerability in DELMIA Apriso R ...) + TODO: check +CVE-2024-36118 (MeterSphere is a test management and interface testing tool. In affect ...) + TODO: check +CVE-2024-35504 (A cross-site scripting (XSS) vulnerability in the login page of FineSo ...) + TODO: check +CVE-2024-35469 (A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Re ...) + TODO: check +CVE-2024-35468 (A SQL injection vulnerability in /hrm/index.php in SourceCodester Huma ...) + TODO: check +CVE-2024-35433 (ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Contro ...) + TODO: check +CVE-2024-35432 (ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (X ...) + TODO: check +CVE-2024-35431 (ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via ...) + TODO: check +CVE-2024-35430 (In ZKTeco ZKBio CVSecurity v6.1.1 an authenticated user can bypass pas ...) + TODO: check +CVE-2024-35429 (ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via ...) + TODO: check +CVE-2024-35428 (ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via ...) + TODO: check +CVE-2024-35359 (A vulnerability has been discovered in Di\xf1o Physics School Assistan ...) + TODO: check +CVE-2024-35358 (A vulnerability has been discovered in Di\xf1o Physics School Assistan ...) + TODO: check +CVE-2024-35357 (A vulnerability has been discovered in Di\xf1o Physics School Assistan ...) + TODO: check +CVE-2024-35356 (A vulnerability has been discovered in Di\xf1o Physics School Assistan ...) + TODO: check +CVE-2024-35355 (A vulnerability has been discovered in Di\xf1o Physics School Assistan ...) + TODO: check +CVE-2024-35354 (A vulnerability has been discovered in Di\xf1o Physics School Assistan ...) + TODO: check +CVE-2024-35353 (A vulnerability has been discovered in Di\xf1o Physics School Assistan ...) + TODO: check +CVE-2024-35352 (A vulnerability has been discovered in Di\xf1o Physics School Assistan ...) + TODO: check +CVE-2024-35351 (A vulnerability has been discovered in Di\xf1o Physics School Assistan ...) + TODO: check +CVE-2024-35350 (A vulnerability has been discovered in Di\xf1o Physics
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 00a6c6b9 by security tracker role at 2024-05-30T08:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,45 @@ +CVE-2024-5514 (MinMax CMS fromMinMax Digital Technology contains a hidden administrat ...) + TODO: check +CVE-2024-5341 (The The Plus Addons for Elementor Page Builder plugin for WordPress is ...) + TODO: check +CVE-2024-5327 (The PowerPack Addons for Elementor (Free Widgets, Extensions and Templ ...) + TODO: check +CVE-2024-5223 (The Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX ...) + TODO: check +CVE-2024-5207 (The POST SMTP \u2013 The #1 WordPress SMTP Plugin with Advanced Email ...) + TODO: check +CVE-2024-5073 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-4356 (The List categories plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-4218 (The AffiEasy plugin for WordPress is vulnerable to Cross-Site Request ...) + TODO: check +CVE-2024-3947 (The WP To Do plugin for WordPress is vulnerable to Cross-Site Request ...) + TODO: check +CVE-2024-3946 (The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site S ...) + TODO: check +CVE-2024-3945 (The WP To Do plugin for WordPress is vulnerable to Cross-Site Request ...) + TODO: check +CVE-2024-3943 (The WP To Do plugin for WordPress is vulnerable to Cross-Site Request ...) + TODO: check +CVE-2024-3726 (The Login Logout Register Menu plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-3277 (The Yumpu ePaper publishing plugin for WordPress is vulnerable to unau ...) + TODO: check +CVE-2024-3269 (The Download Monitor plugin for WordPress is vulnerable to unauthorize ...) + TODO: check +CVE-2024-3190 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-3063 (The WPB Elementor Addons plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-36267 (Path traversal vulnerability exists in Redmine DMSF Plugin versions pr ...) + TODO: check +CVE-2024-36114 (Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zst ...) + TODO: check +CVE-2024-35221 (Rubygems.org is the Ruby community's gem hosting service. A Gem publis ...) + TODO: check +CVE-2024-2253 (The Testimonial Carousel For Elementor plugin for WordPress is vulnera ...) + TODO: check CVE-2024-5185 (The EmbedAI application is susceptible to security issues that enable ...) NOT-FOR-US: EmbedAI application CVE-2024-5039 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00a6c6b9a82a42132d7512e33e0fa56745798fc7 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00a6c6b9a82a42132d7512e33e0fa56745798fc7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d2a6af29 by security tracker role at 2024-05-29T20:11:54+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,92 @@ -CVE-2023-52881 [tcp: do not accept ACK of bytes we never sent] +CVE-2024-5185 (The EmbedAI application is susceptible to security issues that enable ...) + TODO: check +CVE-2024-5039 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...) + TODO: check +CVE-2024-4358 (In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or ea ...) + TODO: check +CVE-2024-3412 (The WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore ...) + TODO: check +CVE-2024-36470 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36427 (The file-serving function in TARGIT Decision Suite 23.2.15007 allows a ...) + TODO: check +CVE-2024-36378 (In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS a ...) + TODO: check +CVE-2024-36377 (In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints ...) + TODO: check +CVE-2024-36376 (In JetBrains TeamCity before 2024.03.2 users could perform actions tha ...) + TODO: check +CVE-2024-36375 (In JetBrains TeamCity before 2024.03.2 technical information regarding ...) + TODO: check +CVE-2024-36374 (In JetBrains TeamCity before 2024.03.2 stored XSS via build step setti ...) + TODO: check +CVE-2024-36373 (In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted ...) + TODO: check +CVE-2024-36372 (In JetBrains TeamCity before 2023.05.5 reflected XSS on the subscripti ...) + TODO: check +CVE-2024-36371 (In JetBrains TeamCity before 2023.05.5, 2023.11.5 stored XSS in Commit ...) + TODO: check +CVE-2024-36370 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36369 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36368 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36367 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36366 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36365 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36364 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36363 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36362 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36016 (In the Linux kernel, the following vulnerability has been resolved: t ...) + TODO: check +CVE-2024-35512 (An issue in hmq v1.5.5 allows attackers to cause a Denial of Service ( ...) + TODO: check +CVE-2024-35492 (Cesanta Mongoose commit b316989 was discovered to contain a NULL point ...) + TODO: check +CVE-2024-35434 (Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow ...) + TODO: check +CVE-2024-35333 (A stack-buffer-overflow vulnerability exists in the read_charset_decl ...) + TODO: check +CVE-2024-35311 (Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0 ...) + TODO: check +CVE-2024-35284 (A vulnerability in the legacy chat component of Mitel MiContact Center ...) + TODO: check +CVE-2024-35283 (A vulnerability in the Ignite component of Mitel MiContact Center Busi ...) + TODO: check +CVE-2024-35200 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...) + TODO: check +CVE-2024-34715 (Fides is an open-source privacy engineering platform. The Fides webser ...) + TODO: check +CVE-2024-34161 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...) + TODO: check +CVE-2024-32760 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...) + TODO: check +CVE-2024-31079 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...) + TODO: check +CVE-2024-28974 (Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequat ...) + TODO: check +CVE-2024-28826 (Improper restriction of local upload and download paths in check_sftp ...) + TODO: check +CVE-2024-27313 (Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. Th ...) + TODO: check +CVE-2024-25977 (The application does not change the session token when using the login ...) + TODO: check +CVE-2024-25976 (When LDAP
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3fa11a25 by security tracker role at 2024-05-29T08:11:54+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,49 @@ -CVE-2024-36015 [ppdev: Add an error check in register_device] +CVE-2024-5437 (A vulnerability was found in SourceCodester Simple Online Bidding Syst ...) + TODO: check +CVE-2024-5204 (The Swiss Toolkit For WP plugin for WordPress is vulnerable to authent ...) + TODO: check +CVE-2024-5150 (The Login with phone number plugin for WordPress is vulnerable to auth ...) + TODO: check +CVE-2024-5086 (The Essential Addons for Elementor PRO \u2013 Best Elementor Templates ...) + TODO: check +CVE-2024-4611 (The AppPresser plugin for WordPress is vulnerable to improper missing ...) + TODO: check +CVE-2024-4419 (The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-3937 (The Playlist for Youtube WordPress plugin through 1.32 does not saniti ...) + TODO: check +CVE-2024-3921 (The Gianism WordPress plugin through 5.1.0 does not sanitise and escap ...) + TODO: check +CVE-2024-3050 (The Site Reviews WordPress plugin before 7.0.0 retrieves client IP add ...) + TODO: check +CVE-2024-36112 (Nautobot is a Network Source of Truth and Network Automation Platform. ...) + TODO: check +CVE-2024-35548 (A SQL injection vulnerability in Mybatis plus versions below 3.5.6 all ...) + TODO: check +CVE-2024-35511 (phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injec ...) + TODO: check +CVE-2024-35240 (Umbraco Commerce is an open source dotnet ecommerce solution. In affec ...) + TODO: check +CVE-2024-35239 (Umbraco Commerce is an open source dotnet web forms solution. In affec ...) + TODO: check +CVE-2024-35226 (Smarty is a template engine for PHP, facilitating the separation of pr ...) + TODO: check +CVE-2024-23580 (HCL DRYiCE Optibot Reset Station is impacted byinsecure encryption of ...) + TODO: check +CVE-2024-23579 (HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of ...) + TODO: check +CVE-2024-22641 (TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Express ...) + TODO: check +CVE-2024-21512 (Versions of the package mysql2 before 3.9.8 are vulnerable to Prototyp ...) + TODO: check +CVE-2024-0434 (The WordPress Tour & Travel Booking Plugin for WooCommerce \u2013 WpTr ...) + TODO: check +CVE-2023-6743 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-36015 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux NOTE: https://git.kernel.org/linus/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e (6.10-rc1) -CVE-2024-36014 [drm/arm/malidp: fix a possible null pointer dereference] +CVE-2024-36014 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux NOTE: https://git.kernel.org/linus/a1f95aede6285dba6dd036d907196f35ae3a11ea (6.10-rc1) CVE-2024-5434 (The Campbell Scientific CSI Web Server stores web authentication crede ...) @@ -7111,7 +7153,8 @@ CVE-2024-4853 (Memory handling issue in editcap could cause denial of service vi NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19724 CVE-2024-4840 (An flaw was found in the OpenStack Platform (RHOSP) director, a toolse ...) NOT-FOR-US: Red Hat OpenStack Platform -CVE-2024-4810 (In register_device, the return value of ida_simple_get is unchecked, i ...) +CVE-2024-4810 + REJECTED TODO: check CVE-2024-4712 (An arbitrary file creation vulnerability exists in PaperCut NG/MF that ...) NOT-FOR-US: PaperCut NG/MF @@ -17316,11 +17359,13 @@ CVE-2024-3651 [potential DoS via resource consumption via specially crafted inpu NOTE: https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274779 NOTE: Fixed by: https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7 (v3.7) -CVE-2024-24863 (In malidp_mw_connector_reset, new memory is allocated with kzalloc, bu ...) +CVE-2024-24863 + REJECTED - linux NOTE: https://git.kernel.org/linus/a1f95aede6285dba6dd036d907196f35ae3a11ea (6.10-rc1) NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8750 -CVE-2024-24862 (In function pci1_spi_probe, there is a potential null pointer that ...) +CVE-2024-24862 + REJECTED - linux 6.8.9-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) @@ -58220,7 +58265,7 @@ CVE-2023-36701 (Microsoft Resilient File System (ReFS) Elevation of
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3cfed740 by security tracker role at 2024-05-28T20:12:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,205 @@ +CVE-2024-5434 (The Campbell Scientific CSI Web Server stores web authentication crede ...) + TODO: check +CVE-2024-5433 (The Campbell Scientific CSI Web Server supports a command that will re ...) + TODO: check +CVE-2024-5428 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2024-5415 (A vulnerability have been discovered in PhpMyBackupPro affecting versi ...) + TODO: check +CVE-2024-5414 (A vulnerability have been discovered in PhpMyBackupPro affecting versi ...) + TODO: check +CVE-2024-5413 (A vulnerability have been discovered in PhpMyBackupPro affecting versi ...) + TODO: check +CVE-2024-5411 (Missing input validation and OS command integration of the input in th ...) + TODO: check +CVE-2024-5410 (Missing input validation in the ORing IAP-420 web-interface allows sto ...) + TODO: check +CVE-2024-4429 (Cross-Site Request Forgery vulnerabilityhas been discovered in OpenTex ...) + TODO: check +CVE-2024-3969 (XML External Entity injection vulnerability foundin OpenText\u2122 iMa ...) + TODO: check +CVE-2024-3657 (A flaw was found in 389-ds-base. A specially-crafted LDAP query can po ...) + TODO: check +CVE-2024-36472 (In GNOME Shell through 45.7, a portal helper can be launched automatic ...) + TODO: check +CVE-2024-36110 (ansibleguy-webui is an open source WebUI for using Ansible. Multiple f ...) + TODO: check +CVE-2024-36109 (CoCalc is web-based software that enables collaboration in research, t ...) + TODO: check +CVE-2024-36107 (MinIO is a High Performance Object Storage released under GNU Affero G ...) + TODO: check +CVE-2024-35621 (A cross-site scripting (XSS) vulnerability in the Edit function of For ...) + TODO: check +CVE-2024-35583 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) + TODO: check +CVE-2024-35582 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) + TODO: check +CVE-2024-35581 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) + TODO: check +CVE-2024-35563 (CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL ...) + TODO: check +CVE-2024-35510 (An arbitrary file upload vulnerability in /dede/file_manage_control.ph ...) + TODO: check +CVE-2024-35403 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...) + TODO: check +CVE-2024-35401 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a com ...) + TODO: check +CVE-2024-35400 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...) + TODO: check +CVE-2024-35399 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...) + TODO: check +CVE-2024-35398 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...) + TODO: check +CVE-2024-35397 (TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a co ...) + TODO: check +CVE-2024-35344 (Certain Anpviz products contain a hardcoded cryptographic key stored i ...) + TODO: check +CVE-2024-35343 (Certain Anpviz products allow unauthenticated users to download arbitr ...) + TODO: check +CVE-2024-35342 (Certain Anpviz products allow unauthenticated users to modify or disab ...) + TODO: check +CVE-2024-35341 (Certain Anpviz products allow unauthenticated users to download the ru ...) + TODO: check +CVE-2024-35324 (Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via ...) + TODO: check +CVE-2024-34854 (F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transc ...) + TODO: check +CVE-2024-34852 (F-logic DataCube3 v1.0 is affected by command injection due to imprope ...) + TODO: check +CVE-2024-33849 (ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-code ...) + TODO: check +CVE-2024-33808 (A SQL injection vulnerability in /model/get_timetable.php in campcodes ...) + TODO: check +CVE-2024-33807 (A SQL injection vulnerability in /model/get_teacher_timetable.php in c ...) + TODO: check +CVE-2024-33806 (A SQL injection vulnerability in /model/get_grade.php in campcodes Com ...) + TODO: check +CVE-2024-33805 (A SQL injection vulnerability in /model/get_student.php in campcodes C ...) + TODO: check +CVE-2024-33804 (A SQL injection vulnerability in /model/get_subject.php in campcodes C ...) + TODO: check +CVE-2024-33803 (A SQL injection vulnerability in /model/get_exam.php in campcodes Comp ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5aeb324b by security tracker role at 2024-05-28T08:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,27 @@ +CVE-2024-36428 (OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection.) + TODO: check +CVE-2024-36426 (In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session ...) + TODO: check +CVE-2024-32944 (Path traversal vulnerability exists in UTAU versions prior to v0.4.19. ...) + TODO: check +CVE-2024-29078 (Incorrect permission assignment for critical resource issue exists in ...) + TODO: check +CVE-2024-28886 (OS command injection vulnerability exists in UTAU versions prior to v0 ...) + TODO: check +CVE-2024-28880 (Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier a ...) + TODO: check +CVE-2023-52712 (Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The firs ...) + TODO: check +CVE-2023-52711 (Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The firs ...) + TODO: check +CVE-2023-52710 (Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communicati ...) + TODO: check +CVE-2023-52548 (Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26) Arbitrary Memory Co ...) + TODO: check +CVE-2023-52547 (Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption i ...) + TODO: check +CVE-2022-48681 (Some Huawei smart speakers have a memory overflow vulnerability. Succe ...) + TODO: check CVE-2024-5409 (RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in ...) NOT-FOR-US: RhinOS CVE-2024-5408 (Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "sea ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aeb324b056f16341b59a6716864a89c01590979 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aeb324b056f16341b59a6716864a89c01590979 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
60065691 by security tracker role at 2024-05-27T20:12:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,57 @@
+CVE-2024-5409 (RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper"
parameter in ...)
+ TODO: check
+CVE-2024-5408 (Vulnerability in RhinOS 3.0-1190 consisting of an XSS through
the "sea ...)
+ TODO: check
+CVE-2024-5407 (A vulnerability in RhinOS 3.0-1190 could allow PHP code
injection thro ...)
+ TODO: check
+CVE-2024-5406 (A vulnerability had been discovered in WinNMP 19.02 consisting
of an X ...)
+ TODO: check
+CVE-2024-5405 (A vulnerability had been discovered in WinNMP 19.02 consisting
of an X ...)
+ TODO: check
+CVE-2024-3381
+ REJECTED
+CVE-2024-36383 (An issue was discovered in Logpoint SAML Authentication before
6.0.3. ...)
+ TODO: check
+CVE-2024-36105 (dbt enables data analysts and engineers to transform their
data using ...)
+ TODO: check
+CVE-2024-36037 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows
unauthor ...)
+ TODO: check
+CVE-2024-36036 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows
unauthor ...)
+ TODO: check
+CVE-2024-35238 (Minder by Stacklok is an open source software supply chain
security pl ...)
+ TODO: check
+CVE-2024-35237 (MIT IdentiBot is an open-source Discord bot written in Node.js
that ve ...)
+ TODO: check
+CVE-2024-35236 (Audiobookshelf is a self-hosted audiobook and podcast server.
Prior to ...)
+ TODO: check
+CVE-2024-35231 (rack-contrib provides contributed rack middleware and
utilities for Ra ...)
+ TODO: check
+CVE-2024-35229 (ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs
to scal ...)
+ TODO: check
+CVE-2024-35219 (OpenAPI Generator allows generation of API client libraries
(SDK gener ...)
+ TODO: check
+CVE-2024-35182 (Meshery is an open source, cloud native manager that enables
the desig ...)
+ TODO: check
+CVE-2024-35181 (Meshery is an open source, cloud native manager that enables
the desig ...)
+ TODO: check
+CVE-2024-34923 (In Avocent DSR2030 Appliance firmware 03.04.00.07 before
03.07.01.23, ...)
+ TODO: check
+CVE-2024-34477 (configureNFS in lib/common/functions.sh in FOG through 1.5.10
allows l ...)
+ TODO: check
+CVE-2024-32978 (Kaminari is a paginator for web app frameworks and object
relational m ...)
+ TODO: check
+CVE-2024-29415 (The ip package through 2.0.1 for Node.js might allow SSRF
because some ...)
+ TODO: check
+CVE-2024-27310 (Zoho ManageEngineADSelfService Plus versions below6401 are
vulnerable ...)
+ TODO: check
+CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a
frame that ...)
+ TODO: check
+CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code
execution can ...)
+ TODO: check
+CVE-2022-4969 (A vulnerability, which was classified as critical, has been
found in b ...)
+ TODO: check
CVE-2024-5403 (ASKEY 5G NR Small Cell fails to properly filter user input for
certain ...)
NOT-FOR-US: ASKEY
CVE-2024-5400 (Openfind Mail2000 does not properly filter parameters of
specific CGI. ...)
@@ -1527,6 +1581,7 @@ CVE-2024-3268 (The YouTube Video Gallery by YouTube
Showcase \u2013 Video Galler
CVE-2024-36052 (RARLAB WinRAR before 7.00, on Windows, allows attackers to
spoof the s ...)
NOT-FOR-US: WinRAR
CVE-2024-36039 (PyMySQL through 1.1.0 allows SQL injection if used with
untrusted JSON ...)
+ {DLA-3822-1}
- python-pymysql (bug #1071628)
NOTE: https://github.com/advisories/GHSA-v9hf-5j83-6xpp
NOTE:
https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c
(v1.1.1)
@@ -17012,7 +17067,7 @@ CVE-2024-3662 (The WPZOOM Social Feed Widget & Block
plugin for WordPress is vul
CVE-2023-6494 (The WPC Smart Quick View for WooCommerce plugin for WordPress
is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2024-32487 (less through 653 allows OS command execution via a newline
character i ...)
- {DSA-5679-1}
+ {DSA-5679-1 DLA-3823-1}
- less 590-2.1 (bug #1068938)
NOTE: https://www.openwall.com/lists/oss-security/2024/04/12/5
NOTE: Fixed by:
https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33
@@ -20962,7 +21017,8 @@ CVE-2024-3209 (A vulnerability was found in UPX up to
4.2.2. It has been rated a
TODO: check upstream report status, seems not filled as issue
CVE-2024-3207 (A vulnerability was found in ermig1979 Simd up to 6.0.134. It
has been ...)
NOT-FOR-US: ermig1979
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ebb9273 by security tracker role at 2024-05-27T08:12:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,87 @@ +CVE-2024-5403 (ASKEY 5G NR Small Cell fails to properly filter user input for certain ...) + TODO: check +CVE-2024-5400 (Openfind Mail2000 does not properly filter parameters of specific CGI. ...) + TODO: check +CVE-2024-5399 (Openfind Mail2000 does not properly filter parameters of specific API. ...) + TODO: check +CVE-2024-5397 (A vulnerability classified as critical was found in itsourcecode Onlin ...) + TODO: check +CVE-2024-5396 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-5395 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) + TODO: check +CVE-2024-5394 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) + TODO: check +CVE-2024-5393 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) + TODO: check +CVE-2024-5392 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) + TODO: check +CVE-2024-5391 (A vulnerability has been found in itsourcecode Online Student Enrollme ...) + TODO: check +CVE-2024-5390 (A vulnerability, which was classified as critical, was found in itsour ...) + TODO: check +CVE-2024-5385 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-5384 (A vulnerability classified as critical was found in SourceCodester Fac ...) + TODO: check +CVE-2024-5383 (A vulnerability classified as problematic has been found in lakernote ...) + TODO: check +CVE-2024-5381 (A vulnerability classified as critical was found in itsourcecode Stude ...) + TODO: check +CVE-2024-5380 (A vulnerability classified as problematic has been found in jsy-1 shor ...) + TODO: check +CVE-2024-5379 (A vulnerability was found in JFinalCMS up to 20240111. It has been rat ...) + TODO: check +CVE-2024-5378 (A vulnerability was found in SourceCodester School Intramurals Student ...) + TODO: check +CVE-2024-5377 (A vulnerability was found in SourceCodester Vehicle Management System ...) + TODO: check +CVE-2024-5376 (A vulnerability was found in Kashipara College Management System 1.0 a ...) + TODO: check +CVE-2024-5035 (The affected device expose a network service called "rftest" that is v ...) + TODO: check +CVE-2024-4535 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not hav ...) + TODO: check +CVE-2024-4534 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not hav ...) + TODO: check +CVE-2024-4533 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not san ...) + TODO: check +CVE-2024-4532 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4531 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4530 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4529 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4286 (Mintplex-Labs' anything-llm application is vulnerable to improper neut ...) + TODO: check +CVE-2024-3939 (The Ditty WordPress plugin before 3.1.36 does not sanitise and escape ...) + TODO: check +CVE-2024-3933 (In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, w ...) + TODO: check +CVE-2024-36384 (Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is rel ...) + TODO: check +CVE-2024-36056 (Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user ...) + TODO: check +CVE-2024-36055 (Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user ...) + TODO: check +CVE-2024-36054 (Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user ...) + TODO: check +CVE-2024-35297 (Cross-site scripting vulnerability exists in WP Booking versions prior ...) + TODO: check +CVE-2024-35291 (Cross-site scripting vulnerability exists in Splunk Config Explorer ve ...) + TODO: check +CVE-2024-34454 (Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SS ...) + TODO: check +CVE-2024-30658 + REJECTED +CVE-2024-30657 + REJECTED +CVE-2024-27314 (Zoho ManageEngineServiceDesk Plus versions below14730,ServiceDesk Plus ...) + TODO: check +CVE-2024-26289 (Deserialization of Untrusted Data vulnerability in PMB Services PMB al ...) + TODO: check CVE-2024-5375 (A vulnerability has been found in
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 307c33fb by security tracker role at 2024-05-26T20:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,57 @@ +CVE-2024-5375 (A vulnerability has been found in Kashipara College Management System ...) + TODO: check +CVE-2024-5374 (A vulnerability, which was classified as problematic, was found in Kas ...) + TODO: check +CVE-2024-5373 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-5372 (A vulnerability classified as problematic was found in Kashipara Colle ...) + TODO: check +CVE-2024-5371 (A vulnerability classified as problematic has been found in Kashipara ...) + TODO: check +CVE-2024-5370 (A vulnerability was found in Kashipara College Management System 1.0. ...) + TODO: check +CVE-2024-5369 (A vulnerability was found in Kashipara College Management System 1.0. ...) + TODO: check +CVE-2024-5368 (A vulnerability was found in Kashipara College Management System 1.0. ...) + TODO: check +CVE-2024-5367 (A vulnerability was found in Kashipara College Management System 1.0 a ...) + TODO: check +CVE-2024-5366 (A vulnerability has been found in SourceCodester Best House Rental Man ...) + TODO: check +CVE-2024-5365 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-5364 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-5363 (A vulnerability classified as critical was found in SourceCodester Bes ...) + TODO: check +CVE-2024-5362 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-5361 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) + TODO: check +CVE-2024-5360 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) + TODO: check +CVE-2024-5359 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) + TODO: check +CVE-2024-5358 (A vulnerability was found in PHPGurukul Zoo Management System 2.1 and ...) + TODO: check +CVE-2024-5272 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fa ...) + TODO: check +CVE-2024-5270 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1 and ...) + TODO: check +CVE-2024-36255 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) + TODO: check +CVE-2024-36241 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) + TODO: check +CVE-2024-34152 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) + TODO: check +CVE-2024-34029 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1 and 8.1.x <= 8.1.12 ...) + TODO: check +CVE-2024-32045 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fa ...) + TODO: check +CVE-2024-31859 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) + TODO: check +CVE-2024-29215 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8. ...) + TODO: check CVE-2024-5357 (A vulnerability has been found in PHPGurukul Zoo Management System 2.1 ...) NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5356 (A vulnerability, which was classified as critical, was found in anji-p ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/307c33fbacebd310f4b02a4c3f1c1a4693485a76 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/307c33fbacebd310f4b02a4c3f1c1a4693485a76 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5465e8ce by security tracker role at 2024-05-26T08:12:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,21 @@
+CVE-2024-5357 (A vulnerability has been found in PHPGurukul Zoo Management
System 2.1 ...)
+ TODO: check
+CVE-2024-5356 (A vulnerability, which was classified as critical, was found in
anji-p ...)
+ TODO: check
+CVE-2024-5355 (A vulnerability, which was classified as critical, has been
found in a ...)
+ TODO: check
+CVE-2024-5354 (A vulnerability classified as problematic was found in
anji-plus AJ-Re ...)
+ TODO: check
+CVE-2024-5353 (A vulnerability classified as critical has been found in
anji-plus AJ- ...)
+ TODO: check
+CVE-2024-5352 (A vulnerability was found in anji-plus AJ-Report up to 1.4.1.
It has b ...)
+ TODO: check
+CVE-2024-5351 (A vulnerability was found in anji-plus AJ-Report up to 1.4.1.
It has b ...)
+ TODO: check
+CVE-2024-5350 (A vulnerability was found in anji-plus AJ-Report up to 1.4.1.
It has b ...)
+ TODO: check
+CVE-2024-5340 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It
has been ...)
+ TODO: check
CVE-2024-5339 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It
has been ...)
NOT-FOR-US: Ruijie RG-UAC
CVE-2024-5338 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It
has been ...)
@@ -6130,7 +6148,7 @@ CVE-2024-0437 (The Password Protected \u2013 Ultimate
Plugin to Password Protect
CVE-2023-33327 (Improper Privilege Management vulnerability in Teplitsa of
social tech ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3044 (Unchecked script execution in Graphic on-click binding in
affected Lib ...)
- {DSA-5690-1}
+ {DSA-5690-1 DLA-3821-1}
- libreoffice 4:24.2.3~rc1-2
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2024-3044/
NOTE:
https://git.libreoffice.org/core/+/8b2402b16df185119c91222b33ff1b8d55e0afe4%5E%21
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5465e8ce11c9b15e2c655d37ae6870ed79e9fb8a
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5465e8ce11c9b15e2c655d37ae6870ed79e9fb8a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
887ef5c3 by security tracker role at 2024-05-25T20:11:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,13 @@
+CVE-2024-5339 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It
has been ...)
+ TODO: check
+CVE-2024-5338 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It
has been ...)
+ TODO: check
+CVE-2024-5337 (A vulnerability was found in Ruijie RG-UAC up to 20240516 and
classifi ...)
+ TODO: check
+CVE-2024-5336 (A vulnerability has been found in Ruijie RG-UAC up to 20240516
and cla ...)
+ TODO: check
+CVE-2024-30056 (Microsoft Edge (Chromium-based) Information Disclosure
Vulnerability)
+ TODO: check
CVE-2024-5229 (The Primary Addon for Elementor plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5220 (The ND Shortcodes plugin for WordPress is vulnerable to Stored
Cross-S ...)
@@ -90853,6 +90863,7 @@ CVE-2023-27351 (This vulnerability allows remote
attackers to bypass authenticat
CVE-2023-27350 (This vulnerability allows remote attackers to bypass
authentication on ...)
NOT-FOR-US: PaperCut
CVE-2023-27349 (BlueZ Audio Profile AVRCP Improper Validation of Array Index
Remote Co ...)
+ {DLA-3820-1}
- bluez 5.68-1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-386/
NOTE:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f54299a850676d92c3dafd83e9174fcfe420ccc9
(5.67)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/887ef5c334c9ca7ccc7e0e2d24133cd8ec7c1ba8
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/887ef5c334c9ca7ccc7e0e2d24133cd8ec7c1ba8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
54a17456 by security tracker role at 2024-05-25T08:11:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,21 @@
+CVE-2024-5229 (The Primary Addon for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-5220 (The ND Shortcodes plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2024-5218 (The Reviews and Rating \u2013 Google Reviews plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-4858 (The Testimonial Carousel For Elementor plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2024-4045 (The Popup Builder by OptinMonster \u2013 WordPress Popups for
Optins, ...)
+ TODO: check
+CVE-2024-36079 (An issue was discovered in Vaultize 21.07.27. When uploading
files, th ...)
+ TODO: check
+CVE-2024-35374 (Mocodo Mocodo Online 4.2.6 and below does not properly
sanitize the sq ...)
+ TODO: check
+CVE-2024-35373 (Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote
Code Exec ...)
+ TODO: check
+CVE-2024-35232 (github.com/huandu/facebook is a Go package that fully supports
the Fac ...)
+ TODO: check
CVE-2024-5318 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab (Vulnerable code introduced later)
CVE-2024-5315 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1
and al ...)
@@ -19901,7 +19919,7 @@ CVE-2024-26745 (In the Linux kernel, the following
vulnerability has been resolv
[buster] - linux (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/09a3c1e46142199adcee372a420b024b4fc61051 (6.8-rc7)
CVE-2024-24795 (HTTP Response splitting in multiple modules in Apache HTTP
Server allo ...)
- {DSA-5662-1}
+ {DSA-5662-1 DLA-3818-1}
- apache2 2.4.59-1 (bug #1068412)
- uwsgi (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/5
@@ -19913,13 +19931,13 @@ CVE-2024-24795 (HTTP Response splitting in multiple
modules in Apache HTTP Serve
NOTE: packages which are provided by src:apache2 itself.
NOTE: https://github.com/unbit/uwsgi/issues/2635
CVE-2023-38709 (Faulty input validation in the core of Apache allows malicious
or expl ...)
- {DSA-5662-1}
+ {DSA-5662-1 DLA-3818-1}
- apache2 2.4.59-1 (bug #1068412)
NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/3
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-38709
NOTE:
https://github.com/apache/httpd/commit/ac20389f3c816d990aba21720f1492b69ac5cb44
CVE-2024-27316 (HTTP/2 incoming headers exceeding the limit are temporarily
buffered i ...)
- {DSA-5662-1}
+ {DSA-5662-1 DLA-3818-1}
- apache2 2.4.59-1 (bug #1068412)
NOTE: https://www.kb.cert.org/vuls/id/421644
NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/4
@@ -55873,7 +55891,7 @@ CVE-2020-36706 (The Simple:Press \u2013 WordPress Forum
Plugin for WordPress is
CVE-2020-36698 (The Security & Malware scan by CleanTalk plugin for WordPress
is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2023-45802 (When a HTTP/2 stream was reset (RST frame) by a client, there
was a ti ...)
- {DSA-5662-1}
+ {DSA-5662-1 DLA-3818-1}
- apache2 2.4.58-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/6
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-45802
@@ -78703,7 +78721,7 @@ CVE-2023-2259 (Improper Neutralization of Special
Elements Used in a Template En
CVE-2023-2258 (Improper Neutralization of Formula Elements in a CSV File in
GitHub re ...)
NOT-FOR-US: Alf.io
CVE-2023-31122 (Out-of-bounds Read vulnerability in mod_macro of Apache HTTP
Server.Th ...)
- {DSA-5662-1}
+ {DSA-5662-1 DLA-3818-1}
- apache2 2.4.58-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/4
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122
@@ -347017,6 +347035,7 @@ CVE-2019-17569 (The refactoring present in Apache
Tomcat 9.0.28 to 9.0.30, 8.5.4
CVE-2019-17568
REJECTED
CVE-2019-17567 (Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel
configu ...)
+ {DLA-3818-1}
[experimental] - apache2 2.4.48-1
- apache2 2.4.48-2
[stretch] - apache2 (Intrusive and risky backport)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54a1745646757b78eb1007dd43941003ea258867
--
This project does not include diff previews in email notifications.
View it on GitLab:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0a200b01 by security tracker role at 2024-05-24T20:12:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,359 +1,423 @@ -CVE-2023-52880 [tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc] +CVE-2024-5318 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2024-5315 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) + TODO: check +CVE-2024-5314 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) + TODO: check +CVE-2024-5312 (PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /ph ...) + TODO: check +CVE-2024-5310 (A vulnerability classified as problematic has been found in JFinalCMS ...) + TODO: check +CVE-2024-4455 (The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4037 (The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrar ...) + TODO: check +CVE-2024-36049 (Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials ...) + TODO: check +CVE-2024-35618 (PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereferen ...) + TODO: check +CVE-2024-35595 (An arbitrary file upload vulnerability in the File Preview function of ...) + TODO: check +CVE-2024-35593 (An arbitrary file upload vulnerability in the File preview function of ...) + TODO: check +CVE-2024-35592 (An arbitrary file upload vulnerability in the Upload function of Box-I ...) + TODO: check +CVE-2024-35591 (An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers ...) + TODO: check +CVE-2024-35396 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a har ...) + TODO: check +CVE-2024-35395 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a har ...) + TODO: check +CVE-2024-35388 (TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a st ...) + TODO: check +CVE-2024-35387 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stac ...) + TODO: check +CVE-2024-35340 (Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command inject ...) + TODO: check +CVE-2024-35339 (Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command inject ...) + TODO: check +CVE-2024-34995 (svnWebUI v1.8.3 was discovered to contain an arbitrary file deletion v ...) + TODO: check +CVE-2024-33809 (PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulner ...) + TODO: check +CVE-2024-33471 (An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows ...) + TODO: check +CVE-2024-33470 (An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 all ...) + TODO: check +CVE-2024-33427 (Buffer Overflow vulnerability in Squid version before v.6.10 allows a ...) + TODO: check +CVE-2024-31510 (An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker t ...) + TODO: check +CVE-2024-22588 (Kwik commit 745fd4e2 does not discard unused encryption keys.) + TODO: check +CVE-2023-49575 (A vulnerability has been discovered in VX Search Enterprise affecting ...) + TODO: check +CVE-2023-49574 (A vulnerability has been discovered in VX Search Enterprise affecting ...) + TODO: check +CVE-2023-49573 (A vulnerability has been discovered in VX Search Enterprise affecting ...) + TODO: check +CVE-2023-49572 (A vulnerability has been discovered in VX Search Enterprise affecting ...) + TODO: check +CVE-2023-47710 (IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site ...) + TODO: check +CVE-2023-46442 (An infinite loop in the retrieveActiveBody function of Soot before v4. ...) + TODO: check +CVE-2023-52880 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.6.8-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/67c37756898a5a6b2941a13ae7260c89b54e0d88 (6.6-rc1) -CVE-2021-47572 [net: nexthop: fix null pointer dereference when IPv6 is not enabled] +CVE-2021-47572 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.15.15-1 [bullseye] - linux 5.10.84-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1c743127cc54b112b155f434756bd4b5fa565a99 (5.16-rc3) -CVE-2021-47571 [staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()] +CVE-2021-47571 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.15-1 [bullseye] - linux 5.10.84-1
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cb4a9746 by security tracker role at 2024-05-24T08:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,77 @@ +CVE-2024-5299 (D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code E ...) + TODO: check +CVE-2024-5298 (D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method ...) + TODO: check +CVE-2024-5297 (D-Link D-View executeWmicCmd Command Injection Remote Code Execution V ...) + TODO: check +CVE-2024-5296 (D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypas ...) + TODO: check +CVE-2024-5295 (D-Link G416 flupl self Command Injection Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-5294 (D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Ser ...) + TODO: check +CVE-2024-5293 (D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code E ...) + TODO: check +CVE-2024-5292 (D-Link Network Assistant Uncontrolled Search Path Element Local Privil ...) + TODO: check +CVE-2024-5291 (D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code ...) + TODO: check +CVE-2024-5279 (A vulnerability was found in Qiwen Netdisk up to 1.4.0. It has been de ...) + TODO: check +CVE-2024-5247 (NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted F ...) + TODO: check +CVE-2024-5246 (NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution ...) + TODO: check +CVE-2024-5245 (NETGEAR ProSAFE Network Management System Default Credentials Local Pr ...) + TODO: check +CVE-2024-5244 (TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerabili ...) + TODO: check +CVE-2024-5243 (TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerabilit ...) + TODO: check +CVE-2024-5242 (TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution ...) + TODO: check +CVE-2024-5228 (TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer O ...) + TODO: check +CVE-2024-5227 (TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Ex ...) + TODO: check +CVE-2024-5205 (The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-5142 (Stored Cross-Site Scripting vulnerability in Social Module in M-Files ...) + TODO: check +CVE-2024-5060 (The LottieFiles \u2013 JSON Based Animation Lottie & Bodymovin for Ele ...) + TODO: check +CVE-2024-4544 (The Pie Register - Social Sites Login (Add on) plugin for WordPress is ...) + TODO: check +CVE-2024-4485 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...) + TODO: check +CVE-2024-4484 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...) + TODO: check +CVE-2024-4409 (The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Reques ...) + TODO: check +CVE-2024-4366 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is ...) + TODO: check +CVE-2024-3718 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-3557 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) + TODO: check +CVE-2024-36361 (Pug through 3.0.2 allows JavaScript code execution if an application a ...) + TODO: check +CVE-2024-2784 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-2618 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-1376 (The Event post plugin for WordPress is vulnerable to unauthorized bulk ...) + TODO: check +CVE-2024-1332 (The Custom Fonts \u2013 Host Your Fonts Locally plugin for WordPress i ...) + TODO: check +CVE-2024-1134 (The SEOPress \u2013 On-site SEO plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-0893 (The Schema App Structured Data plugin for WordPress is vulnerable to u ...) + TODO: check +CVE-2024-0867 (The Email Log plugin for WordPress is vulnerable to Unauthenticated Ho ...) + TODO: check +CVE-2023-7259 (** DISPUTED ** A vulnerability was found in zzdevelop lenosp up to 202 ...) + TODO: check CVE-2024-5274 - chromium [bullseye] - chromium (see #1061268) @@ -90230,8 +90304,8 @@ CVE-2023-1113 (A vulnerability was found in SourceCodester Simple Payroll System NOT-FOR-US: SourceCodester Simple Payroll System CVE-2023-1112 (A vulnerability was found in Drag and Drop Multiple File Upload Contac ...) NOT-FOR-US: Drag and Drop Multiple File Upload Contact Form -CVE-2023- - RESERVED +CVE-2023- (A
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: def2256a by security tracker role at 2024-05-23T20:11:54+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,113 @@ +CVE-2024-5264 (Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows ...) + TODO: check +CVE-2024-5258 (An authorization vulnerability exists within GitLab from versions 16.1 ...) + TODO: check +CVE-2024-5202 (Arbitrary File Readin OpenText Dimensions RM allowsauthenticated users ...) + TODO: check +CVE-2024-5201 (Privilege Escalationin OpenText Dimensions RM allows an authenticated ...) + TODO: check +CVE-2024-5168 (Improper access control vulnerability in Prodys' Quantum Audio codec a ...) + TODO: check +CVE-2024-5165 (In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several in ...) + TODO: check +CVE-2024-5143 (A user with device administrative privileges can change existing SMTP ...) + TODO: check +CVE-2024-5085 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is ...) + TODO: check +CVE-2024-5084 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is ...) + TODO: check +CVE-2024-4779 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-4575 (The LayerSlider plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-4471 (The 140+ Widgets | Best Addons For Elementor \u2013 FREE for WordPress ...) + TODO: check +CVE-2024-4378 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4365 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-3997 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) + TODO: check +CVE-2024-35570 (An arbitrary file upload vulnerability in the component \controller\Im ...) + TODO: check +CVE-2024-35375 (There is an arbitrary file upload vulnerability on the media add .php ...) + TODO: check +CVE-2024-35224 (OpenProject is the leading open source project management software. Op ...) + TODO: check +CVE-2024-35223 (Dapr is a portable, event-driven, runtime for building distributed app ...) + TODO: check +CVE-2024-35222 (Tauri is a framework for building binaries for all major desktop platf ...) + TODO: check +CVE-2024-35197 (gitoxide is a pure Rust implementation of Git. On Windows, fetching re ...) + TODO: check +CVE-2024-35186 (gitoxide is a pure Rust implementation of Git. During checkout, `gix-w ...) + TODO: check +CVE-2024-35091 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35090 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35086 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35085 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35084 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35083 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35082 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35081 (LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file delet ...) + TODO: check +CVE-2024-35080 (An arbitrary file upload vulnerability in the gok4 method of inxedu v2 ...) + TODO: check +CVE-2024-35079 (An arbitrary file upload vulnerability in the uploadAudio method of in ...) + TODO: check +CVE-2024-34936 (A SQL injection vulnerability in /view/event1.php in Campcodes Complet ...) + TODO: check +CVE-2024-34935 (A SQL injection vulnerability in /view/conversation_history_admin.php ...) + TODO: check +CVE-2024-34934 (A SQL injection vulnerability in /view/emarks_range_grade_update_form. ...) + TODO: check +CVE-2024-34933 (A SQL injection vulnerability in /model/update_grade.php in Campcodes ...) + TODO: check +CVE-2024-34932 (A SQL injection vulnerability in /model/update_exam.php in Campcodes C ...) + TODO: check +CVE-2024-34931 (A SQL injection vulnerability in /model/update_subject.php in Campcode ...) + TODO: check +CVE-2024-34930 (A SQL injection vulnerability in /model/all_events1.php in Campcodes C ...) + TODO: check +CVE-2024-34929 (A SQL injection vulnerability in /view/find_friends.php in Campcodes C ...) + TODO: check +CVE-2024-34928 (A SQL injection vulnerability in /model/update_subject_routing.php in ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f3b5d6a by security tracker role at 2024-05-23T08:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,12 +1,106 @@ -CVE-2024-36013 [Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()] +CVE-2024-5241 (A vulnerability was found in Huashi Private Cloud CDN Live Streaming A ...) + TODO: check +CVE-2024-5240 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5239 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-5238 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-5237 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-5236 (A vulnerability classified as critical was found in Campcodes Complete ...) + TODO: check +CVE-2024-5235 (A vulnerability classified as critical has been found in Campcodes Com ...) + TODO: check +CVE-2024-5234 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5233 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5232 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5231 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5230 (A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and ...) + TODO: check +CVE-2024-5177 (The Hash Elements plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-4978 (Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious bin ...) + TODO: check +CVE-2024-4895 (The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table C ...) + TODO: check +CVE-2024-4783 (The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4706 (The WordPress + Microsoft Office 365 / Azure AD | LOGIN plugin for Wor ...) + TODO: check +CVE-2024-4662 (The Oxygen Builder plugin for WordPress is vulnerable to Remote Code E ...) + TODO: check +CVE-2024-4486 (The Awesome Contact Form7 for Elementor plugin for WordPress is vulner ...) + TODO: check +CVE-2024-4431 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) + TODO: check +CVE-2024-4399 (The does not validate a parameter before making a request to it, whic ...) + TODO: check +CVE-2024-4388 (This does not validate a path generated with user input when download ...) + TODO: check +CVE-2024-4347 (The WP Fastest Cache plugin for WordPress is vulnerable to Directory T ...) + TODO: check +CVE-2024-4043 (The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-3920 (The Flattr WordPress plugin through 1.2.2 does not sanitise and escape ...) + TODO: check +CVE-2024-3918 (The Pet Manager WordPress plugin through 1.4 does not sanitise and esc ...) + TODO: check +CVE-2024-3917 (The Pet Manager WordPress plugin through 1.4 does not sanitise and esc ...) + TODO: check +CVE-2024-3711 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to un ...) + TODO: check +CVE-2024-3708 (A condition exists in lighttpd version prior to 1.4.51 whereby a remot ...) + TODO: check +CVE-2024-3648 (The ShareThis Share Buttons plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2024-3626 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) + TODO: check +CVE-2024-3594 (The IDonate WordPress plugin through 1.9.0 does not sanitise and esca ...) + TODO: check +CVE-2024-3201 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-3065 (The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugi ...) + TODO: check +CVE-2024-2220 (The Button contact VR WordPress plugin through 4.7 does not sanitise a ...) + TODO: check +CVE-2024-2038 (The Visual Website Collaboration, Feedback & Project Management \u2013 ...) + TODO: check +CVE-2024-29853 (An authentication bypass vulnerability in Veeam Agent for Microsoft Wi ...) + TODO: check +CVE-2024-29852 (Veeam Backup Enterprise Manager allows high-privileged users to read b ...) + TODO: check +CVE-2024-29851 (Veeam Backup Enterprise Manager allows high-privileged users to steal ...) + TODO: check +CVE-2024-29850 (Veeam Backup Enterprise Manager allows account takeover via NTLM relay ...) + TODO: check +CVE-2024-29849 (Veeam Backup Enterprise
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3dd5fc42 by security tracker role at 2024-05-22T20:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,138 @@ -CVE-2024-36010 [igb: Fix string truncation warnings in igb_set_fw_version] +CVE-2024-5196 (A vulnerability classified as critical has been found in Arris VAP2500 ...) + TODO: check +CVE-2024-5195 (A vulnerability was found in Arris VAP2500 08.50. It has been rated as ...) + TODO: check +CVE-2024-5194 (A vulnerability was found in Arris VAP2500 08.50. It has been declared ...) + TODO: check +CVE-2024-5193 (A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been ...) + TODO: check +CVE-2024-5166 (An Insecure Direct Object Reference in Google Cloud's Looker allowed m ...) + TODO: check +CVE-2024-5031 (The Memberpress plugin for WordPress is vulnerable to Blind Server-Sid ...) + TODO: check +CVE-2024-5025 (The Memberpress plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-4896 (The WPB Elementor Addons plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-4563 (The Progress MOVEit Automation configuration export function prior to ...) + TODO: check +CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local Privilege ...) + TODO: check +CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution ...) + TODO: check +CVE-2024-4362 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-4267 (A remote code execution (RCE) vulnerability exists in the parisneo/lol ...) + TODO: check +CVE-2024-4262 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4261 (The Responsive Contact Form Builder & Lead Generation Plugin plugin fo ...) + TODO: check +CVE-2024-4153 (A vulnerability in lunary-ai/lunary version 1.2.2 allows attackers to ...) + TODO: check +CVE-2024-3926 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) + TODO: check +CVE-2024-3495 (The Country State City Dropdown CF7 plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-36077 (Qlik Sense Enterprise for Windows before 14.187.4 allows a remote atta ...) + TODO: check +CVE-2024-35627 (tileserver-gl up to v4.4.10 was discovered to contain a cross-site scr ...) + TODO: check +CVE-2024-35561 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35560 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35559 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35558 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35557 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35556 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-3 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35554 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35553 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35552 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35551 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35550 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35475 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Op ...) + TODO: check +CVE-2024-35409 (WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php.) + TODO: check +CVE-2024-35362 (Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/arti ...) + TODO: check +CVE-2024-34448 (Ghost before 5.82.0 allows CSV Injection during a member CSV export.) + TODO: check +CVE-2024-33228 (An issue in the component segwindrvx64.sys of Insyde Software Corp SEG ...) + TODO: check +CVE-2024-33227 (An issue in the component ddcdrv.sys of Nicomsoft WinI2C/DDC v3.7.4.0 ...) + TODO: check +CVE-2024-33226 (An issue in the component Access64.sys of Wistron Corporation TBT Forc ...) + TODO: check +CVE-2024-33225 (An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp R ...) + TODO: check +CVE-2024-33224 (An issue in the component
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1876ffd6 by security tracker role at 2024-05-22T08:12:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,192 +1,268 @@
-CVE-2021-47473 [scsi: qla2xxx: Fix a memory leak in an error path of
qla2x00_process_els()]
+CVE-2024-5190
+ REJECTED
+CVE-2024-5147 (The WPZOOM Addons for Elementor (Templates, Widgets) plugin for
WordPr ...)
+ TODO: check
+CVE-2024-5092 (The Elegant Addons for elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-5040 (There are multiple ways in LCDS LAquis SCADA for an attacker
to acces ...)
+ TODO: check
+CVE-2024-4980 (The WPKoi Templates for Elementor plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-4971 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2024-4443 (The Business Directory Plugin \u2013 Easy Listing Directories
for Word ...)
+ TODO: check
+CVE-2024-4157 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and
Drag & D ...)
+ TODO: check
+CVE-2024-3927 (The Element Pack Elementor Addons (Header Footer, Template
Library, Dy ...)
+ TODO: check
+CVE-2024-3671 (The Print-O-Matic plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2024-3666 (The Opal Estate Pro \u2013 Property Management and Submission
plugin f ...)
+ TODO: check
+CVE-2024-3663 (The WP Scraper plugin for WordPress is vulnerable to
unauthorized acce ...)
+ TODO: check
+CVE-2024-3611 (The Toolbar Extras for Elementor & More \u2013 WordPress Admin
Bar Enh ...)
+ TODO: check
+CVE-2024-3519 (The Media Library Assistant plugin for WordPress is vulnerable
to Refl ...)
+ TODO: check
+CVE-2024-3518 (The Media Library Assistant plugin for WordPress is vulnerable
to SQL ...)
+ TODO: check
+CVE-2024-3198 (The WP Font Awesome Share Icons plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-3066 (The Elegant Addons for elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-35220 (@fastify/session is a session plugin for fastify. Requires the
@fastif ...)
+ TODO: check
+CVE-2024-35162 (Path traversal vulnerability exists in Download Plugins and
Themes fro ...)
+ TODO: check
+CVE-2024-32988 ('OfferBox' App for Android versions 2.0.0 to 2.3.17 and
'OfferBox' App ...)
+ TODO: check
+CVE-2024-31396 (Code injection vulnerability exists in a-blog cms Ver.3.1.x
series ver ...)
+ TODO: check
+CVE-2024-31395 (Cross-site scripting vulnerability exists in a-blog cms
Ver.3.1.x seri ...)
+ TODO: check
+CVE-2024-31394 (Directory traversal vulnerability exists in a-blog cms
Ver.3.1.x serie ...)
+ TODO: check
+CVE-2024-31340 (TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo
versions prio ...)
+ TODO: check
+CVE-2024-30420 (Server-side request forgery (SSRF) vulnerability exists in
a-blog cms ...)
+ TODO: check
+CVE-2024-30419 (Cross-site scripting vulnerability exists in a-blog cms
Ver.3.1.x seri ...)
+ TODO: check
+CVE-2024-2953 (The LuckyWP Table of Contents plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2024-2163 (The Ninja Beaver Add-ons for Beaver Builder plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2024-2119 (The LuckyWP Table of Contents plugin for WordPress is
vulnerable to Re ...)
+ TODO: check
+CVE-2024-2088 (The NextScripts: Social Networks Auto-Poster plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-21683 (This High severity RCE (Remote Code Execution) vulnerability
was intro ...)
+ TODO: check
+CVE-2024-1762 (The NextScripts: Social Networks Auto-Poster plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-1446 (The NextScripts: Social Networks Auto-Poster plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-0632 (The Automatic Translator with Google Translate plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-0453 (The AI ChatBot plugin for WordPress is vulnerable to
unauthorized modi ...)
+ TODO: check
+CVE-2024-0452 (The AI ChatBot plugin for WordPress is vulnerable to
unauthorized modi ...)
+ TODO: check
+CVE-2024-0451 (The AI ChatBot plugin for WordPress is vulnerable to
unauthorized acce ...)
+ TODO: check
+CVE-2023-6487 (The LuckyWP Table of Contents plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2021-47473 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
NOTE:
https://git.kernel.org/linus/7fb223d0ad801f633c78cbe42b1d1b55f5d163ad (5.15-rc7)
-CVE-2021-47472 [net: mdiobus: Fix memory leak in __mdiobus_register]
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7aa6eab1 by security tracker role at 2024-05-21T20:12:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,1778 +1,1898 @@ -CVE-2023-52879 [tracing: Have trace_event_file have ref counters] +CVE-2024-4988 (The mobile application (com.transsion.videocallenhancer) interface has ...) + TODO: check +CVE-2024-4876 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) + TODO: check +CVE-2024-4875 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) + TODO: check +CVE-2024-4700 (The WP Table Builder \u2013 WordPress Table Plugin plugin for WordPres ...) + TODO: check +CVE-2024-4695 (The Move Addons for Elementor plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-4619 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...) + TODO: check +CVE-2024-4566 (The ShopLentor plugin for WordPress is vulnerable to unauthorized modi ...) + TODO: check +CVE-2024-4553 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) + TODO: check +CVE-2024-4452 (The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-4435 (When storing unbounded types in a BTreeMap, a node is represented as a ...) + TODO: check +CVE-2024-4420 (There exists a Denial of service vulnerability in Tink-cc in versions ...) + TODO: check +CVE-2024-4361 (The Page Builder by SiteOrigin plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-4154 (In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulner ...) + TODO: check +CVE-2024-3345 (The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-3268 (The YouTube Video Gallery by YouTube Showcase \u2013 Video Gallery Plu ...) + TODO: check +CVE-2024-36052 (RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the s ...) + TODO: check +CVE-2024-36039 (PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON ...) + TODO: check +CVE-2024-35386 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) + TODO: check +CVE-2024-35385 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) + TODO: check +CVE-2024-35384 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) + TODO: check +CVE-2024-35361 (MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/ ...) + TODO: check +CVE-2024-35218 (Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stor ...) + TODO: check +CVE-2024-35180 (OMERO.web provides a web based client and plugin infrastructure. There ...) + TODO: check +CVE-2024-35061 (NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exc ...) + TODO: check +CVE-2024-35060 (An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows att ...) + TODO: check +CVE-2024-35059 (An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows a ...) + TODO: check +CVE-2024-35058 (An issue in the API wait function of NASA AIT-Core v2.5.2 allows attac ...) + TODO: check +CVE-2024-35057 (An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary ...) + TODO: check +CVE-2024-35056 (NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection ...) + TODO: check +CVE-2024-34274 (OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untr ...) + TODO: check +CVE-2024-34240 (QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) r ...) + TODO: check +CVE-2024-34071 (Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco ...) + TODO: check +CVE-2024-33529 (ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow ...) + TODO: check +CVE-2024-33528 (A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7. ...) + TODO: check +CVE-2024-33527 (A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Us ...) + TODO: check +CVE-2024-33526 (A Stored Cross-site Scripting (XSS) vulnerability in the "Import of us ...) + TODO: check +CVE-2024-33525 (A Stored Cross-site Scripting (XSS) vulnerability in the "Import of or ...) + TODO: check +CVE-2024-31989 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + TODO: check +CVE-2024-31847 (An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site ...) + TODO: check +CVE-2024-31845 (An issue was discovered in Italtel Embrace 1.6.4. The product does not ...) + TODO: check +CVE-2024-31844 (An issue was
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b51afb5 by security tracker role at 2024-05-21T08:12:08+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,45 @@ +CVE-2024-5145 (A vulnerability was found in SourceCodester Vehicle Management System ...) + TODO: check +CVE-2024-4985 (An authentication bypass vulnerability was present in the GitHub Enter ...) + TODO: check +CVE-2024-4943 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...) + TODO: check +CVE-2024-4710 (The UberMenu plugin for WordPress is vulnerable to Stored Cross-Site S ...) + TODO: check +CVE-2024-4470 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress ...) + TODO: check +CVE-2024-4442 (The Salon booking system plugin for WordPress is vulnerable to arbitra ...) + TODO: check +CVE-2024-4372 (The Carousel Slider WordPress plugin before 2.2.11 does not sanitise a ...) + TODO: check +CVE-2024-4290 (The Sailthru Triggermail WordPress plugin through 1.1 does not sanitis ...) + TODO: check +CVE-2024-4289 (The Sailthru Triggermail WordPress plugin through 1.1 does not sanitis ...) + TODO: check +CVE-2024-4061 (The Survey Maker WordPress plugin before 4.2.9 does not sanitise and ...) + TODO: check +CVE-2024-3155 (The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Block ...) + TODO: check +CVE-2024-35195 (Requests is a HTTP library. Prior to 2.32.0, when making requests thro ...) + TODO: check +CVE-2024-35194 (Minder is a software supply chain security platform. Prior to version ...) + TODO: check +CVE-2024-35192 (Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is ...) + TODO: check +CVE-2024-35191 (Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users ...) + TODO: check +CVE-2024-34710 (Wiki.js is al wiki app built on Node.js. Client side template injectio ...) + TODO: check +CVE-2024-33901 (Issue in KeePassXC 2.7.7 allows an attacker to recover some passwords ...) + TODO: check +CVE-2024-33900 (KeePassXC 2.7.7 allows attackers to recover cleartext credentials.) + TODO: check +CVE-2024-2189 (The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2. ...) + TODO: check +CVE-2024-0816 (The buffer overflow vulnerability in the DX3300-T1 firmware version V5 ...) + TODO: check +CVE-2023-37929 (The buffer overflow vulnerability in the CGI program of the VMG3625-T5 ...) + TODO: check CVE-2024-5137 (A vulnerability classified as problematic was found in PHPGurukul Dire ...) NOT-FOR-US: PHPGurukul Directory Management System CVE-2024-5136 (A vulnerability classified as problematic has been found in PHPGurukul ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b51afb5e3375537b45c7f545d0f172320c343c8 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b51afb5e3375537b45c7f545d0f172320c343c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e91dea23 by security tracker role at 2024-05-20T20:11:56+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,330 +1,398 @@ -CVE-2024-36009 [ax25: Fix netdev refcount issue] +CVE-2024-5137 (A vulnerability classified as problematic was found in PHPGurukul Dire ...) + TODO: check +CVE-2024-5136 (A vulnerability classified as problematic has been found in PHPGurukul ...) + TODO: check +CVE-2024-5135 (A vulnerability was found in PHPGurukul Directory Management System 1. ...) + TODO: check +CVE-2024-4323 (A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3. ...) + TODO: check +CVE-2024-4287 (In mintplex-labs/anything-llm, a vulnerability exists due to improper ...) + TODO: check +CVE-2024-4151 (An Improper Access Control vulnerability exists in lunary-ai/lunary ve ...) + TODO: check +CVE-2024-3761 (In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at `pac ...) + TODO: check +CVE-2024-3482 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified ...) + TODO: check +CVE-2024-35580 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpv ...) + TODO: check +CVE-2024-35579 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan ...) + TODO: check +CVE-2024-35578 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbal ...) + TODO: check +CVE-2024-35576 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port ...) + TODO: check +CVE-2024-35571 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode ...) + TODO: check +CVE-2024-34953 (An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denia ...) + TODO: check +CVE-2024-34952 (taurusxin ncmdump v1.3.2 was discovered to contain a segmentation viol ...) + TODO: check +CVE-2024-34949 (likeshop 2.5.7 is vulnerable to SQL Injection via the getOrderList fun ...) + TODO: check +CVE-2024-34948 (An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 ...) + TODO: check +CVE-2024-34947 (Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 ...) + TODO: check +CVE-2024-34193 (smanga 3.2.7 does not filter the file parameter at the PHP/get file fl ...) + TODO: check +CVE-2024-31714 (Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows ...) + TODO: check +CVE-2024-2835 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified ...) + TODO: check +CVE-2024-29651 (A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v. ...) + TODO: check +CVE-2024-29000 (The SolarWinds Platform was determined to be affected by a reflected c ...) + TODO: check +CVE-2024-27312 (Zoho ManageEngine PAM360 version 6601 is vulnerable to authorization v ...) + TODO: check +CVE-2024-24294 (A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 a ...) + TODO: check +CVE-2024-24293 (A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 all ...) + TODO: check +CVE-2024-1968 (In scrapy/scrapy, an issue was identified where the Authorization head ...) + TODO: check +CVE-2024-0401 (ASUS routers supporting custom OpenVPN profiles are vulnerable to a co ...) + TODO: check +CVE-2023-49335 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...) + TODO: check +CVE-2023-49334 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injectio ...) + TODO: check +CVE-2023-49333 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...) + TODO: check +CVE-2023-49332 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...) + TODO: check +CVE-2023-49331 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...) + TODO: check +CVE-2023-49330 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injectio ...) + TODO: check +CVE-2024-36009 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 NOTE: https://git.kernel.org/linus/467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b (6.9-rc6) -CVE-2024-36008 [ipv4: check for NULL idev in ip_route_use_hint()] +CVE-2024-36008 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 [bullseye] - linux 5.10.216-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1 (6.9-rc6) -CVE-2024-36007 [mlxsw: spectrum_acl_tcam: Fix warning during rehash]
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 215575a7 by security tracker role at 2024-05-20T08:11:59+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2024-5134 (A vulnerability was found in SourceCodester Electricity Consumption Mo ...) + TODO: check +CVE-2024-5123 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2024-5122 (A vulnerability was found in SourceCodester Event Registration System ...) + TODO: check +CVE-2024-5121 (A vulnerability was found in SourceCodester Event Registration System ...) + TODO: check +CVE-2024-5120 (A vulnerability was found in SourceCodester Event Registration System ...) + TODO: check +CVE-2024-5119 (A vulnerability was found in SourceCodester Event Registration System ...) + TODO: check +CVE-2024-5118 (A vulnerability has been found in SourceCodester Event Registration Sy ...) + TODO: check +CVE-2024-5117 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-5116 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-5115 (A vulnerability classified as critical was found in Campcodes Complete ...) + TODO: check +CVE-2024-5114 (A vulnerability classified as critical has been found in Campcodes Com ...) + TODO: check +CVE-2024-5113 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5112 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5111 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5110 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5109 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-5108 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-5107 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-5106 (A vulnerability classified as critical was found in Campcodes Complete ...) + TODO: check +CVE-2024-5105 (A vulnerability classified as critical has been found in Campcodes Com ...) + TODO: check +CVE-2024-5104 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5103 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4284 (A vulnerability in mintplex-labs/anything-llm allows for a denial of s ...) + TODO: check +CVE-2024-3368 (The All in One SEO WordPress plugin before 4.6.1.1 does not validate ...) + TODO: check +CVE-2024-36081 (Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated u ...) + TODO: check +CVE-2024-36080 (Westermo EDW-100 devices through 2024-05-03 have a hidden root user ac ...) + TODO: check CVE-2024-5101 (A vulnerability was found in SourceCodester Simple Inventory System 1. ...) NOT-FOR-US: SourceCodester Simple Inventory System CVE-2024-5100 (A vulnerability was found in SourceCodester Simple Inventory System 1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/215575a7652e56bf5f1690983f1e1e205304cf96 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/215575a7652e56bf5f1690983f1e1e205304cf96 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d2a837ad by security tracker role at 2024-05-19T20:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,426 +1,438 @@ -CVE-2024-35947 [dyndbg: fix old BUG_ON in >control parser] +CVE-2024-5101 (A vulnerability was found in SourceCodester Simple Inventory System 1. ...) + TODO: check +CVE-2024-5100 (A vulnerability was found in SourceCodester Simple Inventory System 1. ...) + TODO: check +CVE-2024-36078 (In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with ...) + TODO: check +CVE-2024-36076 (Syslifters SysReptor before 2024.40 has a CSRF vulnerability for WebSo ...) + TODO: check +CVE-2024-36070 (tine before 2023.11.8, when an LDAP backend is used, allows anonymous ...) + TODO: check +CVE-2024-36053 (In the mintupload package through 4.2.0 for Linux Mint, service-name m ...) + TODO: check +CVE-2024-35947 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux NOTE: https://git.kernel.org/linus/00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c (6.9-rc7) -CVE-2024-35946 [wifi: rtw89: fix null pointer access when abort scan] +CVE-2024-35946 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.8.9-1 NOTE: https://git.kernel.org/linus/7e11a2966f51695c0af0b1f976a32d64dee243b2 (6.9-rc1) -CVE-2024-35945 [net: phy: phy_device: Prevent nullptr exceptions on ISR] +CVE-2024-35945 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.8.9-1 NOTE: https://git.kernel.org/linus/61c81872815f46006982bb80460c0c80a949b35b (6.9-rc1) -CVE-2024-35944 [VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()] +CVE-2024-35944 (In the Linux kernel, the following vulnerability has been resolved: V ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/19b070fefd0d024af3daa7329cbc0d00de5302ec (6.9-rc1) -CVE-2024-35943 [pmdomain: ti: Add a null pointer check to the omap_prm_domain_init] +CVE-2024-35943 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.8.9-1 NOTE: https://git.kernel.org/linus/5d7f58ee08434a33340f75ac7ac5071eea9673b3 (6.9-rc1) -CVE-2024-35942 [pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain] +CVE-2024-35942 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.8.9-1 NOTE: https://git.kernel.org/linus/697624ee8ad557ab5417f985d2c804241a7ad30d (6.9-rc1) -CVE-2024-35941 [net: skbuff: add overflow debug check to pull/push helpers] +CVE-2024-35941 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 NOTE: https://git.kernel.org/linus/219eee9c0d16f1b754a8b85275854ab17df0850a (6.9-rc1) -CVE-2024-35940 [pstore/zone: Add a null pointer check to the psz_kmsg_read] +CVE-2024-35940 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/98bc7e26e14fbb26a6abf97603d59532475e97f8 (6.9-rc1) -CVE-2024-35939 [dma-direct: Leak pages on dma_set_decrypted() failure] +CVE-2024-35939 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 NOTE: https://git.kernel.org/linus/b9fa16949d18e06bdf728a560f5c8af56d2bdcaf (6.9-rc1) -CVE-2024-35938 [wifi: ath11k: decrease MHI channel buffer length to 8KB] +CVE-2024-35938 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 NOTE: https://git.kernel.org/linus/1cca1bddf9ef080503c15378cecf4877f7510015 (6.9-rc1) -CVE-2024-35937 [wifi: cfg80211: check A-MSDU format more carefully] +CVE-2024-35937 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.8.9-1 NOTE: https://git.kernel.org/linus/9ad7974856926129f190ffbe3beea78460b3b7cc (6.9-rc1) -CVE-2024-35936 [btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()] +CVE-2024-35936 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/7411055db5ce64f836aaffd422396af0075fdc99 (6.9-rc1) -CVE-2024-35935 [btrfs: send: handle path ref underflow in header iterate_inode_ref()] +CVE-2024-35935 (In the Linux kernel, the following vulnerability has been
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b860abcc by security tracker role at 2024-05-19T08:12:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2024-5099 (A vulnerability was found in SourceCodester Simple Inventory System 1. ...) + TODO: check +CVE-2024-5098 (A vulnerability has been found in SourceCodester Simple Inventory Syst ...) + TODO: check +CVE-2024-5097 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check +CVE-2024-5096 (A vulnerability classified as problematic was found in Hipcam Device u ...) + TODO: check +CVE-2024-5095 (A vulnerability classified as problematic has been found in Victor Zsv ...) + TODO: check +CVE-2024-36050 (Nix through 2.22.1 mishandles certain usage of hash caches, which make ...) + TODO: check +CVE-2024-36048 (QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x b ...) + TODO: check +CVE-2024-28064 (Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/Env ...) + TODO: check +CVE-2024-28063 (Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenSe ...) + TODO: check CVE-2024-5094 (A vulnerability was found in SourceCodester Best House Rental Manageme ...) NOT-FOR-US: SourceCodester Best House Rental Management System CVE-2024-5093 (A vulnerability has been found in SourceCodester Best House Rental Man ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b860abcc783ac01d8927012dd7cff12d5eab30a6 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b860abcc783ac01d8927012dd7cff12d5eab30a6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 900286a7 by security tracker role at 2024-05-18T20:11:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2024-5094 (A vulnerability was found in SourceCodester Best House Rental Manageme ...) + TODO: check +CVE-2024-5093 (A vulnerability has been found in SourceCodester Best House Rental Man ...) + TODO: check +CVE-2024-5088 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-4432 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-3745 (MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vul ...) + TODO: check +CVE-2024-3658 (The Build App Online plugin for WordPress is vulnerable to authenticat ...) + TODO: check +CVE-2024-36043 (question_image.ts in SurveyJS Form Library before 1.10.4 allows conten ...) + TODO: check +CVE-2024-34083 (aiosmptd is a reimplementation of the Python stdlib smtpd.py based on ...) + TODO: check +CVE-2024-31879 (IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbit ...) + TODO: check CVE-2024-5069 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Simple Online Mens Salon Management System CVE-2024-4891 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/900286a776289abb7b797d49dac3e87153268aad -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/900286a776289abb7b797d49dac3e87153268aad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bfb6dbc0 by security tracker role at 2024-05-18T08:11:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,45 @@ +CVE-2024-5069 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-4891 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) + TODO: check +CVE-2024-4865 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-4849 (The WordPress Automatic Plugin plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-4709 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-4698 (The Testimonial Carousel For Elementor plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-4374 (The DethemeKit For Elementor plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-4264 (A remote code execution (RCE) vulnerability exists in the berriai/lite ...) + TODO: check +CVE-2024-3812 (The Salient Core plugin for WordPress is vulnerable to Local File Incl ...) + TODO: check +CVE-2024-3811 (The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-3810 (The Salient Shortcodes plugin for WordPress is vulnerable to Local Fil ...) + TODO: check +CVE-2024-3714 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...) + TODO: check +CVE-2024-35313 (In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length ...) + TODO: check +CVE-2024-35312 (In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 ...) + TODO: check +CVE-2024-2782 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-2772 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-2771 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-23583 (An attacker could potentially intercept credentials via the task manag ...) + TODO: check +CVE-2024-23556 (SSL/TLS Renegotiation functionality potentially leading to DoS attack ...) + TODO: check +CVE-2024-23554 (Cross-Site Request Forgery (CSRF) on Session Token vulnerability that ...) + TODO: check +CVE-2023-52424 (The IEEE 802.11 standard sometimes enables an adversary to trick a vic ...) + TODO: check CVE-2024-5072 (Improper input validation in PAM JIT elevation feature in Devolutions ...) NOT-FOR-US: Devolutions Server CVE-2024-5066 (A vulnerability classified as critical was found in PHPGurukul Online ...) @@ -14551,10 +14593,10 @@ CVE-2024-0083 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, wh NOT-FOR-US: NVIDIA ChatRTX CVE-2024-0082 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where a ...) NOT-FOR-US: NVIDIA ChatRTX -CVE-2024-25743 (In the Linux kernel through 6.7.2, an untrusted hypervisor can inject ...) +CVE-2024-25743 (In the Linux kernel through 6.9, an untrusted hypervisor can inject vi ...) - linux NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html -CVE-2024-25742 +CVE-2024-25742 (In the Linux kernel before 6.9, an untrusted hypervisor can inject vir ...) - linux NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html CVE-2024-3464 (A vulnerability was found in SourceCodester Laundry Management System ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfb6dbc0860a88f1196900861cdb4fc94b5f32f9 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfb6dbc0860a88f1196900861cdb4fc94b5f32f9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d614d57 by security tracker role at 2024-05-17T20:12:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,565 @@ +CVE-2024-5072 (Improper input validation in PAM JIT elevation feature in Devolutions ...) + TODO: check +CVE-2024-5066 (A vulnerability classified as critical was found in PHPGurukul Online ...) + TODO: check +CVE-2024-5065 (A vulnerability classified as critical has been found in PHPGurukul On ...) + TODO: check +CVE-2024-5064 (A vulnerability was found in PHPGurukul Online Course Registration Sys ...) + TODO: check +CVE-2024-5063 (A vulnerability was found in PHPGurukul Online Course Registration Sys ...) + TODO: check +CVE-2024-5055 (Uncontrolled resource consumption vulnerability in XAMPP Windows, vers ...) + TODO: check +CVE-2024-5052 (Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 ...) + TODO: check +CVE-2024-5051 (A vulnerability has been found in SourceCodester Gas Agency Management ...) + TODO: check +CVE-2024-5050 (A vulnerability, which was classified as critical, was found in Wangsh ...) + TODO: check +CVE-2024-5049 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-5048 (A vulnerability classified as critical was found in code-projects Budg ...) + TODO: check +CVE-2024-5047 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-5046 (A vulnerability was found in SourceCodester Online Examination System ...) + TODO: check +CVE-2024-5045 (A vulnerability was found in SourceCodester Online Birth Certificate M ...) + TODO: check +CVE-2024-5044 (A vulnerability was found in Emlog Pro 2.3.4. It has been classified a ...) + TODO: check +CVE-2024-5043 (A vulnerability was found in Emlog Pro 2.3.4 and classified as critica ...) + TODO: check +CVE-2024-5042 (A flaw was found in the Submariner project. Due to unnecessary role-ba ...) + TODO: check +CVE-2024-5022 (The file scheme of URLs would be hidden, resulting in potential spoofi ...) + TODO: check +CVE-2024-4998 + REJECTED +CVE-2024-4789 (Cost Calculator Builder Pro plugin for WordPress is vulnerable to Serv ...) + TODO: check +CVE-2024-4214 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) + TODO: check +CVE-2024-3292 (A race condition vulnerability exists where an authenticated, local at ...) + TODO: check +CVE-2024-3291 (When installing Nessus Agent to a directory outside of the default loc ...) + TODO: check +CVE-2024-3290 (A race condition vulnerability exists where an authenticated, local at ...) + TODO: check +CVE-2024-3289 (When installing Nessus to a directory outside of the default location ...) + TODO: check +CVE-2024-35859 (In the Linux kernel, the following vulnerability has been resolved: b ...) + TODO: check +CVE-2024-35858 (In the Linux kernel, the following vulnerability has been resolved: n ...) + TODO: check +CVE-2024-35857 (In the Linux kernel, the following vulnerability has been resolved: i ...) + TODO: check +CVE-2024-35856 (In the Linux kernel, the following vulnerability has been resolved: B ...) + TODO: check +CVE-2024-35855 (In the Linux kernel, the following vulnerability has been resolved: m ...) + TODO: check +CVE-2024-35854 (In the Linux kernel, the following vulnerability has been resolved: m ...) + TODO: check +CVE-2024-35853 (In the Linux kernel, the following vulnerability has been resolved: m ...) + TODO: check +CVE-2024-35852 (In the Linux kernel, the following vulnerability has been resolved: m ...) + TODO: check +CVE-2024-35851 (In the Linux kernel, the following vulnerability has been resolved: B ...) + TODO: check +CVE-2024-35850 (In the Linux kernel, the following vulnerability has been resolved: B ...) + TODO: check +CVE-2024-35849 (In the Linux kernel, the following vulnerability has been resolved: b ...) + TODO: check +CVE-2024-35848 (In the Linux kernel, the following vulnerability has been resolved: e ...) + TODO: check +CVE-2024-35847 (In the Linux kernel, the following vulnerability has been resolved: i ...) + TODO: check +CVE-2024-35846 (In the Linux kernel, the following vulnerability has been resolved: m ...) + TODO: check +CVE-2024-35845 (In the Linux kernel, the following vulnerability has been resolved: w ...) + TODO: check +CVE-2024-35844 (In the Linux kernel, the following vulnerability has been resolved: f ...) + TODO: check +CVE-2024-35843 (In the Linux kernel, the following vulnerability has been
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e74dc6f7 by security tracker role at 2024-05-17T08:11:45+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,20 +1,244 @@ -CVE-2024-21823 +CVE-2024-4204 (The Bulk Posts Editing For WordPress plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-3609 (The ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce plu ...) + TODO: check +CVE-2024-3580 (The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and e ...) + TODO: check +CVE-2024-3551 (The Penci Soledad Data Migrator plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-3231 (The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and e ...) + TODO: check +CVE-2024-3134 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...) + TODO: check +CVE-2024-35110 (A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulner ...) + TODO: check +CVE-2024-34757 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34752 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34575 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34567 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-33556 (Unrestricted Upload of File with Dangerous Type vulnerability in 8them ...) + TODO: check +CVE-2024-32800 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-31351 (Unrestricted Upload of File with Dangerous Type vulnerability in Copym ...) + TODO: check +CVE-2024-30060 (Azure Monitor Agent Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-2744 (The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise ...) + TODO: check +CVE-2024-2697 (The socialdriver-framework WordPress plugin before 2024.0.0 does not v ...) + TODO: check +CVE-2024-2619 (The Elementor Header & Footer Builder for WordPress is vulnerable to H ...) + TODO: check +CVE-2024-24981 (Improper input validation in PfrSmiUpdateFw driver in UEFI firmware fo ...) + TODO: check +CVE-2024-23980 (Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware ...) + TODO: check +CVE-2024-23487 (Improper input validation in UserAuthenticationSmm driver in UEFI firm ...) + TODO: check +CVE-2024-22476 (Improper input validation in some Intel(R) Neural Compressor software ...) + TODO: check +CVE-2024-22390 (Improper input validation in firmware for some Intel(R) FPGA products ...) + TODO: check +CVE-2024-22384 (Out-of-bounds read for some Intel(R) Trace Analyzer and Collector soft ...) + TODO: check +CVE-2024-22382 (Improper input validation in PprRequestLog module in UEFI firmware for ...) + TODO: check +CVE-2024-22379 (Uncontrolled search path in some Intel(R) Inspector software before ve ...) + TODO: check +CVE-2024-22095 (Improper input validation in PlatformVariableInitDxe driver in UEFI fi ...) + TODO: check +CVE-2024-22015 (Improper input validation for some Intel(R) DLB driver software before ...) + TODO: check +CVE-2024-21864 (Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics ...) + TODO: check +CVE-2024-21862 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Ed ...) + TODO: check +CVE-2024-21861 (Uncontrolled search path in some Intel(R) GPA Framework software befor ...) + TODO: check +CVE-2024-21843 (Uncontrolled search path for some Intel(R) Computing Improvement Progr ...) + TODO: check +CVE-2024-21841 (Uncontrolled search path for some Intel(R) Distribution for GDB softwa ...) + TODO: check +CVE-2024-21837 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Editio ...) + TODO: check +CVE-2024-21835 (Insecure inherited permissions in some Intel(R) XTU software before ve ...) + TODO: check +CVE-2024-21831 (Uncontrolled search path in some Intel(R) Processor Diagnostic Tool so ...) + TODO: check +CVE-2024-21828 (Improper access control in some Intel(R) Ethernet Controller Administr ...) + TODO: check +CVE-2024-21818 (Uncontrolled search path in some Intel(R) PCM software before version ...) + TODO: check +CVE-2024-21814 (Uncontrolled search path for some Intel(R) Chipset Device Software bef ...) + TODO: check +CVE-2024-21813 (Exposure of resource to wrong sphere in some Intel(R) DTT software ins ...) + TODO: check +CVE-2024-21809 (Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edit ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0b5d0e50 by security tracker role at 2024-05-16T20:12:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,299 @@
+CVE-2024-5023 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
+CVE-2024-4999 (A vulnerability in the web-based management interface of
multiple Ligo ...)
+ TODO: check
+CVE-2024-4993 (Vulnerability in SiAdmin 1.1 that allows XSS via the /show.php
query p ...)
+ TODO: check
+CVE-2024-4992 (Vulnerability in SiAdmin 1.1 that allows SQL injection via the
/modul/ ...)
+ TODO: check
+CVE-2024-4991 (Vulnerability in SiAdmin 1.1 that allows SQL injection via the
/modul/ ...)
+ TODO: check
+CVE-2024-4984 (The Yoast SEO plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-4976 (Out-of-bounds array write in Xpdf 4.05 and earlier, due to
missing obj ...)
+ TODO: check
+CVE-2024-4975 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-4974 (A vulnerability, which was classified as problematic, was found
in cod ...)
+ TODO: check
+CVE-2024-4973 (A vulnerability classified as critical was found in
code-projects Simp ...)
+ TODO: check
+CVE-2024-4972 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2024-4968 (A vulnerability was found in SourceCodester Interactive Map
with Marke ...)
+ TODO: check
+CVE-2024-4967 (A vulnerability was found in SourceCodester Interactive Map
with Marke ...)
+ TODO: check
+CVE-2024-4966 (A vulnerability was found in SourceCodester SchoolWebTech 1.0.
It has ...)
+ TODO: check
+CVE-2024-4965 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
D-Link DA ...)
+ TODO: check
+CVE-2024-4964 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found
in D-Li ...)
+ TODO: check
+CVE-2024-4963 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was
classified ...)
+ TODO: check
+CVE-2024-4962 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was
classified ...)
+ TODO: check
+CVE-2024-4961 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
critical ...)
+ TODO: check
+CVE-2024-4960 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
critical ...)
+ TODO: check
+CVE-2024-4956 (Path Traversal in Sonatype Nexus Repository 3 allows an
unauthenticate ...)
+ TODO: check
+CVE-2024-4950 (Inappropriate implementation in Downloads in Google Chrome
prior to 12 ...)
+ TODO: check
+CVE-2024-4949 (Use after free in V8 in Google Chrome prior to 125.0.6422.60
allowed a ...)
+ TODO: check
+CVE-2024-4948 (Use after free in Dawn in Google Chrome prior to 125.0.6422.60
allowed ...)
+ TODO: check
+CVE-2024-4947 (Type Confusion in V8 in Google Chrome prior to 125.0.6422.60
allowed a ...)
+ TODO: check
+CVE-2024-4946 (A vulnerability was found in SourceCodester Online Art Gallery
Managem ...)
+ TODO: check
+CVE-2024-4945 (A vulnerability was found in SourceCodester Best Courier
Management Sy ...)
+ TODO: check
+CVE-2024-4933 (A vulnerability has been found in SourceCodester Simple Online
Bidding ...)
+ TODO: check
+CVE-2024-4932 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2024-4931 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2024-4930 (A vulnerability classified as critical was found in
SourceCodester Sim ...)
+ TODO: check
+CVE-2024-4929 (A vulnerability classified as problematic has been found in
SourceCode ...)
+ TODO: check
+CVE-2024-4928 (A vulnerability was found in SourceCodester Simple Online
Bidding Syst ...)
+ TODO: check
+CVE-2024-4927 (A vulnerability was found in SourceCodester Simple Online
Bidding Syst ...)
+ TODO: check
+CVE-2024-4926 (A vulnerability was found in SourceCodester School Intramurals
Student ...)
+ TODO: check
+CVE-2024-4925 (A vulnerability was found in SourceCodester School Intramurals
Student ...)
+ TODO: check
+CVE-2024-4923 (A vulnerability has been found in Codezips E-Commerce Site 1.0
and cla ...)
+ TODO: check
+CVE-2024-4922 (A vulnerability, which was classified as problematic, was found
in Sou ...)
+ TODO: check
+CVE-2024-4921 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2024-4920 (A vulnerability was found in SourceCodester Online Discussion
Forum Si ...)
+ TODO: check
+CVE-2024-4919 (A vulnerability was found in Campcodes Online Examination
System 1.0. ...)
+ TODO: check
+CVE-2024-4918
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 112e76f2 by security tracker role at 2024-05-15T20:11:59+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,175 @@ +CVE-2024-4910 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4909 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4908 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4907 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-4906 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-4905 (A vulnerability classified as critical has been found in Kashipara Col ...) + TODO: check +CVE-2024-4904 (A vulnerability was found in Byzoro Smart S200 Management Platform up ...) + TODO: check +CVE-2024-4903 (A vulnerability was found in Tongda OA 2017. It has been declared as c ...) + TODO: check +CVE-2024-4837 (In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or ea ...) + TODO: check +CVE-2024-4702 (The Mega Elements plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-4670 (The All-in-One Video Gallery plugin for WordPress is vulnerable to Loc ...) + TODO: check +CVE-2024-4622 (If misconfigured, alpitronic Hypercharger EV charging devices can expo ...) + TODO: check +CVE-2024-4357 (An information disclosure vulnerability exists in Progress Telerik Rep ...) + TODO: check +CVE-2024-4202 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2 (18.1. ...) + TODO: check +CVE-2024-4200 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2 (18.1. ...) + TODO: check +CVE-2024-4010 (The Email Subscribers by Icegram Express plugin for WordPress is vulne ...) + TODO: check +CVE-2024-3970 (Server Side Request Forgery vulnerabilityhas been discovered in OpenTe ...) + TODO: check +CVE-2024-3968 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...) + TODO: check +CVE-2024-3967 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...) + TODO: check +CVE-2024-3892 (A local code execution vulnerability is possible in Telerik UI for Win ...) + TODO: check +CVE-2024-3488 (File Upload vulnerability in unauthenticated session found in OpenText ...) + TODO: check +CVE-2024-3487 (Broken Authentication vulnerability discovered in OpenText\u2122 iMana ...) + TODO: check +CVE-2024-3486 (XML External Entity injection vulnerability foundin OpenText\u2122 iMa ...) + TODO: check +CVE-2024-3485 (Server Side Request Forgery vulnerabilityhas been discovered in OpenTe ...) + TODO: check +CVE-2024-3484 (Path Traversal foundin OpenText\u2122 iManager 3.2.6.0200. This can le ...) + TODO: check +CVE-2024-3483 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...) + TODO: check +CVE-2024-3319 (An issue was identified in the Identity Security Cloud (ISC) Transform ...) + TODO: check +CVE-2024-3318 (A file path traversal vulnerability was identified in the DelimitedFil ...) + TODO: check +CVE-2024-3317 (An improper access control was identified in the Identity Security Clo ...) + TODO: check +CVE-2024-3182 (Install-type password disclosure vulnerability inUniversal Installer i ...) + TODO: check +CVE-2024-35179 (Stalwart Mail Server is an open-source mail server. Prior to version 0 ...) + TODO: check +CVE-2024-35102 (Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv- ...) + TODO: check +CVE-2024-34955 (Code-projects Budget Management 1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2024-34954 (Code-projects Budget Management 1.0 is vulnerable to Cross Site Script ...) + TODO: check +CVE-2024-34913 (An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and b ...) + TODO: check +CVE-2024-34909 (An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allow ...) + TODO: check +CVE-2024-34906 (An arbitrary file upload vulnerability in dootask v0.30.13 allows atta ...) + TODO: check +CVE-2024-34101 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: ...) + TODO: check +CVE-2024-34100 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) + TODO: check +CVE-2024-34099 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) + TODO: check +CVE-2024-34098 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 46925bfd by security tracker role at 2024-05-15T08:12:04+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,114 @@ -CVE-2024-3044 [Graphic on-click binding allows unchecked script execution] +CVE-2024-4894 (ITPison OMICARD EDM fails to properly filter specific URL parameter, ...) + TODO: check +CVE-2024-4893 (DigiWin EasyFlow .NET lacks validation for certain input parameters, a ...) + TODO: check +CVE-2024-4847 (The Alt Text AI \u2013 Automatically generate image alt text for SEO a ...) + TODO: check +CVE-2024-4734 (The Import and export users and customers plugin for WordPress is vuln ...) + TODO: check +CVE-2024-4666 (The Borderless \u2013 Widgets, Elements, Templates and Toolkit for Ele ...) + TODO: check +CVE-2024-4656 (The Import and export users and customers plugin for WordPress is vuln ...) + TODO: check +CVE-2024-4636 (The Image Optimization by Optimole \u2013 Lazy Load, CDN, Convert WebP ...) + TODO: check +CVE-2024-4618 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-4562 (In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerab ...) + TODO: check +CVE-2024-4561 (In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vul ...) + TODO: check +CVE-2024-4373 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) + TODO: check +CVE-2024-4370 (The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPr ...) + TODO: check +CVE-2024-4363 (The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress i ...) + TODO: check +CVE-2024-4208 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) + TODO: check +CVE-2024-4199 (The Bulk Posts Editing For WordPress plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-3824 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not hav ...) + TODO: check +CVE-2024-3823 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not hav ...) + TODO: check +CVE-2024-3822 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not san ...) + TODO: check +CVE-2024-3749 (The SP Project & Document Manager WordPress plugin through 4.71 lacks ...) + TODO: check +CVE-2024-3748 (The SP Project & Document Manager WordPress plugin through 4.71 is mis ...) + TODO: check +CVE-2024-3744 (A security issue was discovered in azure-file-csi-driver where an acto ...) + TODO: check +CVE-2024-3634 (The month name translation benaceur WordPress plugin before 2.3.8 does ...) + TODO: check +CVE-2024-3631 (The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF c ...) + TODO: check +CVE-2024-3630 (The HL Twitter WordPress plugin through 2014.1.18 does not sanitise an ...) + TODO: check +CVE-2024-3629 (The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF c ...) + TODO: check +CVE-2024-3548 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) + TODO: check +CVE-2024-3407 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks ...) + TODO: check +CVE-2024-3406 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check ...) + TODO: check +CVE-2024-3405 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check ...) + TODO: check +CVE-2024-3189 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) + TODO: check +CVE-2024-35175 (sshpiper is a reverse proxy for sshd. Starting in version 1.0.50 and p ...) + TODO: check +CVE-2024-35109 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35108 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-32888 (The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provi ...) + TODO: check +CVE-2024-31556 (An issue in Reportico Web before v.8.1.0 allows a local attacker to ex ...) + TODO: check +CVE-2024-31483 (An authenticated sensitive information disclosure vulnerability exists ...) + TODO: check +CVE-2024-31482 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) + TODO: check +CVE-2024-31481 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...) + TODO: check +CVE-2024-31480 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...) + TODO: check +CVE-2024-31479 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...) + TODO: check +CVE-2024-31478 (Multiple unauthenticated
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 52088067 by security tracker role at 2024-05-14T20:11:56+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,73 +1,475 @@ -CVE-2024-4778 +CVE-2024-4871 (A vulnerability was found in Satellite. When running a remote executio ...) + TODO: check +CVE-2024-4860 (The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are ...) + TODO: check +CVE-2024-4859 (Solidus <= 4.3.4is affected by a Stored Cross-Site Scripting vulnerabi ...) + TODO: check +CVE-2024-4624 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-4473 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...) + TODO: check +CVE-2024-4440 (The 140+ Widgets | Best Addons For Elementor \u2013 FREE plugin for Wo ...) + TODO: check +CVE-2024-4392 (The Jetpack \u2013 WP Security, Backup, Speed, & Growth plugin for Wor ...) + TODO: check +CVE-2024-4333 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) + TODO: check +CVE-2024-3676 (The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection ...) + TODO: check +CVE-2024-3579 (Open-source project Online Shopping System Advanced is vulnerable to R ...) + TODO: check +CVE-2024-3374 (An unauthenticated user can trigger a fatal assertion in the server wh ...) + TODO: check +CVE-2024-3372 (Improper validation of certain metadata input may result in the server ...) + TODO: check +CVE-2024-35012 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35011 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35010 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35009 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-34950 (D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-34914 (php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a wea ...) + TODO: check +CVE-2024-34773 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) + TODO: check +CVE-2024-34772 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) + TODO: check +CVE-2024-34771 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) + TODO: check +CVE-2024-34717 (PrestaShop is an open source e-commerce web application. In PrestaShop ...) + TODO: check +CVE-2024-34716 (PrestaShop is an open source e-commerce web application. A cross-site ...) + TODO: check +CVE-2024-34714 (The Hoppscotch Browser Extension is a browser extension for Hoppscotch ...) + TODO: check +CVE-2024-34713 (sshproxy is used on a gateway to transparently proxy a user SSH connec ...) + TODO: check +CVE-2024-34712 (Oceanic is a NodeJS library for interfacing with Discord. Prior to ver ...) + TODO: check +CVE-2024-34358 (TYPO3 is an enterprise content management system. Starting in version ...) + TODO: check +CVE-2024-34357 (TYPO3 is an enterprise content management system. Starting in version ...) + TODO: check +CVE-2024-34356 (TYPO3 is an enterprise content management system. Starting in version ...) + TODO: check +CVE-2024-34355 (TYPO3 is an enterprise content management system. Starting in version ...) + TODO: check +CVE-2024-34256 (OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function ...) + TODO: check +CVE-2024-34243 (Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the user ...) + TODO: check +CVE-2024-34191 (htmly v2.9.6 was discovered to contain an arbitrary file deletion vuln ...) + TODO: check +CVE-2024-34086 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...) + TODO: check +CVE-2024-34085 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...) + TODO: check +CVE-2024-33868 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is L ...) + TODO: check +CVE-2024-33867 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is a ...) + TODO: check +CVE-2024-33866 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is / ...) + TODO: check +CVE-2024-33865 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is a ...) + TODO: check +CVE-2024-33864 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is S ...) + TODO: check +CVE-2024-33863 (An issue was discovered in linqi before 1.4.0.1 on Windows. There
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6fa9a4f6 by security tracker role at 2024-05-14T08:11:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,122 @@ -CVE-2024-4761 +CVE-2024-4855 (Use after free issue in editcap could cause denial of service via craf ...) + TODO: check +CVE-2024-4854 (MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4. ...) + TODO: check +CVE-2024-4853 (Memory handling issue in editcap could cause denial of service via cra ...) + TODO: check +CVE-2024-4840 (An flaw was found in the OpenStack Platform (RHOSP) director, a toolse ...) + TODO: check +CVE-2024-4810 (In register_device, the return value of ida_simple_get is unchecked, i ...) + TODO: check +CVE-2024-4712 (An arbitrary file creation vulnerability exists in PaperCut NG/MF that ...) + TODO: check +CVE-2024-4445 (The WP Compress \u2013 Image Optimizer [All-In-One] plugin for WordPre ...) + TODO: check +CVE-2024-4144 (The Simple Basic Contact Form plugin for WordPress for WordPress is vu ...) + TODO: check +CVE-2024-4139 (Manage Bank Statement ReProcessing Rules does not perform necessary au ...) + TODO: check +CVE-2024-4138 (Manage Bank Statement ReProcessing Rules does not perform necessary au ...) + TODO: check +CVE-2024-3241 (The Ultimate Blocks WordPress plugin before 3.1.7 does not validate a ...) + TODO: check +CVE-2024-3037 (An arbitrary file deletion vulnerability exists in PaperCut NG/MF that ...) + TODO: check +CVE-2024-34687 (SAP NetWeaver Application Server for ABAP and ABAP Platform do not suf ...) + TODO: check +CVE-2024-33878 + REJECTED +CVE-2024-33009 (SAP Global Label Management is vulnerable to SQL injection. On exploit ...) + TODO: check +CVE-2024-33008 (SAP Replication Server allows an attacker to use gateway for executing ...) + TODO: check +CVE-2024-33007 (PDFViewer is a control delivered as part of SAPUI5 product which shows ...) + TODO: check +CVE-2024-33006 (An unauthenticated attacker can upload a malicious file to the server ...) + TODO: check +CVE-2024-33004 (SAP Business Objects Business Intelligence Platform is vulnerable to I ...) + TODO: check +CVE-2024-33002 (Document Service handler (obsolete) in Data Provisioning Service does ...) + TODO: check +CVE-2024-33000 (SAP Bank Account Management does not perform necessary authorization c ...) + TODO: check +CVE-2024-32733 (Due to missing input validation and output encoding of untrusted data, ...) + TODO: check +CVE-2024-32731 (SAP My Travel Requests does not perform necessary authorization checks ...) + TODO: check +CVE-2024-28165 (SAP Business Objects Business Intelligence Platform is vulnerable to s ...) + TODO: check +CVE-2024-27852 (A privacy issue was addressed with improved client ID handling for alt ...) + TODO: check +CVE-2024-27847 (This issue was addressed with improved checks This issue is fixed in i ...) + TODO: check +CVE-2024-27843 (A logic issue was addressed with improved checks. This issue is fixed ...) + TODO: check +CVE-2024-27842 (The issue was addressed with improved checks. This issue is fixed in m ...) + TODO: check +CVE-2024-27841 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2024-27839 (A privacy issue was addressed by moving sensitive data to a more secur ...) + TODO: check +CVE-2024-27837 (A downgrade issue was addressed with additional code-signing restricti ...) + TODO: check +CVE-2024-27835 (This issue was addressed through improved state management. This issue ...) + TODO: check +CVE-2024-27834 (The issue was addressed with improved checks. This issue is fixed in i ...) + TODO: check +CVE-2024-27829 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2024-27827 (This issue was addressed through improved state management. This issue ...) + TODO: check +CVE-2024-27825 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...) + TODO: check +CVE-2024-27824 (This issue was addressed by removing the vulnerable code. This issue i ...) + TODO: check +CVE-2024-27822 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check +CVE-2024-27821 (A path handling issue was addressed with improved validation. This iss ...) + TODO: check +CVE-2024-27818 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2024-27816 (A logic issue was addressed with improved checks. This issue is fixed ...) + TODO: check +CVE-2024-27813 (The issue was addressed with
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
652d3782 by security tracker role at 2024-05-13T20:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,28 +1,214 @@
-CVE-2024-27401 [firewire: nosy: ensure user_length is taken into account when
fetching packet contents]
+CVE-2024-4825 (A vulnerability has been discovered in Agentejo Cockpit CMS
v0.5.5 tha ...)
+ TODO: check
+CVE-2024-4824 (Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL
injecti ...)
+ TODO: check
+CVE-2024-4823 (Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS
via the ...)
+ TODO: check
+CVE-2024-4822 (Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS
via the ...)
+ TODO: check
+CVE-2024-4820 (A vulnerability was found in SourceCodester Online Computer and
Laptop ...)
+ TODO: check
+CVE-2024-4819 (A vulnerability was found in Campcodes Online Laundry
Management Syste ...)
+ TODO: check
+CVE-2024-4818 (A vulnerability was found in Campcodes Online Laundry
Management Syste ...)
+ TODO: check
+CVE-2024-4817 (A vulnerability has been found in Campcodes Online Laundry
Management ...)
+ TODO: check
+CVE-2024-4816 (A vulnerability, which was classified as critical, was found in
Ruijie ...)
+ TODO: check
+CVE-2024-4815 (A vulnerability, which was classified as critical, has been
found in R ...)
+ TODO: check
+CVE-2024-4814 (A vulnerability classified as critical was found in Ruijie
RG-UAC up t ...)
+ TODO: check
+CVE-2024-4813 (A vulnerability classified as critical has been found in Ruijie
RG-UAC ...)
+ TODO: check
+CVE-2024-4747 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-4068 (The NPM package `braces` fails to limit the number of
characters it ca ...)
+ TODO: check
+CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular
Expression Denia ...)
+ TODO: check
+CVE-2024-3462 (Ant Media Server Community Edition in a default configuration
is vulne ...)
+ TODO: check
+CVE-2024-3263 (YMS VIS Pro is an information system for veterinary and food
administr ...)
+ TODO: check
+CVE-2024-35172 (Server-Side Request Forgery (SSRF) vulnerability in ShortPixel
ShortPi ...)
+ TODO: check
+CVE-2024-35171 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-35170 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-35169 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-35167 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-35166 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-35165 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-35099 (TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2024-35050 (An issue in SurveyKing v1.3.1 allows attackers to escalate
privileges ...)
+ TODO: check
+CVE-2024-35049 (SurveyKing v1.3.1 was discovered to keep users' sessions
active after ...)
+ TODO: check
+CVE-2024-35048 (An issue in SurveyKing v1.3.1 allows attackers to execute a
session re ...)
+ TODO: check
+CVE-2024-34921 (TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to
contain a co ...)
+ TODO: check
+CVE-2024-34899 (WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).)
+ TODO: check
+CVE-2024-34812 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-34811 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34749 (Phormer prior to version 3.35 contains a cross-site scripting
vulnerab ...)
+ TODO: check
+CVE-2024-34709 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2024-34708 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2024-34707 (Nautobot is a Network Source of Truth and Network Automation
Platform. ...)
+ TODO: check
+CVE-2024-34706 (Valtimo is an open source business process and case management
platfor ...)
+ TODO: check
+CVE-2024-34704 (era-compiler-solidity is the ZKsync compiler for Solidity.
The proble ...)
+ TODO: check
+CVE-2024-34701 (CreateWiki is Miraheze's MediaWiki extension for requesting &
creating ...)
+ TODO: check
+CVE-2024-34699 (GZ::CTF is a capture the flag platform. Prior to 0.20.1,
unprivileged ...)
+ TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8e78c894 by security tracker role at 2024-05-13T08:12:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,39 @@
+CVE-2024-4809 (A vulnerability has been found in SourceCodester Open Source
Clinic Ma ...)
+ TODO: check
+CVE-2024-4808 (A vulnerability, which was classified as critical, was found in
Kaship ...)
+ TODO: check
+CVE-2024-4807 (A vulnerability, which was classified as critical, has been
found in K ...)
+ TODO: check
+CVE-2024-4806 (A vulnerability classified as critical was found in Kashipara
College ...)
+ TODO: check
+CVE-2024-4805 (A vulnerability classified as critical has been found in
Kashipara Col ...)
+ TODO: check
+CVE-2024-4804 (A vulnerability was found in Kashipara College Management
System 1.0. ...)
+ TODO: check
+CVE-2024-4803 (A vulnerability was found in Kashipara College Management
System 1.0. ...)
+ TODO: check
+CVE-2024-4802 (A vulnerability was found in Kashipara College Management
System 1.0. ...)
+ TODO: check
+CVE-2024-4801 (A vulnerability was found in Kashipara College Management
System 1.0 a ...)
+ TODO: check
+CVE-2024-4800 (A vulnerability has been found in Kashipara College Management
System ...)
+ TODO: check
+CVE-2024-3239 (The Post Grid Gutenberg Blocks and WordPress Blog Plugin
WordPress pl ...)
+ TODO: check
+CVE-2024-35205 (The WPS Office (aka cn.wps.moffice_eng) application before
17.0.0 for ...)
+ TODO: check
+CVE-2024-35204 (Veritas System Recovery before 23.2_Hotfix has incorrect
permissions f ...)
+ TODO: check
+CVE-2024-32700 (Unrestricted Upload of File with Dangerous Type vulnerability
in Kogne ...)
+ TODO: check
+CVE-2024-2299 (A stored Cross-Site Scripting (XSS) vulnerability exists in the
parisn ...)
+ TODO: check
+CVE-2024-29212 (Due to an unsafe de-serialization method used by the Veeam
Service Pr ...)
+ TODO: check
+CVE-2024-26306 (iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a
server wi ...)
+ TODO: check
+CVE-2023-5052 (vulnerability in Uniform Server Zero, version 10.2.5,
consisting of an ...)
+ TODO: check
CVE-2024-4799 (A vulnerability, which was classified as critical, was found in
Kaship ...)
NOT-FOR-US: Kashipara College Management System
CVE-2024-4798 (A vulnerability, which was classified as critical, has been
found in S ...)
@@ -53100,7 +53136,7 @@ CVE-2023-2358 (Hitachi Vantara Pentaho Business
Analytics Server prior to versio
NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server
CVE-2023-29497 (A privacy issue was addressed with improved handling of
temporary file ...)
NOT-FOR-US: Apple
-CVE-2023-43040 [Improperly verified POST keys]
+CVE-2023-43040 (IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an
attacker to ...)
{DLA-3629-1}
- ceph 16.2.11+ds-5 (bug #1053690)
[bookworm] - ceph (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e78c8948c97e8346baaccce80737717691832cd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e78c8948c97e8346baaccce80737717691832cd
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e7ceb659 by security tracker role at 2024-05-12T20:12:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,7 @@
+CVE-2024-4799 (A vulnerability, which was classified as critical, was found in
Kaship ...)
+ TODO: check
+CVE-2024-4798 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
CVE-2024-4797 (A vulnerability was found in Campcodes Online Laundry
Management Syste ...)
NOT-FOR-US: Campcodes Online Laundry Management System
CVE-2024-4796 (A vulnerability was found in Campcodes Online Laundry
Management Syste ...)
@@ -30710,6 +30714,7 @@ CVE-2023-7227 (SystemK NVR 504/508/516 versions
2.3.5SK.30084998 and prior are v
CVE-2023-6282 (IceHrm 23.0.0.OS does not sufficiently encode user-controlled
input, w ...)
NOT-FOR-US: IceHrm
CVE-2023-52076 (Atril Document Viewer is the default document reader of the
MATE deskt ...)
+ {DSA-5688-1}
- atril 1.26.2-1 (bug #1061522)
NOTE:
https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37
NOTE:
https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ceb65948fa0ef180455d3fe7147a417cbd1b2b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ceb65948fa0ef180455d3fe7147a417cbd1b2b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ec72f73 by security tracker role at 2024-05-12T08:11:45+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2024-4797 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4796 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4795 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4794 (A vulnerability has been found in Campcodes Online Laundry Management ...) + TODO: check +CVE-2024-4793 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-4792 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-4791 (A vulnerability classified as critical was found in Contemporary Contr ...) + TODO: check +CVE-2024-4790 (A vulnerability classified as problematic has been found in DedeCMS 5. ...) + TODO: check CVE-2024-4738 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4737 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ec72f7327848d71a30a6fcd81ead843b241bde8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ec72f7327848d71a30a6fcd81ead843b241bde8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 06a1d63f by security tracker role at 2024-05-11T20:11:47+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,77 @@ +CVE-2024-4738 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4737 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4736 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4630 (The Starter Templates \u2014 Elementor, WordPress & Beaver Builder Tem ...) + TODO: check +CVE-2024-4574 (The Graphina \u2013 Elementor Charts and Graphs plugin for WordPress i ...) + TODO: check +CVE-2024-4560 (The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-4487 (The Blocksy Companion plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-4430 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) + TODO: check +CVE-2024-4417 (The Falang multilanguage for WordPress plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-4413 (The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Objec ...) + TODO: check +CVE-2024-4329 (The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-4213 (The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-4209 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) + TODO: check +CVE-2024-4046 (Cracking vulnerability in the OS security module Impact: Successful ex ...) + TODO: check +CVE-2024-3055 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-32999 (Cracking vulnerability in the OS security module Impact: Successful ex ...) + TODO: check +CVE-2024-32998 (NULL pointer access vulnerability in the clock module Impact: Successf ...) + TODO: check +CVE-2024-32997 (Race condition vulnerability in the binder driver module Impact: Succe ...) + TODO: check +CVE-2024-32996 (Privilege escalation vulnerability in the account module Impact: Succe ...) + TODO: check +CVE-2024-32995 (Denial of service (DoS) vulnerability in the AMS module Impact: Succes ...) + TODO: check +CVE-2024-32993 (Out-of-bounds access vulnerability in the memory module Impact: Succes ...) + TODO: check +CVE-2024-32992 (Insufficient verification vulnerability in the baseband module Impact: ...) + TODO: check +CVE-2024-32991 (Permission verification vulnerability in the wpa_supplicant module Imp ...) + TODO: check +CVE-2024-32990 (Permission verification vulnerability in the system sharing pop-up mod ...) + TODO: check +CVE-2024-32989 (Insufficient verification vulnerability in the system sharing pop-up m ...) + TODO: check +CVE-2024-28761 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) + TODO: check +CVE-2024-28760 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) + TODO: check +CVE-2024-27460 (A privilege escalation exists in the updater for Plantronics Hub 3.25. ...) + TODO: check +CVE-2023-5447 (Missing lock check in SynHsaService may create a use-after-free condit ...) + TODO: check +CVE-2023-52721 (The WindowManager module has a vulnerability in permission control. Im ...) + TODO: check +CVE-2023-52720 (Race condition vulnerability in the soundtrigger module Impact: Succes ...) + TODO: check +CVE-2023-52719 (Privilege escalation vulnerability in the PMS module Impact: Successfu ...) + TODO: check +CVE-2023-52384 (Double-free vulnerability in the RSMC module Impact: Successful exploi ...) + TODO: check +CVE-2023-52383 (Double-free vulnerability in the RSMC module Impact: Successful exploi ...) + TODO: check +CVE-2023-47712 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local u ...) + TODO: check +CVE-2023-47711 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authen ...) + TODO: check +CVE-2023-47709 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote ...) + TODO: check CVE-2024-4735 (A vulnerability has been found in Campcodes Legal Case Management Syst ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4732 (A vulnerability, which was classified as problematic, has been found i ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06a1d63f9e1efa4eab9f0780b051baa8bd2f6539 -- View it on GitLab:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a9933148 by security tracker role at 2024-05-10T20:12:07+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,211 @@ -CVE-2024-4671 +CVE-2024-4735 (A vulnerability has been found in Campcodes Legal Case Management Syst ...) + TODO: check +CVE-2024-4732 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4731 (A vulnerability classified as problematic was found in Campcodes Legal ...) + TODO: check +CVE-2024-4730 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-4729 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4728 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4727 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4726 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4725 (A vulnerability has been found in Campcodes Legal Case Management Syst ...) + TODO: check +CVE-2024-4724 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-4723 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4722 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-4721 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-4720 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4719 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4718 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4717 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4716 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-4715 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-4714 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4713 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-4701 (A path traversal issue potentially leading to remote code execution in ...) + TODO: check +CVE-2024-4699 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + TODO: check +CVE-2024-4689 (Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPix ...) + TODO: check +CVE-2024-4688 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-4687 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-4686 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4631 + REJECTED +CVE-2024-4490 (The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plug ...) + TODO: check +CVE-2024-4481 (The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vul ...) + TODO: check +CVE-2024-4449 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-4448 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024- (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-4434 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-4398 (The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for ...) + TODO: check +CVE-2024-4280 (The White Label CMS plugin for WordPress is vulnerable to unauthorized ...) + TODO: check +CVE-2024-4277 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-4275 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-4232 (This vulnerability exists in Digisol Router (DG-GR1321: Hardware versi ...) + TODO: check +CVE-2024-4231 (This vulnerability exists in Digisol Router (DG-GR1321: Hardware versi ...) + TODO: check +CVE-2024-4129 (Improper Authentication vulnerability in Snow Software AB Snow License ...) + TODO: check +CVE-2024-4044 (A deserialization of untrusted data vulnerability exists in
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 459a3e8f by security tracker role at 2024-05-09T20:12:38+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,373 @@ +CVE-2024-4685 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4684 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4683 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4682 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-4681 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-4678 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4677 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4676 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4675 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-4674 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-4673 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4614 + REJECTED +CVE-2024-4606 (Deserialization of Untrusted Data vulnerability in BdThemes Ultimate S ...) + TODO: check +CVE-2024-4605 (The Breakdance plugin for WordPress is vulnerable to Remote Code Execu ...) + TODO: check +CVE-2024-4579 + REJECTED +CVE-2024-4572 + REJECTED +CVE-2024-4571 + REJECTED +CVE-2024-4567 (The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-4545 (All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 ...) + TODO: check +CVE-2024-4542 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) + TODO: check +CVE-2024-4463 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vul ...) + TODO: check +CVE-2024-4446 (The Content Views \u2013 Post Grid & Filter, Recent Posts, Category Po ...) + TODO: check +CVE-2024-4441 (The XML Sitemap & Google News plugin for WordPress is vulnerable to Lo ...) + TODO: check +CVE-2024-4425 (The access control inCemiPark software stores integration (e.g. FTP or ...) + TODO: check +CVE-2024-4424 (The access control inCemiPark software does not properly validate user ...) + TODO: check +CVE-2024-4423 (The access control inCemiPark software does not properly validate user ...) + TODO: check +CVE-2024-4411 (The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-4397 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-4386 (The Gallery Block (Meow Gallery) plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4383 (The Simple Membership plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-4339 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) + TODO: check +CVE-2024-4335 (The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulne ...) + TODO: check +CVE-2024-4316 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) + TODO: check +CVE-2024-4314 (The Hostel plugin for WordPress is vulnerable to Cross-Site Request Fo ...) + TODO: check +CVE-2024-4312 (The Soccer Engine \u2013 Soccer Plugin for WordPress plugin for WordPr ...) + TODO: check +CVE-2024-4193 (The Testimonial Slider plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-4158 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...) + TODO: check +CVE-2024-4150 (The Simple Basic Contact Form plugin for WordPress is vulnerable to Re ...) + TODO: check +CVE-2024-4107 (The Elementor Website Builder \u2013 More than Just a Page Builder Pro ...) + TODO: check +CVE-2024-4104 (The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is ...) + TODO: check +CVE-2024-4103 (The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is ...) + TODO: check +CVE-2024-4082 (The Joli FAQ SEO \u2013 WordPress FAQ Plugin plugin for WordPress is v ...) + TODO: check +CVE-2024-4041 (The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Si ...) + TODO: check +CVE-2024-4038 (The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a7277cec by security tracker role at 2024-05-09T08:12:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,43 @@
+CVE-2024-4672 (A vulnerability classified as problematic was found in
Campcodes Compl ...)
+ TODO: check
+CVE-2024-4597 (An issue has been discovered in GitLab EE affecting all
versions from ...)
+ TODO: check
+CVE-2024-4539 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
+ TODO: check
+CVE-2024-3903 (The Add Custom CSS and JS WordPress plugin through 1.20 does
not have ...)
+ TODO: check
+CVE-2024-3590 (The LetterPress WordPress plugin through 1.2.2 does not have
CSRF che ...)
+ TODO: check
+CVE-2024-3582 (The UnGallery WordPress plugin through 2.2.4 does not have CSRF
check ...)
+ TODO: check
+CVE-2024-3016 (NEC Platforms DT900 and DT900S Series 5.0.0.0 \u2013 v5.3.4.4,
v5.4.0. ...)
+ TODO: check
+CVE-2024-34365 (** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation
vulnerabilit ...)
+ TODO: check
+CVE-2024-34308 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2024-34196 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3
Firmware ...)
+ TODO: check
+CVE-2024-32672 (A Segmentation Fault issue discovered in Samsung Open Source
Escargo ...)
+ TODO: check
+CVE-2024-32669 (Improper Input Validation vulnerability in Samsung Open Source
escargo ...)
+ TODO: check
+CVE-2024-2651 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
+ TODO: check
+CVE-2024-2454 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
+ TODO: check
+CVE-2024-28759 (A crafted network packet may cause a buffer overrun in Wind
River VxWo ...)
+ TODO: check
+CVE-2024-27793 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2024-26517 (SQL Injection vulnerability in School Task Manager v.1.0
allows a remo ...)
+ TODO: check
+CVE-2023-6688 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
+ TODO: check
+CVE-2023-6682 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
+ TODO: check
+CVE-2023-5971 (The Save as PDF Plugin by Pdfcrowd WordPress plugin before
3.2.0 does ...)
+ TODO: check
CVE-2024-29510
- ghostscript
NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
@@ -917,13 +957,13 @@ CVE-2023-32873 (In keyInstall, there is a possible out of
bounds write due to a
TODO: check
CVE-2023-32871 (In DA, there is a possible permission bypass due to an
incorrect statu ...)
TODO: check
-CVE-2024-29857
+CVE-2024-29857 (An issue was discovered in Bouncy Castle Java Cryptography
APIs before ...)
- bouncycastle (bug #1070655)
[bookworm] - bouncycastle (Minor issue)
[bullseye] - bouncycastle (Minor issue)
NOTE: https://github.com/bcgit/bc-java/issues/1635
NOTE: https://www.bouncycastle.org/latest_releases.html
-CVE-2024-30172
+CVE-2024-30172 (An issue was discovered in Bouncy Castle Java Cryptography
APIs before ...)
- bouncycastle (bug #1070655)
[bookworm] - bouncycastle (Minor issue)
[bullseye] - bouncycastle (Minor issue)
@@ -5240,7 +5280,7 @@ CVE-2022-48682 (In deletefiles in FDUPES before 2.2.0, a
TOCTOU race condition a
[buster] - fdupes (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200381
NOTE:
https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f
(v2.2.0)
-CVE-2024-27282 [Arbitrary memory address read vulnerability with Regex search]
+CVE-2024-27282 (An issue was discovered in Ruby 3.x through 3.3.0. If
attacker-supplie ...)
{DSA-5677-1}
- ruby3.2 (bug #1069968)
- ruby3.1 (bug #1069969)
@@ -5757,7 +5797,7 @@ CVE-2024-25583 (A crafted response from an upstream
server the recursor has been
NOTE: Fixed by:
https://github.com/PowerDNS/pdns/commit/e1247da968077ee7c58fa41447057ee2a2b09fc9
(rec-4.8.8)
CVE-2024-3154 (A flaw was found in cri-o, where an arbitrary systemd property
can be ...)
- cri-o (bug #979702)
-CVE-2024-30171
+CVE-2024-30171 (An issue was discovered in Bouncy Castle Java TLS API and JSSE
Provide ...)
- bouncycastle (bug #1070655)
[bookworm] - bouncycastle (Minor issue)
[bullseye] - bouncycastle (Minor issue)
@@ -11535,6 +11575,7 @@ CVE-2024-31498 (Yubico ykman-gui (aka YubiKey Manager
GUI) before 1.2.6 on Windo
CVE-2024-31212 (InstantCMS is a free and open source content management
system. A SQL ...)
NOT-FOR-US: InstantCMS
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0de2b438 by security tracker role at 2024-05-08T20:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,177 @@
+CVE-2024-4654 (A vulnerability was found in BlueNet Technology Clinical
Browsing Syst ...)
+ TODO: check
+CVE-2024-4653 (A vulnerability was found in BlueNet Technology Clinical
Browsing Syst ...)
+ TODO: check
+CVE-2024-4652 (A vulnerability, which was classified as problematic, was found
in Cam ...)
+ TODO: check
+CVE-2024-4651 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-4650 (A vulnerability classified as problematic was found in
Campcodes Compl ...)
+ TODO: check
+CVE-2024-4649 (A vulnerability classified as problematic has been found in
Campcodes ...)
+ TODO: check
+CVE-2024-4648 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-4647 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-4646 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-4645 (A vulnerability was found in SourceCodester Prison Management
System 1 ...)
+ TODO: check
+CVE-2024-4644 (A vulnerability has been found in SourceCodester Prison
Management Sys ...)
+ TODO: check
+CVE-2024-4281 (The Link Library plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2024-4233 (Missing Authorization vulnerability in Tyche Softwares Print
Invoice & ...)
+ TODO: check
+CVE-2024-4135 (The WP Latest Posts plugin for WordPress is vulnerable to
arbitrary sh ...)
+ TODO: check
+CVE-2024-3951 (PTC Codebeamer is vulnerable to a cross site scripting
vulnerability t ...)
+ TODO: check
+CVE-2024-3507 (Improper privilege management vulnerability in Lunar software
that aff ...)
+ TODO: check
+CVE-2024-34574 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34573 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34572 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34571 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34570 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34569 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34568 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34566 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34565 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34564 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34563 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34562 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34561 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34560 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34558 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34553 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34548 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34547 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34546 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34414 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34347 (@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI
environm ...)
+ TODO: check
+CVE-2024-34257 (TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability
in the ap ...)
+ TODO: check
+CVE-2024-34255 (jizhicms v2.5.1 contains a Cross-Site Scripting(XSS)
vulnerability in ...)
+ TODO: check
+CVE-2024-34244 (libmodbus v3.1.10 is vulnerable to Buffer Overflow via the
modbus_writ ...)
+ TODO: check
+CVE-2024-33612 (An improper certificate validation vulnerability exists in
BIG-IP Next ...)
+
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5880276e by security tracker role at 2024-05-08T08:12:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,73 @@ +CVE-2024-4456 (In affected versions of Octopus Server with certain access levels it w ...) + TODO: check +CVE-2024-4393 (The Social Connect plugin for WordPress is vulnerable to authenticatio ...) + TODO: check +CVE-2024-4162 (A buffer error in Panasonic KW Watcher versions 1.00 through 2.83 may ...) + TODO: check +CVE-2024-4030 (On Windows a directory returned by tempfile.mkdtemp() would not always ...) + TODO: check +CVE-2024-3494 (The Mesmerize Companion plugin for WordPress is vulnerable to Stored C ...) + TODO: check +CVE-2024-34346 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure ...) + TODO: check +CVE-2024-32674 (Heateor Social Login WordPress prior to 1.1.32 contains a cross-site s ...) + TODO: check +CVE-2024-2860 (The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a ...) + TODO: check +CVE-2024-27273 (IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram ...) + TODO: check +CVE-2024-23713 (In migrateNotificationFilter of NotificationManagerService.java, there ...) + TODO: check +CVE-2024-23712 (In multiple functions of AppOpsService.java, there is a possible way t ...) + TODO: check +CVE-2024-23710 (In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.j ...) + TODO: check +CVE-2024-23709 (In multiple locations, there is a possible out of bounds write due to ...) + TODO: check +CVE-2024-23708 (In multiple functions of NotificationManagerService.java, there is a p ...) + TODO: check +CVE-2024-23707 (In multiple locations, there is a possible permissions bypass due to i ...) + TODO: check +CVE-2024-23706 (In multiple locations, there is a possible bypass of health data permi ...) + TODO: check +CVE-2024-23705 (In multiple locations, there is a possible failure to persist or enfor ...) + TODO: check +CVE-2024-23704 (In onCreate of WifiDialogActivity.java, there is a possible way to byp ...) + TODO: check +CVE-2024-23551 (Database scanning using username and password stores the credentials i ...) + TODO: check +CVE-2024-22266 (VMware Avi Load Balancer contains an information disclosure vulnerabil ...) + TODO: check +CVE-2024-22264 (VMware Avi Load Balancer contains a privilege escalation vulnerability ...) + TODO: check +CVE-2024-1076 (The SSL Zen WordPress plugin before 4.6.0 only relies on the use of . ...) + TODO: check +CVE-2024-0043 (In multiple locations, there is a possible notification listener grant ...) + TODO: check +CVE-2024-0042 (In TBD of TBD, there is a possible confusion of OEM and DRM certificat ...) + TODO: check +CVE-2024-0027 (In multiple functions of SnoozeHelper.java, there is a possible way to ...) + TODO: check +CVE-2024-0026 (In multiple functions of SnoozeHelper.java, there is a possible persis ...) + TODO: check +CVE-2024-0025 (In sendIntentSender of ActivityManagerService.java, there is a possibl ...) + TODO: check +CVE-2024-0024 (In multiple methods of UserManagerService.java, there is a possible fa ...) + TODO: check +CVE-2024-0022 (In multiple functions of CompanionDeviceManagerService.java, there is ...) + TODO: check +CVE-2023-40694 (IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sen ...) + TODO: check +CVE-2023-40490 (Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution ...) + TODO: check +CVE-2023-37325 (D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability ...) + TODO: check +CVE-2023-35757 (D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overfl ...) + TODO: check +CVE-2023-35749 (D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overf ...) + TODO: check +CVE-2023-35748 (D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based B ...) + TODO: check CVE-2024-4438 NOT-FOR-US: Incomplete backport in Red Hat OpenStack platform CVE-2024-4437 @@ -1478,7 +1548,7 @@ CVE-2023-50230 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remot - bluez 5.70-1.1 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1812/ NOTE: https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443 -CVE-2023-50229 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ...) (5.70) +CVE-2023-50229 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ...) - bluez 5.70-1.1 NOTE:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 65aa002c by security tracker role at 2024-05-07T20:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,12 +1,177 @@ -CVE-2024-4559 +CVE-2024-4601 (An incorrect authentication vulnerability has been found in Socomec Ne ...) + TODO: check +CVE-2024-4600 (Cross-Site Request Forgery vulnerability in Socomec Net Vision, versio ...) + TODO: check +CVE-2024-4599 (Remote denial of service vulnerability in LAN Messenger affecting vers ...) + TODO: check +CVE-2024-4596 (A vulnerability was found in Kimai up to 2.15.0 and classified as prob ...) + TODO: check +CVE-2024-4595 (A vulnerability has been found in SEMCMS up to 4.8 and classified as c ...) + TODO: check +CVE-2024-4594 (A vulnerability, which was classified as problematic, was found in Ded ...) + TODO: check +CVE-2024-4593 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4592 (A vulnerability classified as problematic was found in DedeCMS 5.7. Th ...) + TODO: check +CVE-2024-4591 (A vulnerability classified as problematic has been found in DedeCMS 5. ...) + TODO: check +CVE-2024-4590 (A vulnerability was found in DedeCMS 5.7. It has been rated as problem ...) + TODO: check +CVE-2024-4589 (A vulnerability was found in DedeCMS 5.7. It has been declared as prob ...) + TODO: check +CVE-2024-4588 (A vulnerability was found in DedeCMS 5.7. It has been classified as pr ...) + TODO: check +CVE-2024-4587 (A vulnerability was found in DedeCMS 5.7 and classified as problematic ...) + TODO: check +CVE-2024-4586 (A vulnerability has been found in DedeCMS 5.7 and classified as proble ...) + TODO: check +CVE-2024-4585 (A vulnerability, which was classified as problematic, was found in Ded ...) + TODO: check +CVE-2024-4584 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4583 (A vulnerability classified as problematic was found in Faraday GM8181 ...) + TODO: check +CVE-2024-4582 (A vulnerability classified as critical has been found in Faraday GM818 ...) + TODO: check +CVE-2024-4538 (IDOR vulnerability in Janto Ticketing Software affecting version 4.3r1 ...) + TODO: check +CVE-2024-4537 (IDOR vulnerability in Janto Ticketing Software affecting version 4.3r1 ...) + TODO: check +CVE-2024-4536 (In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the ED ...) + TODO: check +CVE-2024-4346 (The Startklar Elementor Addons plugin for WordPress is vulnerable to a ...) + TODO: check +CVE-2024-4345 (The Startklar Elementor Addons plugin for WordPress is vulnerable to a ...) + TODO: check +CVE-2024-34523 (AChecker 1.5 allows remote attackers to read the contents of arbitrary ...) + TODO: check +CVE-2024-34517 (The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE privi ...) + TODO: check +CVE-2024-34342 (react-pdf displays PDFs in React apps. If PDF.js is used to load a mal ...) + TODO: check +CVE-2024-34341 (Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, ...) + TODO: check +CVE-2024-34315 (CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vune ...) + TODO: check +CVE-2024-34314 (CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vune ...) + TODO: check +CVE-2024-34084 (Minder's `HandleGithubWebhook` is susceptible to a denial of service a ...) + TODO: check +CVE-2024-33860 (An issue was discovered in Logpoint before 7.4.0. It allows Local File ...) + TODO: check +CVE-2024-33859 (An issue was discovered in Logpoint before 7.4.0. HTML code sent throu ...) + TODO: check +CVE-2024-33858 (An issue was discovered in Logpoint before 7.4.0. A path injection vul ...) + TODO: check +CVE-2024-33857 (An issue was discovered in Logpoint before 7.4.0. Due to a lack of inp ...) + TODO: check +CVE-2024-33856 (An issue was discovered in Logpoint before 7.4.0. An attacker can enum ...) + TODO: check +CVE-2024-33783 (MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via ...) + TODO: check +CVE-2024-33782 (MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the func ...) + TODO: check +CVE-2024-33781 (MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the func ...) + TODO: check +CVE-2024-33780 (MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via ...) + TODO: check +CVE-2024-33748 (Cross-site scripting (XSS) vulnerability in the search function in Mvn ...) + TODO: check +CVE-2024-33434 (An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
890237f7 by security tracker role at 2024-05-07T08:11:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,79 @@
+CVE-2024-4186 (The Build App Online plugin for WordPress is vulnerable to
authenticat ...)
+ TODO: check
+CVE-2024-3759 (in OpenHarmony v4.0.0 and prior versions allow a local attacker
arbitr ...)
+ TODO: check
+CVE-2024-3758 (in OpenHarmony v4.0.0 and prior versions allow a local attacker
arbitr ...)
+ TODO: check
+CVE-2024-3757 (in OpenHarmony v4.0.0 and prior versions allow a local attacker
cause ...)
+ TODO: check
+CVE-2024-3628 (The EasyEvent WordPress plugin through 1.0.0 does not sanitise
and esc ...)
+ TODO: check
+CVE-2024-34534 (A SQL injection vulnerability in Cybrosys Techno Solutions
Text Comman ...)
+ TODO: check
+CVE-2024-34533 (A SQL injection vulnerability in ZI PT Solusi Usaha Mudah
Analytic Dat ...)
+ TODO: check
+CVE-2024-34532 (A SQL injection vulnerability in Yvan Dotet PostgreSQL Query
Deluxe mo ...)
+ TODO: check
+CVE-2024-34413 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-31078 (in OpenHarmony v4.0.0 and prior versions allow a local
attacker cause ...)
+ TODO: check
+CVE-2024-30973 (An issue in V-SOL G/EPON ONU HG323AC-B with firmware version
V2.0.08-2 ...)
+ TODO: check
+CVE-2024-2913 (A race condition vulnerability exists in the
mintplex-labs/anything-ll ...)
+ TODO: check
+CVE-2024-29941 (Insecure storage of the ICT MIFARE and DESFire encryption keys
in the ...)
+ TODO: check
+CVE-2024-28725 (Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows
attacker ...)
+ TODO: check
+CVE-2024-27217 (in OpenHarmony v4.0.0 and prior versions allow a local
attacker arbitr ...)
+ TODO: check
+CVE-2024-23808 (in OpenHarmony v4.0.0 and prior versions allow a local
attacker arbitr ...)
+ TODO: check
+CVE-2024-22472 (A buffer Overflow vulnerability in Silicon Labs 500 Series
Z-Wave devi ...)
+ TODO: check
+CVE-2024-20872 (Improper handling of insufficient privileges vulnerability in
Talkback ...)
+ TODO: check
+CVE-2024-20871 (Improper authorization vulnerability in Samsung Keyboard prior
to vers ...)
+ TODO: check
+CVE-2024-20870 (Improper verification of intent by broadcast receiver
vulnerability in ...)
+ TODO: check
+CVE-2024-20869 (Improper privilege management vulnerability in Samsung
Internet prior ...)
+ TODO: check
+CVE-2024-20868 (Improper input validation in Samsung Notes prior to version
4.4.15 all ...)
+ TODO: check
+CVE-2024-20867 (Improper privilege management vulnerability in Samsung Email
prior to ...)
+ TODO: check
+CVE-2024-20866 (Authentication bypass vulnerability in Setupwizard prior to
SMR May-20 ...)
+ TODO: check
+CVE-2024-20865 (Authentication bypass in bootloader prior to SMR May-2024
Release 1 al ...)
+ TODO: check
+CVE-2024-20864 (Improper access control vulnerability in DarManagerService
prior to SM ...)
+ TODO: check
+CVE-2024-20863 (Out of bounds write vulnerability in SNAP in HAL prior to SMR
May-2024 ...)
+ TODO: check
+CVE-2024-20862 (Out-of-bounds write in SveService prior to SMR May-2024
Release 1 allo ...)
+ TODO: check
+CVE-2024-20861 (Use after free vulnerability in SveService prior to SMR
May-2024 Relea ...)
+ TODO: check
+CVE-2024-20860 (Improper export of android application components
vulnerability in Tel ...)
+ TODO: check
+CVE-2024-20859 (Improper access control vulnerability in FactoryCamera prior
to SMR Ma ...)
+ TODO: check
+CVE-2024-20858 (Improper access control vulnerability in
setCocktailHostCallbacks of C ...)
+ TODO: check
+CVE-2024-20857 (Improper access control vulnerability in startListening of
CocktailBar ...)
+ TODO: check
+CVE-2024-20856 (Improper Authentication vulnerability in Secure Folder prior
to SMR Ma ...)
+ TODO: check
+CVE-2024-20855 (Improper access control vulnerability in multitasking
framework prior ...)
+ TODO: check
+CVE-2024-20821 (A vulnerability possible to reconfigure OTP allows local
attackers to ...)
+ TODO: check
+CVE-2024-1695 (A potential security vulnerability has been identified in the
HP Appli ...)
+ TODO: check
+CVE-2023-33548 (Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with
firmwar ...)
+ TODO: check
CVE-2024-4568 (In Xpdf 4.05 (and earlier), a PDF object loop in the PDF
resources lea ...)
TODO: check
CVE-2024-4549 (A denial of service vulnerability exists in Delta Electronics
DIAEnerg ...)
@@ -782,9 +858,9 @@ CVE-2024-33911 (Improper Neutralization of Special Elements
used in an SQL Comma
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b4fdd773 by security tracker role at 2024-05-06T20:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,307 @@ +CVE-2024-4568 (In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources lea ...) + TODO: check +CVE-2024-4549 (A denial of service vulnerability exists in Delta Electronics DIAEnerg ...) + TODO: check +CVE-2024-4548 (An SQLi vulnerability exists inDelta Electronics DIAEnergie v1.10.1.86 ...) + TODO: check +CVE-2024-4547 (A SQLi vulnerability exists inDelta ElectronicsDIAEnergie v1.10.1.8610 ...) + TODO: check +CVE-2024-4528 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + TODO: check +CVE-2024-4527 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4526 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4525 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-4524 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-4523 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4522 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-4521 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-4519 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4518 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4517 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4516 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4515 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-4514 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-4513 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4512 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2024-4511 (A vulnerability classified as critical has been found in Shanghai Sunf ...) + TODO: check +CVE-2024-4510 (A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been ...) + TODO: check +CVE-2024-4509 (A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been ...) + TODO: check +CVE-2024-4508 (A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been ...) + TODO: check +CVE-2024-4507 (A vulnerability was found in Ruijie RG-UAC up to 20240428 and classifi ...) + TODO: check +CVE-2024-4506 (A vulnerability has been found in Ruijie RG-UAC up to 20240428 and cla ...) + TODO: check +CVE-2024-4505 (A vulnerability, which was classified as critical, was found in Ruijie ...) + TODO: check +CVE-2024-4504 (A vulnerability, which was classified as critical, has been found in R ...) + TODO: check +CVE-2024-4503 (A vulnerability classified as critical was found in Ruijie RG-UAC up t ...) + TODO: check +CVE-2024-4502 (A vulnerability classified as critical has been found in Ruijie RG-UAC ...) + TODO: check +CVE-2024-3756 (The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF ...) + TODO: check +CVE-2024-3755 (The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise a ...) + TODO: check +CVE-2024-3752 (The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and ...) + TODO: check +CVE-2024-3661 (By design, the DHCP protocol does not authenticate messages, including ...) + TODO: check +CVE-2024-3576 (The NPort 5100A Series prior to version 1.6 is affected by web server ...) + TODO: check +CVE-2024-34538 (Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography.) + TODO: check +CVE-2024-34529 (Nebari through 2024.4.1 prints the temporary Keycloak root password.) + TODO: check +CVE-2024-34528 (WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race ...) + TODO: check +CVE-2024-34527 (spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print stateme ...) + TODO: check +CVE-2024-34525 (FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext ...) + TODO: check +CVE-2024-34524 (In XLANG OpenAgents through fe73ac4, the allowed_file protection mecha ...) + TODO: check +CVE-2024-34519 (Avantra
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c0c41f3e by security tracker role at 2024-05-05T20:12:00+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,25 @@ +CVE-2024-4501 (A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been ...) + TODO: check +CVE-2024-4500 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + TODO: check +CVE-2024-34511 (Component Server in Gradio before 4.13 does not properly consider _is_ ...) + TODO: check +CVE-2024-34510 (Gradio before 4.20 allows credential leakage on Windows.) + TODO: check +CVE-2024-34509 (dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid ...) + TODO: check +CVE-2024-34508 (dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid D ...) + TODO: check +CVE-2024-34507 (An issue was discovered in includes/CommentFormatter/CommentParser.php ...) + TODO: check +CVE-2024-34506 (An issue was discovered in includes/specials/SpecialMovePage.php in Me ...) + TODO: check +CVE-2024-34502 (An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, ...) + TODO: check +CVE-2024-34500 (An issue was discovered in the UnlinkedWikibase extension in MediaWiki ...) + TODO: check +CVE-2024-34474 (Clario through 2024-04-11 for Desktop has weak permissions for %PROGRA ...) + TODO: check CVE-2024-4497 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been dec ...) NOT-FOR-US: Tenda CVE-2024-4496 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been cla ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0c41f3e62b0ba3fe4c03ecccfedf4eeb92e6bb4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0c41f3e62b0ba3fe4c03ecccfedf4eeb92e6bb4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3f7b62f3 by security tracker role at 2024-05-05T08:11:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,49 @@
+CVE-2024-4497 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has
been dec ...)
+ TODO: check
+CVE-2024-4496 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has
been cla ...)
+ TODO: check
+CVE-2024-4495 (A vulnerability was found in Tenda i21 1.0.0.14(4656) and
classified a ...)
+ TODO: check
+CVE-2024-4494 (A vulnerability has been found in Tenda i21 1.0.0.14(4656) and
classif ...)
+ TODO: check
+CVE-2024-4493 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2024-4492 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2024-4491 (A vulnerability classified as critical was found in Tenda i21
1.0.0.14 ...)
+ TODO: check
+CVE-2024-34490 (In Maxima through 5.47.0 before 51704c, the plotting
facilities make u ...)
+ TODO: check
+CVE-2024-34489 (OFPHello in parser.py in Faucet SDN Ryu 4.34 allows attackers
to cause ...)
+ TODO: check
+CVE-2024-34488 (OFPMultipartReply in parser.py in Faucet SDN Ryu 4.34 allows
attackers ...)
+ TODO: check
+CVE-2024-34487 (OFPFlowStats in parser.py in Faucet SDN Ryu 4.34 allows
attackers to c ...)
+ TODO: check
+CVE-2024-34486 (OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows
attackers to ...)
+ TODO: check
+CVE-2024-34484 (OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers
to caus ...)
+ TODO: check
+CVE-2024-34483 (OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows
attackers ...)
+ TODO: check
+CVE-2024-34478 (btcd before 0.24.0 does not correctly implement the consensus
rules ou ...)
+ TODO: check
+CVE-2024-34476 (Open5GS before 2.7.1 is vulnerable to a reachable assertion
that can c ...)
+ TODO: check
+CVE-2024-34475 (Open5GS before 2.7.1 is vulnerable to a reachable assertion
that can c ...)
+ TODO: check
+CVE-2024-34473 (An issue was discovered in appmgr in O-RAN Near-RT RIC
I-Release. An a ...)
+ TODO: check
+CVE-2024-34469 (Rukovoditel before 3.5.3 allows XSS via user_photo to
index.php?module ...)
+ TODO: check
+CVE-2024-34468 (Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.)
+ TODO: check
+CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers to discover the
PHPSESSION cook ...)
+ TODO: check
+CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during attachment
preview.)
+ TODO: check
+CVE-2023-52729 (TCPServer.cpp in SimpleNetwork through 29bc615 has an
off-by-one error ...)
+ TODO: check
CVE-2024-3868 (The Folders Pro plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3240 (The ConvertPlug plugin for WordPress is vulnerable to PHP
Object Injec ...)
@@ -17897,30 +17943,35 @@ CVE-2024-2182 (A flaw was found in the Open Virtual
Network (OVN). In OVN cluste
NOTE: https://bugs.launchpad.net/bugs/2053113
NOTE:
https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html
CVE-2023-43490 (Incorrect calculation in microcode keying mechanism for some
Intel(R) ...)
+ {DLA-3808-1}
- intel-microcode 3.20240312.1 (bug #1066108)
[bookworm] - intel-microcode (Decide after exposure on
unstable for update)
[bullseye] - intel-microcode (Decide after exposure on
unstable for update)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
CVE-2023-39368 (Protection mechanism failure of bus lock regulator for some
Intel(R) P ...)
+ {DLA-3808-1}
- intel-microcode 3.20240312.1 (bug #1066108)
[bookworm] - intel-microcode (Decide after exposure on
unstable for update)
[bullseye] - intel-microcode (Decide after exposure on
unstable for update)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
CVE-2023-38575 (Non-transparent sharing of return predictor targets between
contexts i ...)
+ {DLA-3808-1}
- intel-microcode 3.20240312.1 (bug #1066108)
[bookworm] - intel-microcode (Decide after exposure on
unstable for update)
[bullseye] - intel-microcode (Decide after exposure on
unstable for update)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html
NOTE:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c666d802 by security tracker role at 2024-05-04T08:11:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,17 @@
+CVE-2024-3868 (The Folders Pro plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2024-3240 (The ConvertPlug plugin for WordPress is vulnerable to PHP
Object Injec ...)
+ TODO: check
+CVE-2024-3237 (The ConvertPlug plugin for WordPress is vulnerable to
unauthorized mod ...)
+ TODO: check
+CVE-2024-34461 (Zenario before 9.5.60437 uses Twig filters insecurely in the
Twig Snip ...)
+ TODO: check
+CVE-2024-34460 (The Tree Explorer tool from Organizer in Zenario before
9.5.60602 is a ...)
+ TODO: check
+CVE-2024-1050 (The Import and export users and customers plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2023-7065 (The Stop Spammers Security | Block Spam Users, Comments, Forms
plugin ...)
+ TODO: check
CVE-2024-4466 (SQL injection vulnerability in Gescen on the
centrosdigitales.net plat ...)
NOT-FOR-US: Gescen
CVE-2024-4461 (Unquoted path or search item vulnerability in SugarSync
versions prior ...)
@@ -5885,7 +5899,7 @@ CVE-2023-39367 (An OS command injection vulnerability
exists in the web interfac
CVE-2023-36505 (Improper Input Validation vulnerability in Saturday Drive
Ninja Forms ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2961 (The iconv() function in the GNU C Library versions 2.39 and
older may ...)
- {DSA-5673-1}
+ {DSA-5673-1 DLA-3807-1}
- glibc 2.37-18 (bug #1069191)
NOTE: https://www.openwall.com/lists/oss-security/2024/04/17/9
NOTE: https://www.openwall.com/lists/oss-security/2024/04/18/4
@@ -6908,7 +6922,7 @@ CVE-2024-3832 (Object corruption in V8 in Google Chrome
prior to 124.0.6367.60 a
- chromium 124.0.6367.60-1
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
-CVE-2024-4439 [Stored XSS in Avatar block]
+CVE-2024-4439 (WordPress Core is vulnerable to Stored Cross-Site Scripting via
user d ...)
- wordpress 6.5.2+dfsg1-1 (bug #1069091)
NOTE:
https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/
NOTE:
https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/
@@ -7620,6 +7634,7 @@ CVE-2024-3662 (The WPZOOM Social Feed Widget & Block
plugin for WordPress is vul
CVE-2023-6494 (The WPC Smart Quick View for WooCommerce plugin for WordPress
is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2024-32487 (less through 653 allows OS command execution via a newline
character i ...)
+ {DSA-5679-1}
- less 590-2.1 (bug #1068938)
NOTE: https://www.openwall.com/lists/oss-security/2024/04/12/5
NOTE: Fixed by:
https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33
@@ -23825,6 +23840,7 @@ CVE-2024-26318 (Serenity before 6.8.0 allows XSS via an
email link because Login
CVE-2024-24722 (An unquoted service path vulnerability in the 12d Synergy
Server and F ...)
NOT-FOR-US: 12d Synergy Server
CVE-2022-48624 (close_altfile in filename.c in less before 606 omits
shell_quote calls ...)
+ {DSA-5679-1}
- less 590-2.1 (bug #1064293)
[buster] - less (Minor issue)
NOTE:
https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144
(v606)
@@ -251772,7 +251788,8 @@ CVE-2020-35467 (The Docker Docs Docker image through
2020-12-14 contains a blank
NOT-FOR-US: Docker Docs Docker image
CVE-2020-35466 (The Blackfire Docker image through 2020-12-14 contains a blank
passwor ...)
NOT-FOR-US: Blackfire Docker image
-CVE-2020-35465 (The FullArmor HAPI File Share Mount Docker image through
2020-12-14 co ...)
+CVE-2020-35465
+ REJECTED
NOT-FOR-US: FullArmor HAPI File Share Mount Docker image
CVE-2020-35464 (Version 1.3.0 of the Weave Cloud Agent Docker image contains a
blank p ...)
NOT-FOR-US: Weave Cloud Agent Docker image
@@ -265165,7 +265182,7 @@ CVE-2020-26734
RESERVED
CVE-2020-26733 (Cross Site Scripting (XSS) in Configuration page in SKYWORTH
GN542VF H ...)
NOT-FOR-US: SKYWORTH GN542VF Hardware
-CVE-2020-26732 (SKYWORTH GN542VF Boa version 0.94.13 does not set the Secure
flag for ...)
+CVE-2020-26732 (SKYWORTH GN542VF Hardware Version 2.0 and Software Version
2.0.0.16 do ...)
NOT-FOR-US: Skyworth GN542VF Boa
CVE-2020-26731
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c666d8020ff9b386d73c8b980472b116c55c6b8e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c666d8020ff9b386d73c8b980472b116c55c6b8e
You're receiving
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
865bd4ed by security tracker role at 2024-05-02T08:11:48+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,35 @@
+CVE-2024-4142 (An Improper input validation vulnerability that could
potentially lead ...)
+ TODO: check
+CVE-2024-3490 (The WP Recipe Maker plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-3481 (The Counter Box WordPress plugin before 1.2.4 does not have
CSRF chec ...)
+ TODO: check
+CVE-2024-3478 (The Herd Effects WordPress plugin before 5.2.7 does not have
CSRF che ...)
+ TODO: check
+CVE-2024-3477 (The Popup Box WordPress plugin before 2.2.7 does not have CSRF
checks ...)
+ TODO: check
+CVE-2024-3476 (The Side Menu Lite WordPress plugin before 4.2.1 does not have
CSRF c ...)
+ TODO: check
+CVE-2024-3475 (The Sticky Buttons WordPress plugin before 3.2.4 does not have
CSRF c ...)
+ TODO: check
+CVE-2024-3474 (The Wow Skype Buttons WordPress plugin before 4.0.4 does not
have CSRF ...)
+ TODO: check
+CVE-2024-3472 (The Modal Window WordPress plugin before 5.3.10 does not have
CSRF ch ...)
+ TODO: check
+CVE-2024-3471 (The Button Generator WordPress plugin before 3.0 does not have
CSRF c ...)
+ TODO: check
+CVE-2024-3280 (The Follow Us Badges plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2024-32971 (Apollo Router is a configurable, graph router written in Rust
to run a ...)
+ TODO: check
+CVE-2024-32962 (xml-crypto is an xml digital signature and encryption library
for Node ...)
+ TODO: check
+CVE-2024-32882 (Wagtail is an open source content management system built on
Django. I ...)
+ TODO: check
+CVE-2024-2405 (The Float menu WordPress plugin before 6.0.1 does not have
CSRF check ...)
+ TODO: check
+CVE-2023-51631 (D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer
Overflow ...)
+ TODO: check
CVE-2024-33835 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in
the remo ...)
NOT-FOR-US: Tenda
CVE-2024-33820 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4
Firmware V ...)
@@ -468,10 +500,12 @@ CVE-2022-48669 (In the Linux kernel, the following
vulnerability has been resolv
[buster] - linux (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/cda9c0d556283e2d4adaa9960b2dc19b16156bae (6.9-rc1)
CVE-2024-4331 (Use after free in Picture In Picture in Google Chrome prior to
124.0.6 ...)
+ {DSA-5676-1}
- chromium 124.0.6367.118-1
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
CVE-2024-4368 (Use after free in Dawn in Google Chrome prior to 124.0.6367.118
allowe ...)
+ {DSA-5676-1}
- chromium 124.0.6367.118-1
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
@@ -158237,7 +158271,8 @@ CVE-2022-27460
RESERVED
CVE-2022-27459
RESERVED
-CVE-2022-27458 (MariaDB Server v10.6.3 and below was discovered to contain an
use-afte ...)
+CVE-2022-27458
+ REJECTED
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5
@@ -205736,10 +205771,10 @@ CVE-2021-36596
RESERVED
CVE-2021-36595
RESERVED
-CVE-2021-36594
- RESERVED
-CVE-2021-36593
- RESERVED
+CVE-2021-36594 (SSRF in Oxwall 1.8.7 (1) allows an attacker to execute
arbitrary c ...)
+ TODO: check
+CVE-2021-36593 (Oxwall 1.8.7 (1) is vulnerable to Incorrect Access
Control. Unauth ...)
+ TODO: check
CVE-2021-36592
RESERVED
CVE-2021-36591
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/865bd4ed64ada8c2bc0d2643d129b57fea269fea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/865bd4ed64ada8c2bc0d2643d129b57fea269fea
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7cb76107 by security tracker role at 2024-05-01T20:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,342 +1,476 @@ -CVE-2024-27392 [nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()] +CVE-2024-33835 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remo ...) + TODO: check +CVE-2024-33820 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V ...) + TODO: check +CVE-2024-33775 (An issue with the Autodiscover component in Nagios XI 2024R1.01 allows ...) + TODO: check +CVE-2024-33518 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) + TODO: check +CVE-2024-33517 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) + TODO: check +CVE-2024-33516 (An unauthenticated Denial of Service (DoS) vulnerability exists in the ...) + TODO: check +CVE-2024-33515 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...) + TODO: check +CVE-2024-33514 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...) + TODO: check +CVE-2024-33513 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...) + TODO: check +CVE-2024-33512 (There is a buffer overflow vulnerability in the underlying Local User ...) + TODO: check +CVE-2024-33511 (There is a buffer overflow vulnerability in the underlying Automatic R ...) + TODO: check +CVE-2024-33442 (An issue in flusity-CMS v.2.33 allows a remote attacker to execute arb ...) + TODO: check +CVE-2024-33431 (An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a ...) + TODO: check +CVE-2024-33430 (An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 a ...) + TODO: check +CVE-2024-33429 (Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 ...) + TODO: check +CVE-2024-33428 (Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 a ...) + TODO: check +CVE-2024-33424 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...) + TODO: check +CVE-2024-33423 (Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSim ...) + TODO: check +CVE-2024-33393 (An issue in spidernet-io spiderpool v.0.9.3 and before allows a local ...) + TODO: check +CVE-2024-33307 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...) + TODO: check +CVE-2024-33306 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...) + TODO: check +CVE-2024-33304 (SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scrip ...) + TODO: check +CVE-2024-33300 (Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross ...) + TODO: check +CVE-2024-33292 (SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote ...) + TODO: check +CVE-2024-33078 (Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send ...) + TODO: check +CVE-2024-32984 (Yamux is a stream multiplexer over reliable, ordered connections such ...) + TODO: check +CVE-2024-32979 (Nautobot is a Network Source of Truth and Network Automation Platform ...) + TODO: check +CVE-2024-32973 (Pluto is a superset of Lua 5.4 with a focus on general-purpose program ...) + TODO: check +CVE-2024-32213 (The LoMag WareHouse Management application version 1.0.20.120 and olde ...) + TODO: check +CVE-2024-32212 (SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0. ...) + TODO: check +CVE-2024-32211 (An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before a ...) + TODO: check +CVE-2024-32210 (The LoMag WareHouse Management application version 1.0.20.120 and olde ...) + TODO: check +CVE-2024-31413 (Free of pointer not at start of buffer vulnerability exists in CX-One ...) + TODO: check +CVE-2024-31412 (Out-of-bounds read vulnerability exists in CX-Programmer included in C ...) + TODO: check +CVE-2024-30176 (In Logpoint before 7.4.0, an attacker can enumerate a valid list of us ...) + TODO: check +CVE-2024-29011 (Use of hard-coded password in the GMS ECM endpoint leading to authenti ...) + TODO: check +CVE-2024-29010 (The XML document processed in the GMS ECM URL endpoint is vulnerable t ...) + TODO: check +CVE-2024-28893 (Certain HP software packages (SoftPaqs) are potentially vulnerable to ...) + TODO: check +CVE-2024-28775 (IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. ...) + TODO: check +CVE-2024-28764 (IBM WebSphere Automation 1.7.0 could allow an attacker with privileged ...) + TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 73ae8f0d by security tracker role at 2024-05-01T08:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,426 +1,474 @@ -CVE-2024-27022 [fork: defer linking file vma until vma is fully initialized] +CVE-2024-4369 (An information disclosure flaw was found in OpenShift's internal image ...) + TODO: check +CVE-2024-4349 (A vulnerability has been found in SourceCodester Pisay Online E-Learni ...) + TODO: check +CVE-2024-4348 (A vulnerability, which was classified as problematic, was found in osC ...) + TODO: check +CVE-2024-4192 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of ...) + TODO: check +CVE-2024-3591 (The Geo Controller WordPress plugin before 8.6.5 unserializes user inp ...) + TODO: check +CVE-2024-34149 (In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots202311 ...) + TODO: check +CVE-2024-33768 (lunasvg v2.3.9 was discovered to contain a segmentation violation via ...) + TODO: check +CVE-2024-33767 (lunasvg v2.3.9 was discovered to contain a segmentation violation via ...) + TODO: check +CVE-2024-33766 (lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Except ...) + TODO: check +CVE-2024-33764 (lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/s ...) + TODO: check +CVE-2024-33763 (lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at l ...) + TODO: check +CVE-2024-32970 (Phlex is a framework for building object-oriented views in Ruby. In af ...) + TODO: check +CVE-2024-32967 (Zitadel is an open source identity management system. In case ZITADEL ...) + TODO: check +CVE-2024-32966 (Static Web Server (SWS) is a tiny and fast production-ready web server ...) + TODO: check +CVE-2024-32963 (Navidrome is an open source web-based music collection server and stre ...) + TODO: check +CVE-2024-32890 (librespeed/speedtest is an open source, self-hosted speed test for HTM ...) + TODO: check +CVE-2024-32018 (RIOT is a real-time multi-threading operating system that supports a r ...) + TODO: check +CVE-2024-32017 (RIOT is a real-time multi-threading operating system that supports a r ...) + TODO: check +CVE-2024-31225 (RIOT is a real-time multi-threading operating system that supports a r ...) + TODO: check +CVE-2024-29466 (Directory Traversal vulnerability in lsgwr spring boot online exam v.0 ...) + TODO: check +CVE-2024-28979 (Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS i ...) + TODO: check +CVE-2024-28978 (Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Imprope ...) + TODO: check +CVE-2024-23336 (MyBB is a free and open source forum software. The default list of dis ...) + TODO: check +CVE-2024-23335 (MyBB is a free and open source forum software. The backup management m ...) + TODO: check +CVE-2024-27022 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/35e351780fa9d8240dd6f7e4f245f9ea37e96c19 (6.9-rc5) -CVE-2024-27021 [r8169: fix LED-related deadlock on module removal] +CVE-2024-27021 (In the Linux kernel, the following vulnerability has been resolved: r ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/19fa4f2a85d777a8052e869c1b892a2f7556569d (6.9-rc4) -CVE-2024-27020 [netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()] +CVE-2024-27020 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux NOTE: https://git.kernel.org/linus/f969eb84ce482331a991079ab7a5c4dc3b7f89bf (6.9-rc5) -CVE-2024-27019 [netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()] +CVE-2024-27019 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux NOTE: https://git.kernel.org/linus/d78d867dcea69c328db30df665be5be7d0148484 (6.9-rc5) -CVE-2024-27018 [netfilter: br_netfilter: skip conntrack input hook for promisc packets] +CVE-2024-27018 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/751de2012eafa4d46d8081056761fa0e9cc8a178 (6.9-rc5) -CVE-2024-27017 [netfilter: nft_set_pipapo: walk over current view on
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 522a2023 by security tracker role at 2024-04-30T20:12:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,113 @@ +CVE-2024-4340 (Passing a heavily nested list to sqlparse.parse() leads to a Denial of ...) + TODO: check +CVE-2024-4337 (Adive Framework 2.0.8, does not sufficiently encode user-controlled in ...) + TODO: check +CVE-2024-4336 (Adive Framework 2.0.8, does not sufficiently encode user-controlled in ...) + TODO: check +CVE-2024-4185 (The Customer Email Verification for WooCommerce plugin for WordPress i ...) + TODO: check +CVE-2024-3746 (The entire parent directory - C:\ScadaPro and its sub-directories and ...) + TODO: check +CVE-2024-3411 (Implementations of IPMI Authenticated sessions does not provide enough ...) + TODO: check +CVE-2024-3072 (The ACF Front End Editor plugin for WordPress is vulnerable to unautho ...) + TODO: check +CVE-2024-34088 (In FRRouting (FRR) through 9.1, it is possible for the get_edge() func ...) + TODO: check +CVE-2024-33832 (OneNav v0.9.35-20240318 was discovered to contain a Server-Side Reques ...) + TODO: check +CVE-2024-33831 (A stored cross-site scripting (XSS) vulnerability in the Advanced Expe ...) + TODO: check +CVE-2024-33465 (Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allow ...) + TODO: check +CVE-2024-33437 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) + TODO: check +CVE-2024-33436 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) + TODO: check +CVE-2024-33383 (Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allow ...) + TODO: check +CVE-2024-33371 (Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remot ...) + TODO: check +CVE-2024-2 (An issue discovered in SpringBlade 3.7.1 allows attackers to obtain se ...) + TODO: check +CVE-2024-33309 (An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and i ...) + TODO: check +CVE-2024-33308 (An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and i ...) + TODO: check +CVE-2024-33275 (SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and bef ...) + TODO: check +CVE-2024-33274 (Directory Traversal vulnerability in FME Modules customfields v.2.2.7 ...) + TODO: check +CVE-2024-33273 (SQL injection vulnerability in shipup before v.3.3.0 allows a remote a ...) + TODO: check +CVE-2024-33270 (An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2 ...) + TODO: check +CVE-2024-33267 (SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before a ...) + TODO: check +CVE-2024-33103 (An arbitrary file upload vulnerability in the Media Manager component ...) + TODO: check +CVE-2024-33102 (A stored cross-site scripting (XSS) vulnerability in the component /pu ...) + TODO: check +CVE-2024-33101 (A stored cross-site scripting (XSS) vulnerability in the component /ac ...) + TODO: check +CVE-2024-2877 (Vault Enterprise, when configured with performance standby nodes and a ...) + TODO: check +CVE-2024-2663 (The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server ...) + TODO: check +CVE-2024-2617 (A vulnerability exists in the RTU500 that allows for authenticated and ...) + TODO: check +CVE-2024-2378 (A vulnerability exists in the web-authentication component of the SDM6 ...) + TODO: check +CVE-2024-2377 (A vulnerability exists in the too permissive HTTP response header web ...) + TODO: check +CVE-2024-29384 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) + TODO: check +CVE-2024-29320 (Wallos before 1.15.3 is vulnerable to SQL Injection via the category a ...) + TODO: check +CVE-2024-28716 (An issue in OpenStack Storlets yoga-eom allows a remote attacker to ex ...) + TODO: check +CVE-2024-28269 (ReCrystallize Server 5.10.0.0 allows administrators to upload files to ...) + TODO: check +CVE-2024-26331 (ReCrystallize Server 5.10.0.0 uses a authorization mechanism that reli ...) + TODO: check +CVE-2024-25938 (A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0 ...) + TODO: check +CVE-2024-25648 (A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0 ...) + TODO: check +CVE-2024-25575 (A type confusion vulnerability vulnerability exists in the way Foxit R ...) + TODO: check +CVE-2024-23774 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...) + TODO: check +CVE-2024-23773 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b9277d2b by security tracker role at 2024-04-30T08:11:48+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,63 @@ +CVE-2024-4327 (A vulnerability was found in Apryse WebViewer up to 10.8.0. It has bee ...) + TODO: check +CVE-2024-4226 (It was identified that in certain versions of Octopus Server, that a u ...) + TODO: check +CVE-2024-4225 (Multiple security vulnerabilities has been discovered in web interface ...) + TODO: check +CVE-2024-34050 (Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice b ...) + TODO: check +CVE-2024-34049 (Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice b ...) + TODO: check +CVE-2024-34048 (O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdat ...) + TODO: check +CVE-2024-34047 (O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateH ...) + TODO: check +CVE-2024-34046 (The O-RAN E2T I-Release Prometheus metric Increment function can crash ...) + TODO: check +CVE-2024-34045 (The O-RAN E2T I-Release Prometheus metric Increment function can crash ...) + TODO: check +CVE-2024-34044 (The O-RAN E2T I-Release buildPrometheusList function can have a NULL p ...) + TODO: check +CVE-2024-34043 (O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a ce ...) + TODO: check +CVE-2024-33522 (In vulnerable versions of Calico (v3.27.2 and below), Calico Enterpris ...) + TODO: check +CVE-2024-33401 (Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remot ...) + TODO: check +CVE-2024-33350 (Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote at ...) + TODO: check +CVE-2024-31837 (DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string ...) + TODO: check +CVE-2024-28294 (Limbas up to v5.2.14 was discovered to contain a SQL injection vulnera ...) + TODO: check +CVE-2024-27518 (An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 all ...) + TODO: check +CVE-2024-1371 (The LeadConnector plugin for WordPress is vulnerable to unauthorized m ...) + TODO: check +CVE-2024-0216 (The Google Doc Embedder plugin for WordPress is vulnerable to Server S ...) + TODO: check +CVE-2023-52728 (Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an i ...) + TODO: check +CVE-2023-52727 (Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an i ...) + TODO: check +CVE-2023-52726 (Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows i ...) + TODO: check +CVE-2023-52725 (Open Networking Foundation SD-RAN ONOS onos-kpimon 0.4.7 allows blocki ...) + TODO: check +CVE-2023-52724 (Open Networking Foundation SD-RAN onos-kpimon 0.4.7 allows out-of-boun ...) + TODO: check +CVE-2023-50434 (emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen wit ...) + TODO: check +CVE-2023-50433 (marshall in dhcp_packet.c in simple-dhcp-server through ec976d2 allows ...) + TODO: check +CVE-2023-50432 (simple-dhcp-server through ec976d2 allows remote attackers to cause a ...) + TODO: check +CVE-2023-46960 (Buffer Overflow vulnerability in PyPXE v.1.8.4 allows a remote attacke ...) + TODO: check +CVE-2023-46566 (Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e3 ...) + TODO: check +CVE-2023-31889 (An issue discovered in httpd in ASUS RT-AC51U with firmware version up ...) + TODO: check CVE-2024-4310 (Cross-site Scripting (XSS) vulnerability in HubBank affecting version ...) NOT-FOR-US: HubBank CVE-2024-4309 (SQL injection vulnerability in HubBank affecting version 1.0.2. This v ...) @@ -23009,7 +23069,7 @@ CVE-2024-22853 (D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded passw NOT-FOR-US: D-LINK CVE-2024-22852 (D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buff ...) NOT-FOR-US: D-LINK -CVE-2024-22773 (Intelbras Roteador ACtion RF 1200 1.2.2 esposes the Password in Cookie ...) +CVE-2024-22773 (Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 ...) NOT-FOR-US: Intelbras Roteador ACtion RF 1200 CVE-2024-22208 (phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9277d2b4c6ccf35157fb43ccdf6f92408025ea4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9277d2b4c6ccf35157fb43ccdf6f92408025ea4 You're receiving this email because of your account on salsa.debian.org. ___
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 796f8713 by security tracker role at 2024-04-29T20:12:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,133 @@ +CVE-2024-4310 (Cross-site Scripting (XSS) vulnerability in HubBank affecting version ...) + TODO: check +CVE-2024-4309 (SQL injection vulnerability in HubBank affecting version 1.0.2. This v ...) + TODO: check +CVE-2024-4308 (SQL injection vulnerability in HubBank affecting version 1.0.2. This v ...) + TODO: check +CVE-2024-4307 (SQL injection vulnerability in HubBank affecting version 1.0.2. This v ...) + TODO: check +CVE-2024-4306 (Critical unrestricted file upload vulnerability in HubBank affecting v ...) + TODO: check +CVE-2024-4304 (A Cross-Site Scripting XSS vulnerability has been detected on GT3 Solu ...) + TODO: check +CVE-2024-3375 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) + TODO: check +CVE-2024-34020 (A stack-based buffer overflow was found in the putSDN() function of ma ...) + TODO: check +CVE-2024-34011 (Local privilege escalation due to insecure folder permissions. The fol ...) + TODO: check +CVE-2024-34010 (Local privilege escalation due to unquoted search path vulnerability. ...) + TODO: check +CVE-2024-33684 (Missing Authorization vulnerability in Pdfcrowd Save as PDF plugin by ...) + TODO: check +CVE-2024-33652 (Missing Authorization vulnerability in Real Big Plugins Client Dash.Th ...) + TODO: check +CVE-2024-33636 (Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget ...) + TODO: check +CVE-2024-33635 (Missing Authorization vulnerability in Piotnet Piotnet Addons For Elem ...) + TODO: check +CVE-2024-33597 (Missing Authorization vulnerability in ProFaceOff SSU.This issue affec ...) + TODO: check +CVE-2024-33596 (Missing Authorization vulnerability in Five Star Plugins Five Star Res ...) + TODO: check +CVE-2024-33595 (Missing Authorization vulnerability in Jewel Theme Master Addons for E ...) + TODO: check +CVE-2024-33594 (Missing Authorization vulnerability in Leaky Paywall.This issue affect ...) + TODO: check +CVE-2024-33593 (Missing Authorization vulnerability in RedNao Smart Forms.This issue a ...) + TODO: check +CVE-2024-33591 (Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept ...) + TODO: check +CVE-2024-33590 (Server-Side Request Forgery (SSRF) vulnerability in codeSavory Knowled ...) + TODO: check +CVE-2024-33589 (Missing Authorization vulnerability in WPOmnia KB Support.This issue a ...) + TODO: check +CVE-2024-33588 (Missing Authorization vulnerability in codeSavory Knowledge Base docum ...) + TODO: check +CVE-2024-33587 (Missing Authorization vulnerability in Copy Content Protection Team Se ...) + TODO: check +CVE-2024-33586 (Missing Authorization vulnerability in Photo Gallery Team Photo Galler ...) + TODO: check +CVE-2024-33585 (Missing Authorization vulnerability in Tyche Softwares Payment Gateway ...) + TODO: check +CVE-2024-33558 (Missing Authorization vulnerability in 8theme XStore Core.This issue a ...) + TODO: check +CVE-2024-33449 (An SSRF issue in the PDFMyURL service allows a remote attacker to obta ...) + TODO: check +CVE-2024-33445 (An issue in hisiphp v2.0.111 allows a remote attacker to execute arbit ...) + TODO: check +CVE-2024-33444 (SQL injection vulnerability in onethink v.1.1 allows a remote attacker ...) + TODO: check +CVE-2024-33443 (An issue in onethink v.1.1 allows a remote attacker to execute arbitra ...) + TODO: check +CVE-2024-33438 (File Upload vulnerability in CubeCart before 6.5.5 allows an authentic ...) + TODO: check +CVE-2024-33435 (Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Tec ...) + TODO: check +CVE-2024-33345 (D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer derefe ...) + TODO: check +CVE-2024-8 (Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote ...) + TODO: check +CVE-2024-33276 (SQL Injection vulnerability in FME Modules preorderandnotication v.3.1 ...) + TODO: check +CVE-2024-33272 (SQL injection vulnerability in KnowBand for PrestaShop autosuggest bef ...) + TODO: check +CVE-2024-33271 (An issue in FME Modules eventsmanager before 4.4.0 allows an attacker ...) + TODO: check +CVE-2024-33269 (SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before ...) + TODO: check +CVE-2024-33268 (SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 al ...) + TODO: check +CVE-2024-33266 (SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8 ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0f8fa9a7 by security tracker role at 2024-04-29T08:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,119 @@
+CVE-2024-4303 (ArmorX Android APP's multi-factor authentication (MFA) for the
login f ...)
+ TODO: check
+CVE-2024-4302 (Super 8 Live Chat online customer service platform fails to
properly f ...)
+ TODO: check
+CVE-2024-4301 (N-Reporter and N-Cloud, products of the N-Partner, have an OS
Command ...)
+ TODO: check
+CVE-2024-4300 (E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive
information in ...)
+ TODO: check
+CVE-2024-4299 (The system configuration interface of HGiga iSherlock
(including MailS ...)
+ TODO: check
+CVE-2024-4298 (The email search interface of HGiga iSherlock (including
MailSherlock, ...)
+ TODO: check
+CVE-2024-4297 (The system configuration interface of HGiga iSherlock
(including MailS ...)
+ TODO: check
+CVE-2024-4296 (The account management interface of HGiga iSherlock (including
MailShe ...)
+ TODO: check
+CVE-2024-3196 (A vulnerability was found in MailCleaner up to 2023.03.14. It
has been ...)
+ TODO: check
+CVE-2024-3195 (A vulnerability was found in MailCleaner up to 2023.03.14. It
has been ...)
+ TODO: check
+CVE-2024-3194 (A vulnerability was found in MailCleaner up to 2023.03.14 and
classifi ...)
+ TODO: check
+CVE-2024-3193 (A vulnerability has been found in MailCleaner up to 2023.03.14
and cla ...)
+ TODO: check
+CVE-2024-3192 (A vulnerability, which was classified as problematic, was found
in Mai ...)
+ TODO: check
+CVE-2024-3191 (A vulnerability, which was classified as critical, has been
found in M ...)
+ TODO: check
+CVE-2024-33905 (In Telegram WebK before 2.0.0 (488), a crafted Mini Web App
allows XSS ...)
+ TODO: check
+CVE-2024-33904 (In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before
28c8561), ...)
+ TODO: check
+CVE-2024-33903 (In CARLA through 0.9.15.2, the collision sensor mishandles
some situat ...)
+ TODO: check
+CVE-2024-33899 (RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows
attacke ...)
+ TODO: check
+CVE-2024-33891 (Delinea Secret Server before 11.7.01 allows attackers to
bypass au ...)
+ TODO: check
+CVE-2024-33686 (Missing Authorization vulnerability in Extend Themes Pathway,
Extend T ...)
+ TODO: check
+CVE-2024-33681 (Cross-Site Request Forgery (CSRF) vulnerability in Sandor
Kovacs Regen ...)
+ TODO: check
+CVE-2024-33649 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33648 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33646 (Cross-Site Request Forgery (CSRF) vulnerability in Toast
Plugins Stick ...)
+ TODO: check
+CVE-2024-33645 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33643 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33641 (Deserialization of Untrusted Data vulnerability in Team Yoast
Custom f ...)
+ TODO: check
+CVE-2024-33640 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33637 (Insertion of Sensitive Information into Log File vulnerability
in Soli ...)
+ TODO: check
+CVE-2024-33634 (Server-Side Request Forgery (SSRF) vulnerability in Piotnet
Piotnet Ad ...)
+ TODO: check
+CVE-2024-33633 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33632 (Cross-Site Request Forgery (CSRF) vulnerability in Piotnet
Piotnet Add ...)
+ TODO: check
+CVE-2024-33631 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33630 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33629 (Server-Side Request Forgery (SSRF) vulnerability in Creative
Motion Au ...)
+ TODO: check
+CVE-2024-33627 (Server-Side Request Forgery (SSRF) vulnerability in Cusmin
Absolutely ...)
+ TODO: check
+CVE-2024-33584 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in D ...)
+ TODO: check
+CVE-2024-33575 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-33571 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33566 (Missing Authorization vulnerability in N-Media OrderConvo
allows OS Co ...)
+ TODO: check
+CVE-2024-33562 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 80610b94 by security tracker role at 2024-04-28T20:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,190 +1,208 @@ -CVE-2024-26928 [smb: client: fix potential UAF in cifs_debug_files_proc_show()] +CVE-2024-4294 (A vulnerability, which was classified as critical, has been found in P ...) + TODO: check +CVE-2024-4293 (A vulnerability classified as problematic was found in PHPGurukul Doct ...) + TODO: check +CVE-2024-4292 (A vulnerability classified as critical has been found in Contemporary ...) + TODO: check +CVE-2024-33883 (The ejs (aka Embedded JavaScript templates) package before 3.1.10 for ...) + TODO: check +CVE-2024-33851 (phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based t ...) + TODO: check +CVE-2024-25050 (IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2 ...) + TODO: check +CVE-2023-52722 (An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zm ...) + TODO: check +CVE-2022-48685 (An issue was discovered in Logpoint 7.1 before 7.1.2. The daily execut ...) + TODO: check +CVE-2022-48684 (An issue was discovered in Logpoint before 7.1.1. Template injection w ...) + TODO: check +CVE-2024-26928 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/ca545b7f0823f19db0f1148d59bc5e1a56634502 (6.9-rc3) -CVE-2024-26927 [ASoC: SOF: Add some bounds checking to firmware data] +CVE-2024-26927 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/98f681b0f84cfc3a1d83287b77697679e0398306 (6.9-rc1) -CVE-2022-48668 [smb3: fix temporary data corruption in collapse range] +CVE-2022-48668 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4 (6.0-rc4) -CVE-2022-48667 [smb3: fix temporary data corruption in insert range] +CVE-2022-48667 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9c8b7a293f50253e694f19161c045817a938e551 (6.0-rc4) -CVE-2022-48666 [scsi: core: Fix a use-after-free] +CVE-2022-48666 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.0.2-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8fe4ce5836e932f5766317cb651c1ff2a4cd0506 (6.0-rc5) -CVE-2022-48665 [exfat: fix overflow for large capacity partition] +CVE-2022-48665 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2e9ceb6728f1dc2fa4b5d08f37d88cbc49a20a62 (6.0-rc7) -CVE-2022-48664 [btrfs: fix hang during unmount when stopping a space reclaim worker] +CVE-2022-48664 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 NOTE: https://git.kernel.org/linus/a362bb864b8db4861977d00bd2c3222503ccc34b (6.0-rc7) -CVE-2022-48663 [gpio: mockup: fix NULL pointer dereference when removing debugfs] +CVE-2022-48663 (In the Linux kernel, the following vulnerability has been resolved: g ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b7df41a6f79dfb18ba2203f8c5f0e9c0b9b57f68 (6.0-rc7) -CVE-2022-48662 [drm/i915/gem: Really move i915_gem_context.link under ref protection] +CVE-2022-48662 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d119888b09bd567e07c6b93a07f175df88857e02 (6.0-rc7) -CVE-2022-48661 [gpio: mockup: Fix potential resource leakage when register a chip] +CVE-2022-48661 (In the Linux kernel, the following vulnerability has been resolved: g ...) - linux 6.0.2-1
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e63461bf by security tracker role at 2024-04-27T20:12:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,31 @@
+CVE-2024-4291 (A vulnerability was found in Tenda A301
15.13.08.12_multi_TDE01. It ha ...)
+ TODO: check
+CVE-2024-4257 (A vulnerability was found in BlueNet Technology Clinical
Browsing Syst ...)
+ TODO: check
+CVE-2024-4256 (A vulnerability was found in Techkshetra Info Solutions Savsoft
Quiz 6 ...)
+ TODO: check
+CVE-2024-4255 (A vulnerability, which was classified as critical, has been
found in R ...)
+ TODO: check
+CVE-2024-4252 (A vulnerability classified as critical has been found in Tenda
i22 1.0 ...)
+ TODO: check
+CVE-2024-4251 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has
been rat ...)
+ TODO: check
+CVE-2024-4250 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has
been dec ...)
+ TODO: check
+CVE-2024-4249 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has
been cla ...)
+ TODO: check
+CVE-2024-4248 (A vulnerability was found in Tenda i21 1.0.0.14(4656) and
classified a ...)
+ TODO: check
+CVE-2024-4247 (A vulnerability has been found in Tenda i21 1.0.0.14(4656) and
classif ...)
+ TODO: check
+CVE-2024-4246 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2024-3342 (The Timetable and Event Schedule by MotoPress plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-3309 (The Qi Addons For Elementor plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2024-25048 (IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based
buffer ...)
+ TODO: check
CVE-2024-4245 (A vulnerability, which was classified as critical, has been
found in T ...)
NOT-FOR-US: Tenda
CVE-2024-4244 (A vulnerability classified as critical was found in Tenda W9
1.0.0.7(4 ...)
@@ -30891,6 +30919,7 @@ CVE-2023-51708 (Bentley eB System Management Console
applications within Assetwi
CVE-2023-51707 (MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG
allows r ...)
NOT-FOR-US: MotionPro
CVE-2023-51704 (An issue was discovered in MediaWiki before 1.35.14, 1.36.x
through 1. ...)
+ {DLA-3796-1}
- mediawiki 1:1.39.6-1
[bookworm] - mediawiki 1:1.39.7-1~deb12u1
[bullseye] - mediawiki (Minor issue, fix along in next
update)
@@ -79680,8 +79709,8 @@ CVE-2023-1002 (A vulnerability, which was classified as
problematic, has been fo
NOT-FOR-US: MuYuCMS
CVE-2023-1001
RESERVED
-CVE-2023-1000
- RESERVED
+CVE-2023-1000 (A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It
has be ...)
+ TODO: check
CVE-2023-0999 (A vulnerability classified as problematic was found in
SourceCodester ...)
NOT-FOR-US: SourceCodester Sales Tracker Management System
CVE-2023-0998 (A vulnerability classified as critical has been found in
SourceCodeste ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e63461bf63f381231603dda8819a79f482702c4d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e63461bf63f381231603dda8819a79f482702c4d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5a993a91 by security tracker role at 2024-04-27T08:11:30+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,51 @@ +CVE-2024-4245 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-4244 (A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4 ...) + TODO: check +CVE-2024-4243 (A vulnerability classified as critical has been found in Tenda W9 1.0. ...) + TODO: check +CVE-2024-4242 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated ...) + TODO: check +CVE-2024-4241 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been decla ...) + TODO: check +CVE-2024-4240 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been class ...) + TODO: check +CVE-2024-4239 (A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as cr ...) + TODO: check +CVE-2024-3052 (Malformed S2 Nonce Get command classes can be sent to crash the gatewa ...) + TODO: check +CVE-2024-3051 (Malformed Device Reset Locally command classes can be sent to temporar ...) + TODO: check +CVE-2024-3034 (The BackUpWordPress plugin for WordPress is vulnerable to Directory Tr ...) + TODO: check +CVE-2024-32887 (Sidekiq is simple, efficient background processing for Ruby. Sidekiq i ...) + TODO: check +CVE-2024-32883 (MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot u ...) + TODO: check +CVE-2024-32881 (Danswer is the AI Assistant connected to company's docs, apps, and peo ...) + TODO: check +CVE-2024-32878 (Llama.cpp is LLM inference in C/C++. There is a use of uninitialized h ...) + TODO: check +CVE-2024-31828 (Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows att ...) + TODO: check +CVE-2024-31741 (Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote a ...) + TODO: check +CVE-2024-31601 (An issue in Beijing Panabit Network Software Co., Ltd Panalog big data ...) + TODO: check +CVE-2024-31551 (Directory Traversal vulnerability in lib/admin/image.admin.php in cmse ...) + TODO: check +CVE-2024-31502 (An issue in Insurance Management System v.1.0.0 and before allows a re ...) + TODO: check +CVE-2024-30804 (An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert ...) + TODO: check +CVE-2024-2859 (By default, SANnav OVA is shipped with root user login enabled. While ...) + TODO: check +CVE-2024-2838 (The WPC Composite Products for WooCommerce plugin for WordPress is vul ...) + TODO: check +CVE-2024-2258 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact For ...) + TODO: check +CVE-2024-28322 (SQL Injection vulnerability in /event-management-master/backend/regist ...) + TODO: check CVE-2024-4238 (A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified ...) TODO: check CVE-2024-4237 (A vulnerability, which was classified as critical, was found in Tenda ...) @@ -1201,13 +1249,13 @@ CVE-2024-29965 (In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to NOT-FOR-US: Brocade SANnav CVE-2024-29964 (Brocade SANnav versions before v2.3.0a do not correctly set permission ...) NOT-FOR-US: Brocade SANnav -CVE-2024-29963 (Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded keys ...) +CVE-2024-29963 (Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS k ...) NOT-FOR-US: Brocade SANnav CVE-2024-29962 (Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file per ...) NOT-FOR-US: Brocade SANnav CVE-2024-29961 (A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It a ...) NOT-FOR-US: Brocade SANnav -CVE-2024-29960 (In the Brocade SANnav server versions before v2.3.1 and v2.3.0a, the S ...) +CVE-2024-29960 (In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys insid ...) NOT-FOR-US: Brocade SANnav CVE-2024-29959 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Bro ...) NOT-FOR-US: Brocade SANnav View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a993a911078a8b61b85a31f3dc2f6ff91d339a5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a993a911078a8b61b85a31f3dc2f6ff91d339a5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9c638f00 by security tracker role at 2024-04-26T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,4 +1,146 @@
-CVE-2023-52646 [aio: fix mremap after fork null-deref]
+CVE-2024-4238 (A vulnerability has been found in Tenda AX1806 1.0.0.1 and
classified ...)
+ TODO: check
+CVE-2024-4237 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2024-4236 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2024-4235 (A vulnerability classified as problematic was found in Netgear
DG834Gv ...)
+ TODO: check
+CVE-2024-4234 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-4198 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before
8.1.12 ...)
+ TODO: check
+CVE-2024-4195 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before
8.1.12 ...)
+ TODO: check
+CVE-2024-4183 (Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1,
9.5.x bef ...)
+ TODO: check
+CVE-2024-4182 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before
9.4.5, and ...)
+ TODO: check
+CVE-2024-3962 (The Product Addons & Fields for WooCommerce plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2024-3682 (The WP STAGING and WP STAGING Pro plugins for WordPress are
vulnerable ...)
+ TODO: check
+CVE-2024-3076 (The MM-email2image WordPress plugin through 0.2.5 does not have
CSRF c ...)
+ TODO: check
+CVE-2024-33697 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33696 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33695 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33694 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33693 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33692 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33691 (Cross-Site Request Forgery (CSRF) vulnerability in
OptinMonster Popup ...)
+ TODO: check
+CVE-2024-33690 (Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio
Financio. ...)
+ TODO: check
+CVE-2024-33689 (Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli,
Tony Ha ...)
+ TODO: check
+CVE-2024-33688 (Cross-Site Request Forgery (CSRF) vulnerability in Extend
Themes Telur ...)
+ TODO: check
+CVE-2024-33683 (Cross-Site Request Forgery (CSRF) vulnerability in WP Republic
Hide Da ...)
+ TODO: check
+CVE-2024-33682 (Cross-Site Request Forgery (CSRF) vulnerability in Cookie
Information ...)
+ TODO: check
+CVE-2024-33680 (Cross-Site Request Forgery (CSRF) vulnerability in MainWP
MainWP Child ...)
+ TODO: check
+CVE-2024-33679 (Cross-Site Request Forgery (CSRF) vulnerability in FameThemes
FameThem ...)
+ TODO: check
+CVE-2024-33678 (Cross-Site Request Forgery (CSRF) vulnerability in ClickCease
ClickCea ...)
+ TODO: check
+CVE-2024-33677 (Cross-Site Request Forgery (CSRF) vulnerability in Renzo
Johnson Conta ...)
+ TODO: check
+CVE-2024-33344 (D-Link DIR-822+ V1.0.5 was found to contain a command
injection in fte ...)
+ TODO: check
+CVE-2024-33343 (D-Link DIR-822+ V1.0.5 was found to contain a command
injection in Chg ...)
+ TODO: check
+CVE-2024-33342 (D-Link DIR-822+ V1.0.5 was found to contain a command
injection in Set ...)
+ TODO: check
+CVE-2024-33263 (QuickJS commit 3b45d15 was discovered to contain an Assertion
Failure ...)
+ TODO: check
+CVE-2024-33260 (Jerryscript commit cefd391 was discovered to contain a
segmentation vi ...)
+ TODO: check
+CVE-2024-33259 (Jerryscript commit cefd391 was discovered to contain a
segmentation vi ...)
+ TODO: check
+CVE-2024-33258 (Jerryscript commit ff9ff8f was discovered to contain a
segmentation vi ...)
+ TODO: check
+CVE-2024-33255 (Jerryscript commit cefd391 was discovered to contain an
Assertion Fail ...)
+ TODO: check
+CVE-2024-32957 (Missing Authorization vulnerability in Live Composer Team Page
Builder ...)
+ TODO: check
+CVE-2024-32884 (gitoxide is a pure Rust implementation of Git. `gix-transport`
does no ...)
+ TODO: check
+CVE-2024-32880 (pyload is an open-source Download Manager written in pure
Python. An a ...)
+ TODO: check
+CVE-2024-32829 (Missing Authorization vulnerability in Supsystic Data Tables
Generator ...)
+ TODO: check
+CVE-2024-32828 (Missing Authorization
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
821a6aa0 by security tracker role at 2024-04-26T08:11:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,109 @@
+CVE-2024-4163 (The Skylab IGX IIoT Gateway allowed users to connect to it via
a limit ...)
+ TODO: check
+CVE-2024-4056 (Denial of service condition in M-Files Server in versions
before 24.4. ...)
+ TODO: check
+CVE-2024-3890 (The Happy Addons for Elementor plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2024-3678 (The Blog2Social: Social Media Auto Post & Scheduler plugin for
WordPre ...)
+ TODO: check
+CVE-2024-3265 (The Advanced Search WordPress plugin through 1.1.6 does not
properly e ...)
+ TODO: check
+CVE-2024-3188 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress
plugin b ...)
+ TODO: check
+CVE-2024-3075 (The MM-email2image WordPress plugin through 0.2.5 does not
validate an ...)
+ TODO: check
+CVE-2024-3060 (The ENL Newsletter WordPress plugin through 1.0.1 does not
sanitize an ...)
+ TODO: check
+CVE-2024-3059 (The ENL Newsletter WordPress plugin through 1.0.1 does not have
CSRF c ...)
+ TODO: check
+CVE-2024-3058 (The ENL Newsletter WordPress plugin through 1.0.1 does not have
CSRF c ...)
+ TODO: check
+CVE-2024-3048 (The Bannerlid WordPress plugin through 1.1.0 does not escape
generated ...)
+ TODO: check
+CVE-2024-33673 (An issue was discovered in Veritas Backup Exec before 22.2
HotFix 9173 ...)
+ TODO: check
+CVE-2024-33672 (An issue was discovered in Veritas NetBackup before 10.4. The
Multi-Th ...)
+ TODO: check
+CVE-2024-33671 (An issue was discovered in Veritas Backup Exec before 22.2
HotFix 9173 ...)
+ TODO: check
+CVE-2024-33670 (Passbolt API before 4.6.2 allows HTML injection in a URL
parameter, re ...)
+ TODO: check
+CVE-2024-33669 (An issue was discovered in Passbolt Browser Extension before
4.6.2. It ...)
+ TODO: check
+CVE-2024-33668 (An issue was discovered in Zammad before 6.3.0. The Zammad
Upload Cach ...)
+ TODO: check
+CVE-2024-33667 (An issue was discovered in Zammad before 6.3.0. An
authenticated agent ...)
+ TODO: check
+CVE-2024-33666 (An issue was discovered in Zammad before 6.3.0. Users with
customer ac ...)
+ TODO: check
+CVE-2024-33665 (angular-translate through 2.19.1 allows XSS via a crafted key
that is ...)
+ TODO: check
+CVE-2024-33664 (python-jose through 3.3.0 allows attackers to cause a denial
of servic ...)
+ TODO: check
+CVE-2024-33663 (python-jose through 3.3.0 has algorithm confusion with OpenSSH
ECDSA k ...)
+ TODO: check
+CVE-2024-33661 (Portainer before 2.20.0 allows redirects when the target is
not index. ...)
+ TODO: check
+CVE-2024-33651 (Cross-Site Request Forgery (CSRF) vulnerability in Matthew
Fries MF Gi ...)
+ TODO: check
+CVE-2024-33650 (Cross-Site Request Forgery (CSRF) vulnerability in Cryout
Creations Se ...)
+ TODO: check
+CVE-2024-33642 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33639 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33638 (Cross-Site Request Forgery (CSRF) vulnerability in Brijesh
Kothari Sma ...)
+ TODO: check
+CVE-2024-33598 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32868 (ZITADEL provides users the possibility to use Time-based
One-Time-Pass ...)
+ TODO: check
+CVE-2024-32651 (changedetection.io is an open source web page change
detection, websit ...)
+ TODO: check
+CVE-2024-32406 (Server-Side Template Injection (SSTI) vulnerability in inducer
relate ...)
+ TODO: check
+CVE-2024-32404 (Server-Side Template Injection (SSTI) vulnerability in inducer
relate ...)
+ TODO: check
+CVE-2024-31755 (cJSON v1.7.17 was discovered to contain a segmentation
violation, whic ...)
+ TODO: check
+CVE-2024-31610 (File Upload vulnerability in the function for employees to
upload avat ...)
+ TODO: check
+CVE-2024-31609 (Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10
allows attac ...)
+ TODO: check
+CVE-2024-2920 (The WP-Members Membership Plugin plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-2908 (The Call Now Button WordPress plugin before 1.4.7 does not
sanitise a ...)
+ TODO: check
+CVE-2024-2837 (The WP Chat App WordPress plugin before 3.6.4 does not sanitise
and es ...)
+ TODO: check
+CVE-2024-2603 (The Salon booking system WordPress plugin through 9.6.5 does
not sanit ...)
+ TODO: check
+CVE-2024-2439 (The Salon booking system WordPress plugin through 9.6.5 does
not sanit ...)
+
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
29679e3f by security tracker role at 2024-04-25T20:11:52+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,111 @@
+CVE-2024-4175 (Unicode transformation vulnerability in Hyperion affecting
version 2.0 ...)
+ TODO: check
+CVE-2024-4174 (Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server
affect ...)
+ TODO: check
+CVE-2024-4172 (A vulnerability classified as problematic was found in idcCMS
1.35. Af ...)
+ TODO: check
+CVE-2024-4171 (A vulnerability classified as critical has been found in Tenda
W30E 1. ...)
+ TODO: check
+CVE-2024-4170 (A vulnerability was found in Tenda 4G300 1.01.42. It has been
rated as ...)
+ TODO: check
+CVE-2024-4169 (A vulnerability was found in Tenda 4G300 1.01.42. It has been
declared ...)
+ TODO: check
+CVE-2024-4168 (A vulnerability was found in Tenda 4G300 1.01.42. It has been
classifi ...)
+ TODO: check
+CVE-2024-4167 (A vulnerability was found in Tenda 4G300 1.01.42 and classified
as cri ...)
+ TODO: check
+CVE-2024-4166 (A vulnerability has been found in Tenda 4G300 1.01.42 and
classified a ...)
+ TODO: check
+CVE-2024-4165 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2024-4164 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2024-4077 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-4035 (The Photo Gallery \u2013 GT3 Image Gallery & Gutenberg Block
Gallery p ...)
+ TODO: check
+CVE-2024-4024 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
+ TODO: check
+CVE-2024-4006 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
+ TODO: check
+CVE-2024-3994 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
+ TODO: check
+CVE-2024-3733 (The Essential Addons for Elementor \u2013 Best Elementor
Templates, Wi ...)
+ TODO: check
+CVE-2024-3730 (The Simple Membership plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2024-33592 (Server-Side Request Forgery (SSRF) vulnerability in SoftLab
Radio Play ...)
+ TODO: check
+CVE-2024-33247 (Sourcecodester Employee Task Management System v1.0 is
vulnerable to S ...)
+ TODO: check
+CVE-2024-32961 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32676 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
+ TODO: check
+CVE-2024-32649 (Vyper is a pythonic Smart Contract Language for the Ethereum
virtual m ...)
+ TODO: check
+CVE-2024-32648 (Vyper is a pythonic Smart Contract Language for the Ethereum
virtual m ...)
+ TODO: check
+CVE-2024-32647 (Vyper is a pythonic Smart Contract Language for the Ethereum
virtual m ...)
+ TODO: check
+CVE-2024-32646 (Vyper is a pythonic Smart Contract Language for the Ethereum
virtual m ...)
+ TODO: check
+CVE-2024-32645 (Vyper is a pythonic Smart Contract Language for the Ethereum
virtual m ...)
+ TODO: check
+CVE-2024-32481 (Vyper is a pythonic Smart Contract Language for the Ethereum
virtual m ...)
+ TODO: check
+CVE-2024-32467 (MeterSphere is an open source continuous testing platform.
Prior to ve ...)
+ TODO: check
+CVE-2024-32358 (An issue in Jpress v.5.1.0 allows a remote attacker to execute
arbitra ...)
+ TODO: check
+CVE-2024-32324 (Buffer Overflow vulnerability in Shenzhen Libituo Technology
Co., Ltd ...)
+ TODO: check
+CVE-2024-32236 (An issue in CmsEasy v.7.7 and before allows a remote attacker
to obtai ...)
+ TODO: check
+CVE-2024-31615 (ThinkCMF 6.0.9 is vulnerable to File upload via
UeditorController.php.)
+ TODO: check
+CVE-2024-31574 (Cross Site Scripting vulnerability in TWCMS v.2.6 allows a
local attac ...)
+ TODO: check
+CVE-2024-31266 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2024-30939 (An issue discovered in Yealink VP59 Teams Editions with
firmware versi ...)
+ TODO: check
+CVE-2024-30890 (Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an
attacke ...)
+ TODO: check
+CVE-2024-30560 (Cross-Site Request Forgery (CSRF) vulnerability in
\u5927\u4fa0WP DX-W ...)
+ TODO: check
+CVE-2024-2829 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
+ TODO: check
+CVE-2024-2434 (An issue has been discovered in GitLab affecting all versions
of GitLa ...)
+ TODO: check
+CVE-2024-29660 (Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a
local att ...)
+ TODO:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ae8df104 by security tracker role at 2024-04-25T08:12:35+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,16 +1,38 @@ -CVE-2024-26926 [binder: check offset alignment in binder_get_object()] +CVE-2024-4173 (A vulnerability in Brocade SANnav ova versions before Brocade SANnav v ...) + TODO: check +CVE-2024-4161 (In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic receiv ...) + TODO: check +CVE-2024-4159 (Brocade SANnav before Brocade SANnav v2.3.1 lacks protection mechanism ...) + TODO: check +CVE-2024-3988 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) + TODO: check +CVE-2024-3929 (The Content Views \u2013 Post Grid & Filter, Recent Posts, Category Po ...) + TODO: check +CVE-2024-3893 (The Classified Listing \u2013 Classified ads & Business Directory Plug ...) + TODO: check +CVE-2024-2907 (The AGCA WordPress plugin before 7.2.2 does not sanitise and escape s ...) + TODO: check +CVE-2024-29205 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + TODO: check +CVE-2024-23527 (An out-of-bounds read vulnerability in WLAvalancheService component of ...) + TODO: check +CVE-2024-20313 (A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE ...) + TODO: check +CVE-2023-51478 (Improper Authentication vulnerability in Abdul Hakeem Build App Online ...) + TODO: check +CVE-2024-26926 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/aaef73821a3b0194a01bd23ca4f704a04d40 (6.9-rc5) -CVE-2024-26925 [netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path] +CVE-2024-26925 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0d459e2ffb541841714839e8228b845458ed3b27 (6.9-rc3) -CVE-2024-26924 [netfilter: nft_set_pipapo: do not free live element] +CVE-2024-26924 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc (6.9-rc5) -CVE-2024-26923 [af_unix: Fix garbage collector racing against connect()] +CVE-2024-26923 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux NOTE: https://git.kernel.org/linus/47d8ac011fe1c9251070e1bd64cb10b48193ec51 (6.9-rc4) CVE-2024-4060 @@ -21286,11 +21308,14 @@ CVE-2024-24820 (Icinga Director is a tool designed to make Icinga 2 configuratio NOT-FOR-US: Icinga Director CVE-2024-24819 (icingaweb2-module-incubator is a working project of bleeding edge Icin ...) NOT-FOR-US: icingaweb2-module-incubator -CVE-2024-24499 (SQL Injection vulnerability in Employee Management System v.1.0 allows ...) +CVE-2024-24499 + REJECTED NOT-FOR-US: Employee Management System -CVE-2024-24498 (Unrestricted File Upload vulnerability in Employee Management System 1 ...) +CVE-2024-24498 + REJECTED NOT-FOR-US: Employee Management System -CVE-2024-24497 (SQL Injection vulnerability in Employee Management System v.1.0 allows ...) +CVE-2024-24497 + REJECTED NOT-FOR-US: Employee Management System CVE-2024-24496 (An issue in Daily Habit Tracker v.1.0 allows a remote attacker to mani ...) NOT-FOR-US: Daily Habit Tracker @@ -25183,7 +25208,8 @@ CVE-2024-0716 (A vulnerability classified as problematic has been found in Byzor NOT-FOR-US: Beijing Baichuo Smart S150 Management Platform CVE-2024-0714 (A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It ...) NOT-FOR-US: MiczFlor RPi-Jukebox-RFID -CVE-2024-0713 (A vulnerability was found in Monitorr 1.7.6m. It has been declared as ...) +CVE-2024-0713 + REJECTED NOT-FOR-US: Monitorr CVE-2024-0712 (A vulnerability was found in Byzoro Smart S150 Management Platform V31 ...) NOT-FOR-US: Beijing Baichuo Smart S150 Management Platform @@ -26286,7 +26312,7 @@ CVE-2023-42135 (PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50 NOT-FOR-US: PAX devices CVE-2023-42134 (PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45 ...) NOT-FOR-US: PAX devices -CVE-2023-6237 [openssl: Checking excessively long invalid RSA public keys may take a long time] +CVE-2023-6237 (Issue summary: Checking excessively long invalid RSA public keys may t ...) - openssl 3.1.5-1 (bug #1060858) [bookworm] -
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cf25cd45 by security tracker role at 2024-04-24T20:11:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,269 @@
+CVE-2024-4141 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered
by an in ...)
+ TODO: check
+CVE-2024-4127 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been
classi ...)
+ TODO: check
+CVE-2024-4126 (A vulnerability was found in Tenda W15E 15.11.0.14 and
classified as c ...)
+ TODO: check
+CVE-2024-4125 (A vulnerability has been found in Tenda W15E 15.11.0.14 and
classified ...)
+ TODO: check
+CVE-2024-4124 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2024-4123 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2024-4122 (A vulnerability classified as critical was found in Tenda W15E
15.11.0 ...)
+ TODO: check
+CVE-2024-4121 (A vulnerability classified as critical has been found in Tenda
W15E 15 ...)
+ TODO: check
+CVE-2024-4120 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been
rated ...)
+ TODO: check
+CVE-2024-4119 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been
declar ...)
+ TODO: check
+CVE-2024-4118 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been
classi ...)
+ TODO: check
+CVE-2024-4117 (A vulnerability was found in Tenda W15E 15.11.0.14 and
classified as c ...)
+ TODO: check
+CVE-2024-4116 (A vulnerability has been found in Tenda W15E 15.11.0.14 and
classified ...)
+ TODO: check
+CVE-2024-4115 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2024-4114 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2024-4113 (A vulnerability classified as critical was found in Tenda TX9
22.03.02 ...)
+ TODO: check
+CVE-2024-4112 (A vulnerability classified as critical has been found in Tenda
TX9 22. ...)
+ TODO: check
+CVE-2024-4111 (A vulnerability was found in Tenda TX9 22.03.02.10. It has been
rated ...)
+ TODO: check
+CVE-2024-4093 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2024-4075 (A vulnerability classified as problematic has been found in
Kashipara ...)
+ TODO: check
+CVE-2024-4074 (A vulnerability was found in Kashipara Online Furniture
Shopping Ecomm ...)
+ TODO: check
+CVE-2024-4073 (A vulnerability was found in Kashipara Online Furniture
Shopping Ecomm ...)
+ TODO: check
+CVE-2024-4072 (A vulnerability was found in Kashipara Online Furniture
Shopping Ecomm ...)
+ TODO: check
+CVE-2024-4071 (A vulnerability was found in Kashipara Online Furniture
Shopping Ecomm ...)
+ TODO: check
+CVE-2024-4070 (A vulnerability has been found in Kashipara Online Furniture
Shopping ...)
+ TODO: check
+CVE-2024-4069 (A vulnerability, which was classified as critical, was found in
Kaship ...)
+ TODO: check
+CVE-2024-4066 (A vulnerability classified as critical has been found in Tenda
AC8 16. ...)
+ TODO: check
+CVE-2024-3371 (MongoDB Compass may accept and use insufficiently validated
input from ...)
+ TODO: check
+CVE-2024-3261 (The Strong Testimonials WordPress plugin before 3.1.12 does not
valida ...)
+ TODO: check
+CVE-2024-33531 (cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all
JWT-parsi ...)
+ TODO: check
+CVE-2024-32958 (Cross-Site Request Forgery (CSRF) vulnerability in Giorgos
Sarigiannid ...)
+ TODO: check
+CVE-2024-32956 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32955 (Server-Side Request Forgery (SSRF) vulnerability in
Foliovision FV Flo ...)
+ TODO: check
+CVE-2024-32954 (Unrestricted Upload of File with Dangerous Type vulnerability
in Tribu ...)
+ TODO: check
+CVE-2024-32953 (Insertion of Sensitive Information into Log File vulnerability
in News ...)
+ TODO: check
+CVE-2024-32952 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32951 (Missing Authorization vulnerability in BloomPixel Max Addons
Pro for B ...)
+ TODO: check
+CVE-2024-32950 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32948 (Missing Authorization vulnerability in Repute Infosystems
ARMember.Thi ...)
+ TODO: check
+CVE-2024-32947 (Cross-Site Request Forgery (CSRF) vulnerability in
AlumniOnline Web Se ...)
+ TODO: check
+CVE-2024-32879 (Python Social Auth is a social authentication/registration
mechanism. ...)
+ TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ccfd9a6 by security tracker role at 2024-04-23T20:11:43+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,68 @@ -CVE-2024-26922 [drm/amdgpu: validate the parameters of bo mapping operations more clearly] +CVE-2024-4065 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated ...) + TODO: check +CVE-2024-4064 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been declar ...) + TODO: check +CVE-2024-4063 (A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. I ...) + TODO: check +CVE-2024-4062 (A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classi ...) + TODO: check +CVE-2024-3911 (An unauthenticated remote attacker candeceive users into performing un ...) + TODO: check +CVE-2024-3732 (The GeoDirectory \u2013 WordPress Business Directory Plugin, or Classi ...) + TODO: check +CVE-2024-3665 (The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-3491 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...) + TODO: check +CVE-2024-3185 (A key used in logging.json does not follow the least privilege princip ...) + TODO: check +CVE-2024-33217 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-33215 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-33214 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-33213 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-33212 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-33211 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) + TODO: check +CVE-2024-32679 (Missing Authorization vulnerability in Shared Files PRO Shared Files.T ...) + TODO: check +CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) + TODO: check +CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...) + TODO: check +CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) + TODO: check +CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) + TODO: check +CVE-2024-32482 (The Tillitis TKey signer device application is an ed25519 signing tool ...) + TODO: check +CVE-2024-32258 (The network server of fceux 2.7.0 has a path traversal vulnerability, ...) + TODO: check +CVE-2024-31804 (An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.2 ...) + TODO: check +CVE-2024-31208 (Synapse is an open-source Matrix homeserver. A remote Matrix user with ...) + TODO: check +CVE-2024-30800 (PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly z ...) + TODO: check +CVE-2024-2477 (The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site S ...) + TODO: check +CVE-2024-28627 (An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain s ...) + TODO: check +CVE-2024-28130 (An incorrect type conversion vulnerability exists in the DVPSSoftcopyV ...) + TODO: check +CVE-2024-21979 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) + TODO: check +CVE-2024-21972 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) + TODO: check +CVE-2024-0900 (The Elespare \u2013 Build Your Blog, News & Magazine Websites with Exp ...) + TODO: check +CVE-2023-47731 (IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pa ...) + TODO: check +CVE-2024-26922 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux NOTE: https://git.kernel.org/linus/6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75 (6.9-rc5) CVE-2024-4031 (Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM ...) @@ -37,7 +101,7 @@ CVE-2024-2760 (Bkav Home v7816, build 2403161130 is vulnerable to a Memory Infor NOT-FOR-US: Bkac CVE-2024-2493 (Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This is ...) NOT-FOR-US: Hitachi -CVE-2024-29368 (An issue discovered in moziloCMS v2.0 allows attackers to bypass file ...) +CVE-2024-29368 (An arbitrary file upload vulnerability in the file handling module of ...) NOT-FOR-US: moziloCMS CVE-2024-28890 (Forminator prior to 1.29.0 contains an unrestricted upload of file wit ...) NOT-FOR-US: WordPress plugin @@ -862,6 +926,7 @@
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 317d173b by security tracker role at 2024-04-23T08:11:57+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2024-4031 (Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM ...) + TODO: check +CVE-2024-3889 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) + TODO: check +CVE-2024-3664 (The Quick Featured Images plugin for WordPress is vulnerable to unauth ...) + TODO: check +CVE-2024-3293 (The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress ...) + TODO: check +CVE-2024-32657 (Hydra is a Continuous Integration service for Nix based projects. Atta ...) + TODO: check +CVE-2024-32656 (Ant Media Server is live streaming engine software. A local privilege ...) + TODO: check +CVE-2024-32653 (jadx is a Dex to Java decompiler. Prior to version 1.5.0, the packag ...) + TODO: check +CVE-2024-32480 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...) + TODO: check +CVE-2024-32479 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...) + TODO: check +CVE-2024-32461 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...) + TODO: check +CVE-2024-32394 (An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01 ...) + TODO: check +CVE-2024-31857 (Forminator prior to 1.15.4 contains a cross-site scripting vulnerabili ...) + TODO: check +CVE-2024-31077 (Forminator prior to 1.29.3 contains a SQL injection vulnerability. If ...) + TODO: check +CVE-2024-31036 (A heap-buffer-overflow vulnerability in the read_byte function in Nano ...) + TODO: check +CVE-2024-2799 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) + TODO: check +CVE-2024-2798 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) + TODO: check +CVE-2024-2760 (Bkav Home v7816, build 2403161130 is vulnerable to a Memory Informatio ...) + TODO: check +CVE-2024-2493 (Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This is ...) + TODO: check +CVE-2024-29368 (An issue discovered in moziloCMS v2.0 allows attackers to bypass file ...) + TODO: check +CVE-2024-28890 (Forminator prior to 1.29.0 contains an unrestricted upload of file wit ...) + TODO: check +CVE-2024-27574 (SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 a ...) + TODO: check +CVE-2024-21511 (Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrar ...) + TODO: check +CVE-2024-1241 (Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulne ...) + TODO: check +CVE-2023-6833 (Insertion of Sensitive Information into Log File vulnerability in Hita ...) + TODO: check +CVE-2023-48184 (QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free b ...) + TODO: check +CVE-2023-48183 (QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer derefe ...) + TODO: check CVE-2024-4040 (VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1. ...) NOT-FOR-US: CrushFTP CVE-2024-4026 (Cross-Site Scripting (XSS) vulnerability in the Holded application. Th ...) @@ -118,27 +170,27 @@ CVE-2018-25101 (A vulnerability, which was classified as problematic, has been f NOT-FOR-US: Koha Library Management System CVE-2015-10132 (A vulnerability classified as problematic was found in Thimo Grauerhol ...) NOT-FOR-US: WordPress plugin -CVE-2024-32041 [OutOfBound Read in zgfx_decompress_segment] +CVE-2024-32041 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release -CVE-2024-32039 [Integer overflow & OutOfBound Write in clear_decompress_residual_data] +CVE-2024-32039 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release -CVE-2024-32040 [integer underflow in nsc_rle_decode] +CVE-2024-32040 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release -CVE-2024-32458 [OutOfBound Read in planar_skip_plane_rle] +CVE-2024-32458 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 NOTE:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e395f3b2 by security tracker role at 2024-04-22T20:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,8 +1,92 @@ -CVE-2024-27349 +CVE-2024-4040 (VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1. ...) + TODO: check +CVE-2024-4026 (Cross-Site Scripting (XSS) vulnerability in the Holded application. Th ...) + TODO: check +CVE-2024-3645 (The Essential Addons for Elementor Pro plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-32691 (Missing Authorization vulnerability in realmag777 Active Products Tabl ...) + TODO: check +CVE-2024-32688 (Missing Authorization vulnerability in Long Watch Studio MyRewards.Thi ...) + TODO: check +CVE-2024-32687 (Missing Authorization vulnerability in WPClever WPC Frequently Bought ...) + TODO: check +CVE-2024-32684 (Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This i ...) + TODO: check +CVE-2024-32682 (Missing Authorization vulnerability in BdThemes Prime Slider \u2013 Ad ...) + TODO: check +CVE-2024-32681 (Missing Authorization vulnerability in BdThemes Prime Slider \u2013 Ad ...) + TODO: check +CVE-2024-32407 (An issue in inducer relate before v.2024.1 allows a remote attacker to ...) + TODO: check +CVE-2024-32405 (Cross Site Scripting vulnerability in inducer relate before v.2024.1 a ...) + TODO: check +CVE-2024-32399 (Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 a ...) + TODO: check +CVE-2024-32368 (Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-L ...) + TODO: check +CVE-2024-32238 (H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password ...) + TODO: check +CVE-2024-32205 + REJECTED +CVE-2024-31666 (An issue in flusity-CMS v.2.33 allows a remote attacker to execute arb ...) + TODO: check +CVE-2024-31545 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...) + TODO: check +CVE-2024-29661 (A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to ...) + TODO: check +CVE-2024-29376 (Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Pr ...) + TODO: check +CVE-2024-28717 (An issue in OpenStack Storlets yoga-eom allows a remote attacker to ex ...) + TODO: check +CVE-2024-28699 (A buffer overflow vulnerability in pdf2json v0.70 allows a local attac ...) + TODO: check +CVE-2024-28436 (Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DA ...) + TODO: check +CVE-2024-22856 (A SQL injection vulnerability via the Save Favorite Search function in ...) + TODO: check +CVE-2024-22815 (An issue in the communication protocol of Tormach xsTECH CNC Router, P ...) + TODO: check +CVE-2024-22813 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) + TODO: check +CVE-2024-22811 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) + TODO: check +CVE-2024-22809 (Incorrect access control in Tormach xsTECH CNC Router, PathPilot Contr ...) + TODO: check +CVE-2024-22808 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) + TODO: check +CVE-2024-22807 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) + TODO: check +CVE-2023-38302 (A certain software build for the Sharp Rouvo V device (SHARP/VZW_STTM2 ...) + TODO: check +CVE-2023-38301 (An issue was discovered in a third-party component related to vendor.g ...) + TODO: check +CVE-2023-38300 (A certain software build for the Orbic Maui device (Orbic/RC545L/RC545 ...) + TODO: check +CVE-2023-38299 (Various software builds for the AT Calypso, Nokia C100, Nokia C200, ...) + TODO: check +CVE-2023-38298 (Various software builds for the following TCL devices (30Z, A3X, 20XE, ...) + TODO: check +CVE-2023-38297 (An issue was discovered in a third-party com.factory.mmigroup componen ...) + TODO: check +CVE-2023-38296 (Various software builds for the following TCL 30Z and TCL A3X devices ...) + TODO: check +CVE-2023-38295 (Certain software builds for the TCL 30Z and TCL 10 Android devices con ...) + TODO: check +CVE-2023-38294 (Certain software builds for the Itel Vision 3 Turbo Android device con ...) + TODO: check +CVE-2023-38293 (Certain software builds for the Nokia C200 and Nokia C100 Android devi ...) + TODO: check +CVE-2023-38292 (Certain software builds for the TCL 20XE Android device contain a vuln ...) + TODO: check +CVE-2023-38291 (An issue was discovered in a third-party component related to ro.boot. ...) + TODO: check +CVE-2023-38290 (Certain software builds for
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d9f5714f by security tracker role at 2024-04-22T08:11:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,33 @@
+CVE-2024-4022 (A vulnerability was found in Keenetic KN-1010, KN-1410,
KN-1711, KN-18 ...)
+ TODO: check
+CVE-2024-4021 (A vulnerability was found in Keenetic KN-1010, KN-1410,
KN-1711, KN-18 ...)
+ TODO: check
+CVE-2024-32698 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32697 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32696 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32695 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32694 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32693 (Cross-Site Request Forgery (CSRF) vulnerability in ValvePress
Automati ...)
+ TODO: check
+CVE-2024-32690 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32418 (An issue in flusity CMS v2.33 allows a remote attacker to
execute arbi ...)
+ TODO: check
+CVE-2024-30799 (An issue in PX4 Autopilot v1.14 and before allows a remote
attacker to ...)
+ TODO: check
+CVE-2024-28722 (Cross Site Scripting vulnerability in Innovaphone myPBX
v.14r1, v.13r3 ...)
+ TODO: check
+CVE-2023-7252 (The Tickera WordPress plugin before 3.5.2.5 does not prevent
users fr ...)
+ TODO: check
+CVE-2018-25101 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2015-10132 (A vulnerability classified as problematic was found in Thimo
Grauerhol ...)
+ TODO: check
CVE-2024-32041 [OutOfBound Read in zgfx_decompress_segment]
- freerdp3 (Fixed with initial upload to Debian unstable)
- freerdp2
@@ -1922,7 +1952,7 @@ CVE-2024- [Stored XSS in Avatar block]
NOTE:
https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/
NOTE:
https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/
CVE-2024-3302 (There was no limit to the number of HTTP/2 CONTINUATION frames
that wo ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -1933,7 +1963,7 @@ CVE-2024-3865 (Memory safety bugs present in Firefox 124.
Some of these bugs sho
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3865
CVE-2024-3864 (Memory safety bug present in Firefox 124, Firefox ESR 115.9,
and Thund ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -1951,7 +1981,7 @@ CVE-2024-3862 (The MarkStack assignment operator, part of
the JavaScript engine,
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3862
CVE-2024-3861 (If an AlignedBuffer were assigned to itself, the subsequent
self-move ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -1962,7 +1992,7 @@ CVE-2024-3860 (An out-of-memory condition during object
initialization could res
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3860
CVE-2024-3859 (On 32-bit versions there were integer-overflows that led to an
out-of- ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -1973,7 +2003,7 @@ CVE-2024-3858 (It was possible to mutate a JavaScript
object so that the JIT cou
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3858
CVE-2024-3857 (The JIT created incorrect code for arguments in certain cases.
This le ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -1987,7 +2017,7 @@ CVE-2024-3855 (In certain cases the JIT incorrectly
optimized MSubstr operations
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3855
CVE-2024-3854 (In some code patterns the JIT incorrectly optimized switch
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 96f4d461 by security tracker role at 2024-04-21T08:11:50+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-4020 (A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified ...) + TODO: check CVE-2024-4019 (A vulnerability classified as critical has been found in Byzoro Smart ...) TODO: check CVE-2024-4014 (The hCaptcha for WordPress plugin for WordPress is vulnerable to Store ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96f4d461182cf71c3da728d19547a080c8c4fc30 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96f4d461182cf71c3da728d19547a080c8c4fc30 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b0a25f8d by security tracker role at 2024-04-20T20:11:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,7 @@
+CVE-2024-4019 (A vulnerability classified as critical has been found in Byzoro
Smart ...)
+ TODO: check
+CVE-2024-4014 (The hCaptcha for WordPress plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
CVE-2024-4018 (Improper Privilege Management vulnerability in BeyondTrust
U-Series Ap ...)
TODO: check
CVE-2024-4017 (Improper Privilege Management vulnerability in BeyondTrust
U-Series Ap ...)
@@ -1798,54 +1802,67 @@ CVE-2024- [gix-transport indirect code execution
via malicious username]
CVE-2024-27980
- nodejs (Only affects Windows)
CVE-2024-3847 (Insufficient policy enforcement in WebUI in Google Chrome prior
to 124 ...)
+ {DSA-5668-1}
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
CVE-2024-3846 (Inappropriate implementation in Prompts in Google Chrome prior
to 124. ...)
+ {DSA-5668-1}
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
CVE-2024-3845 (Inappropriate implementation in Networks in Google Chrome prior
to 124 ...)
+ {DSA-5668-1}
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
CVE-2024-3844 (Inappropriate implementation in Extensions in Google Chrome
prior to 1 ...)
+ {DSA-5668-1}
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
CVE-2024-3843 (Insufficient data validation in Downloads in Google Chrome
prior to 12 ...)
+ {DSA-5668-1}
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
CVE-2024-3841 (Insufficient data validation in Browser Switcher in Google
Chrome prio ...)
+ {DSA-5668-1}
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
CVE-2024-3840 (Insufficient policy enforcement in Site Isolation in Google
Chrome pri ...)
+ {DSA-5668-1}
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
CVE-2024-3839 (Out of bounds read in Fonts in Google Chrome prior to
124.0.6367.60 al ...)
+ {DSA-5668-1}
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
CVE-2024-3838 (Inappropriate implementation in Autofill in Google Chrome prior
to 124 ...)
+ {DSA-5668-1}
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
CVE-2024-3837 (Use after free in QUIC in Google Chrome prior to 124.0.6367.60
allowed ...)
+ {DSA-5668-1}
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
CVE-2024-3834 (Use after free in Downloads in Google Chrome prior to
124.0.6367.60 al ...)
+ {DSA-5668-1}
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
CVE-2024-3833 (Object corruption in WebAssembly in Google Chrome prior to
124.0.6367. ...)
+ {DSA-5668-1}
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
CVE-2024-3832 (Object corruption in V8 in Google Chrome prior to 124.0.6367.60
allowe ...)
+ {DSA-5668-1}
- chromium
[bullseye] - chromium (see #1061268)
[buster] - chromium (see DSA 5046)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0a25f8d74221a3afd72d356c5f0b5d9534200b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0a25f8d74221a3afd72d356c5f0b5d9534200b9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bea5ca51 by security tracker role at 2024-04-20T08:11:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,31 @@ +CVE-2024-4018 (Improper Privilege Management vulnerability in BeyondTrust U-Series Ap ...) + TODO: check +CVE-2024-4017 (Improper Privilege Management vulnerability in BeyondTrust U-Series Ap ...) + TODO: check +CVE-2024-32392 (Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote ...) + TODO: check +CVE-2024-32391 (Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 all ...) + TODO: check +CVE-2024-31994 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...) + TODO: check +CVE-2024-31993 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...) + TODO: check +CVE-2024-31992 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...) + TODO: check +CVE-2024-31991 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...) + TODO: check +CVE-2024-31584 (Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the ...) + TODO: check +CVE-2024-30974 (SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to ...) + TODO: check +CVE-2024-22905 (Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote ...) + TODO: check +CVE-2024-1730 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) + TODO: check +CVE-2024-1480 (Unitronics Vision Standard line of controllers allow the Information M ...) + TODO: check +CVE-2024-1057 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) + TODO: check CVE-2024-3979 (A vulnerability, which was classified as problematic, has been found i ...) - vsomeip (bug #997892) CVE-2024-3818 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bea5ca516ef30604040ea646c8690526a6b7a981 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bea5ca516ef30604040ea646c8690526a6b7a981 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6b9e1a5c by security tracker role at 2024-04-19T20:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,243 @@ +CVE-2024-3979 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-3818 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) + TODO: check +CVE-2024-3742 (Electrolink transmitters store credentials in clear-text. Use of these ...) + TODO: check +CVE-2024-3741 (Electrolink transmitters are vulnerable to an authentication bypass v ...) + TODO: check +CVE-2024-3731 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-3684 (A server side request forgery vulnerability was identified in GitHub E ...) + TODO: check +CVE-2024-3654 (An XSS vulnerability has been found in Teimas Global's Teixo, version ...) + TODO: check +CVE-2024-3646 (A command injection vulnerability was identified in GitHub Enterprise ...) + TODO: check +CVE-2024-3615 (The Media Library Folders plugin for WordPress is vulnerable to Reflec ...) + TODO: check +CVE-2024-3600 (The Poll Maker \u2013 Best WordPress Poll Plugin plugin for WordPress ...) + TODO: check +CVE-2024-3598 (The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-3560 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-3470 (An Improper Privilege Management vulnerability was identified in GitHu ...) + TODO: check +CVE-2024-32683 (Authorization Bypass Through User-Controlled Key vulnerability in Wpme ...) + TODO: check +CVE-2024-32652 (The adapter @hono/node-server allows you to run your Hono application ...) + TODO: check +CVE-2024-32650 (Rustls is a modern TLS library written in Rust. `rustls::ConnectionCom ...) + TODO: check +CVE-2024-32644 (Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain tha ...) + TODO: check +CVE-2024-32478 (Git Credential Manager (GCM) is a secure Git credential helper. Prior ...) + TODO: check +CVE-2024-32473 (Moby is an open source container framework that is a key component of ...) + TODO: check +CVE-2024-32409 (An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary ...) + TODO: check +CVE-2024-32206 (A stored cross-site scripting (XSS) vulnerability in the component \af ...) + TODO: check +CVE-2024-32166 (Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - ...) + TODO: check +CVE-2024-32038 (Wazuh is a free and open source platform used for threat prevention, d ...) + TODO: check +CVE-2024-31846 (An issue was discovered in Italtel Embrace 1.6.4. The web application ...) + TODO: check +CVE-2024-31841 (An issue was discovered in Italtel Embrace 1.6.4. The web server fails ...) + TODO: check +CVE-2024-31750 (SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote ...) + TODO: check +CVE-2024-31745 (Libdwarf v0.9.1 was discovered to contain a heap use-after-free via th ...) + TODO: check +CVE-2024-31744 (In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/j ...) + TODO: check +CVE-2024-31587 (SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an ...) + TODO: check +CVE-2024-31552 (CuteHttpFileServer v.3.1 version has an arbitrary file download vulner ...) + TODO: check +CVE-2024-31547 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...) + TODO: check +CVE-2024-31546 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...) + TODO: check +CVE-2024-31450 (Owncast is an open source, self-hosted, decentralized, single user liv ...) + TODO: check +CVE-2024-30938 (SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker t ...) + TODO: check +CVE-2024-30929 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) + TODO: check +CVE-2024-30928 (SQL Injection vulnerability in DerbyNet v9.0 and below allows attacker ...) + TODO: check +CVE-2024-30927 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) + TODO: check +CVE-2024-30926 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) + TODO: check +CVE-2024-30925 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) + TODO: check +CVE-2024-30924 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) + TODO: check +CVE-2024-30923 (SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0e9c20f4 by security tracker role at 2024-04-18T20:11:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,193 @@
+CVE-2024-3948 (A vulnerability was found in SourceCodester Home Clean Service
System ...)
+ TODO: check
+CVE-2024-32689 (Missing Authorization vulnerability in GenialSouls WP Social
Comments. ...)
+ TODO: check
+CVE-2024-32686 (Insertion of Sensitive Information into Log File vulnerability
in Inis ...)
+ TODO: check
+CVE-2024-32604 (Authorization Bypass Through User-Controlled Key vulnerability
in Plec ...)
+ TODO: check
+CVE-2024-32603 (Deserialization of Untrusted Data vulnerability in ThemeKraft
WooBuddy ...)
+ TODO: check
+CVE-2024-32602 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-32601 (Missing Authorization vulnerability in WP OnlineSupport,
Essential Plu ...)
+ TODO: check
+CVE-2024-32600 (Deserialization of Untrusted Data vulnerability in Averta
Master Slide ...)
+ TODO: check
+CVE-2024-32599 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2024-32598 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32597 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32596 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32595 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32594 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32593 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32592 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32591 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32590 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32588 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32587 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32586 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32585 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32584 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32583 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32582 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32581 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32580 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32579 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32578 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32577 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32576 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32575 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32574 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32573 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32572 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32571 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32570 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32569 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32568 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32567 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32566 (Improper Neutralization of Input During Web Page Generation
('Cross-si
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3fd6e59a by security tracker role at 2024-04-18T08:11:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,61 @@
+CVE-2024-3932 (A vulnerability classified as problematic has been found in
Totara LMS ...)
+ TODO: check
+CVE-2024-3931 (A vulnerability was found in Totara LMS 18.0.1 Build
20231128.01. It h ...)
+ TODO: check
+CVE-2024-3928 (A vulnerability was found in Dromara open-capacity-platform
2.0.1. It ...)
+ TODO: check
+CVE-2024-32746 (A cross-site scripting (XSS) vulnerability in the Settings
section of ...)
+ TODO: check
+CVE-2024-32745 (A cross-site scripting (XSS) vulnerability in the Settings
section of ...)
+ TODO: check
+CVE-2024-32744 (A cross-site scripting (XSS) vulnerability in the Settings
section of ...)
+ TODO: check
+CVE-2024-32743 (A cross-site scripting (XSS) vulnerability in the Settings
section of ...)
+ TODO: check
+CVE-2024-32472 (excalidraw is an open source virtual hand-drawn style
whiteboard. A st ...)
+ TODO: check
+CVE-2024-32345 (A cross-site scripting (XSS) vulnerability in the Settings
menu of CMS ...)
+ TODO: check
+CVE-2024-32344 (A cross-site scripting (XSS) vulnerability in the Settings
menu of CMS ...)
+ TODO: check
+CVE-2024-32343 (A cross-site scripting (XSS) vulnerability in the Create Page
of Boid ...)
+ TODO: check
+CVE-2024-32342 (A cross-site scripting (XSS) vulnerability in the Create Page
of Boid ...)
+ TODO: check
+CVE-2024-32341 (Multiple cross-site scripting (XSS) vulnerabilities in the
Home page o ...)
+ TODO: check
+CVE-2024-32340 (A cross-site scripting (XSS) vulnerability in the Settings
section of ...)
+ TODO: check
+CVE-2024-32339 (Multiple cross-site scripting (XSS) vulnerabilities in the HOW
TO page ...)
+ TODO: check
+CVE-2024-32338 (A cross-site scripting (XSS) vulnerability in the Settings
section of ...)
+ TODO: check
+CVE-2024-32337 (A cross-site scripting (XSS) vulnerability in the Settings
section of ...)
+ TODO: check
+CVE-2024-31869 (Airflow versions 2.7.0 through 2.8.4 have a vulnerability that
allows ...)
+ TODO: check
+CVE-2024-2729 (The Otter Blocks WordPress plugin before 2.6.6 does not
properly esca ...)
+ TODO: check
+CVE-2024-29956 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a
prints the ...)
+ TODO: check
+CVE-2024-29955 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a
could allo ...)
+ TODO: check
+CVE-2024-29952 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a
could allo ...)
+ TODO: check
+CVE-2024-1429 (The Element Pack Elementor Addons (Header Footer, Free Template
Librar ...)
+ TODO: check
+CVE-2024-1426 (The Element Pack Elementor Addons (Header Footer, Free Template
Librar ...)
+ TODO: check
+CVE-2023-4509 (It is possible for an API key to be logged in clear text in the
audit ...)
+ TODO: check
+CVE-2023-4235 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
+ TODO: check
+CVE-2023-4234 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
+ TODO: check
+CVE-2023-4233 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
+ TODO: check
+CVE-2023-4232 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
+ TODO: check
CVE-2024-3914 (Use after free in V8 in Google Chrome prior to 124.0.6367.60
allowed a ...)
- chromium
[bullseye] - chromium (see #1061268)
@@ -11452,7 +11510,7 @@ CVE-2024-24693 (Improper access control in the
installer for Zoom Rooms Client f
CVE-2024-24692 (Race condition in the installer for Zoom Rooms Client for
Windows befo ...)
NOT-FOR-US: Zoom
CVE-2024-24549 (Denial of Service due to improper input validation
vulnerability for H ...)
- {DLA-3779-1}
+ {DSA-5665-1 DLA-3779-1}
- tomcat10 10.1.20-1 (bug #1066878)
- tomcat9 9.0.70-2
NOTE: https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
@@ -11460,7 +11518,7 @@ CVE-2024-24549 (Denial of Service due to improper input
validation vulnerability
NOTE:
https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0
(9.0.86)
NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack,
using that as the fixed version
CVE-2024-23672 (Denial of Service via incomplete cleanup vulnerability in
Apache Tomca ...)
- {DLA-3779-1}
+ {DSA-5665-1 DLA-3779-1}
- tomcat10 10.1.20-1 (bug #1066877)
- tomcat9 9.0.70-2
NOTE: https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
@@ -16334,7 +16392,7 @@ CVE-2024-23496 (A
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4195e357 by security tracker role at 2024-04-17T20:11:48+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,521 +1,789 @@
-CVE-2024-2961 [ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
sequence]
+CVE-2024-3914 (Use after free in V8 in Google Chrome prior to 124.0.6367.60
allowed a ...)
+ TODO: check
+CVE-2024-3910 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2024-3909 (A vulnerability classified as critical was found in Tenda AC500
2.0.1. ...)
+ TODO: check
+CVE-2024-3908 (A vulnerability classified as critical has been found in Tenda
AC500 2 ...)
+ TODO: check
+CVE-2024-3907 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has
been ra ...)
+ TODO: check
+CVE-2024-3906 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has
been de ...)
+ TODO: check
+CVE-2024-3905 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has
been cl ...)
+ TODO: check
+CVE-2024-3900 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered
by long ...)
+ TODO: check
+CVE-2024-3825 (Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain
a flaw ...)
+ TODO: check
+CVE-2024-3817 (HashiCorp\u2019s go-getter library is vulnerable to argument
injection ...)
+ TODO: check
+CVE-2024- (The Essential Addons for Elementor plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-3323 (Cross Site Scripting in UI Request/Response Validation in
TIBCO Ja ...)
+ TODO: check
+CVE-2024-32550 (Cross-Site Request Forgery (CSRF) vulnerability in BMI Adult &
Kid Cal ...)
+ TODO: check
+CVE-2024-32549 (Cross-Site Request Forgery (CSRF) vulnerability in Microkid
Related Po ...)
+ TODO: check
+CVE-2024-32548 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32547 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32546 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32545 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32544 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32543 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32542 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32541 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32540 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32539 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32538 (Cross-Site Request Forgery (CSRF) vulnerability in Joshua
Eldridge Eas ...)
+ TODO: check
+CVE-2024-32536 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32535 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32534 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32533 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32531 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32530 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32529 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32528 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32527 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32526 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32510 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32508 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32506 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-32505 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32463 (phlex is an open source framework for building object-oriented
views i ...)
+ TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 44c50bee by security tracker role at 2024-04-17T08:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,58 +1,478 @@ +CVE-2024-3882 (A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been cla ...) + TODO: check +CVE-2024-3881 (A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified a ...) + TODO: check +CVE-2024-3880 (A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classif ...) + TODO: check +CVE-2024-3879 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-3878 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-3877 (A vulnerability classified as critical was found in Tenda F1202 1.2.0. ...) + TODO: check +CVE-2024-3876 (A vulnerability classified as critical has been found in Tenda F1202 1 ...) + TODO: check +CVE-2024-3875 (A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been ra ...) + TODO: check +CVE-2024-3874 (A vulnerability was found in Tenda W20E 15.11.0.6. It has been declare ...) + TODO: check +CVE-2024-3873 (A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It has bee ...) + TODO: check +CVE-2024-3872 (Mattermost Mobile app versions 2.13.0 and earlier use a regular expres ...) + TODO: check +CVE-2024-3871 (The Delta Electronics DVW-W02W2-E2 devices expose a web administration ...) + TODO: check +CVE-2024-3869 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-3867 (The archive-tainacan-collection theme for WordPress is vulnerable to R ...) + TODO: check +CVE-2024-3672 (The BA Book Everything plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-3660 (A arbitrary code injection vulnerability in TensorFlow's Keras framewo ...) + TODO: check +CVE-2024-3367 (Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1. ...) + TODO: check +CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-3067 (The WooCommerce Google Feed Manager plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-32634 (In huge memory get unmapped area check, code can never be reached beca ...) + TODO: check +CVE-2024-32633 (An unsigned value can never be negative, so eMMC full disk test will a ...) + TODO: check +CVE-2024-32632 (A value in ATCMD will be misinterpreted by printf, causing incorrect o ...) + TODO: check +CVE-2024-32631 (Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect compu ...) + TODO: check +CVE-2024-32625 (In OffloadAMRWriter, a scalar field is not initialized so will contain ...) + TODO: check +CVE-2024-32532 (Missing Authorization vulnerability in SiteGround Speed Optimizer.This ...) + TODO: check +CVE-2024-32525 (Missing Authorization vulnerability in Theme My Login.This issue affec ...) + TODO: check +CVE-2024-32524 (Missing Authorization vulnerability in Nuggethon Custom Order Statuses ...) + TODO: check +CVE-2024-32522 (Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Te ...) + TODO: check +CVE-2024-32520 (Missing Authorization vulnerability in WPClever WPC Grouped Product fo ...) + TODO: check +CVE-2024-32519 (Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCo ...) + TODO: check +CVE-2024-32518 (Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultim ...) + TODO: check +CVE-2024-32517 (Missing Authorization vulnerability in WooCommerce & WordPress Tutoria ...) + TODO: check +CVE-2024-32516 (Missing Authorization vulnerability in Palscode Multi Currency For Woo ...) + TODO: check +CVE-2024-32515 (Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega ...) + TODO: check +CVE-2024-32514 (Unrestricted Upload of File with Dangerous Type vulnerability in Poll ...) + TODO: check +CVE-2024-32513 (Insertion of Sensitive Information into Log File vulnerability in AdTr ...) + TODO: check +CVE-2024-32509 (Missing Authorization vulnerability in Loopus WP Cost Estimation & Pay ...) + TODO: check +CVE-2024-32455 (Missing Authorization vulnerability in Very Good Plugins Fatal Error N ...) + TODO: check +CVE-2024-32256 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...) + TODO: check +CVE-2024-32254 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...) + TODO: check +CVE-2024-32086 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e70c3222 by security tracker role at 2024-04-16T08:11:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,6 +1,106 @@
+CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb)
+ TODO: check
+CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the
Authorizat ...)
+ TODO: check
+CVE-2024-3573 (mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due
to impro ...)
+ TODO: check
+CVE-2024-3572 (The scrapy/scrapy project is vulnerable to XML External Entity
(XXE) a ...)
+ TODO: check
+CVE-2024-3571 (langchain-ai/langchain is vulnerable to path traversal due to
improper ...)
+ TODO: check
+CVE-2024-3493 (A specific malformed fragmented packet type (fragmented packets
may be ...)
+ TODO: check
+CVE-2024-3271 (A command injection vulnerability exists in the
run-llama/llama_index ...)
+ TODO: check
+CVE-2024-3029 (In mintplex-labs/anything-llm, an attacker can exploit improper
input ...)
+ TODO: check
+CVE-2024-3028 (mintplex-labs/anything-llm is vulnerable to improper input
validation, ...)
+ TODO: check
+CVE-2024-32557 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32036 (ImageSharp is a 2D graphics API. A heap-use-after-free flaw
was found ...)
+ TODO: check
+CVE-2024-31784 (An issue in Typora v.1.8.10 and before, allows a local
attacker to obt ...)
+ TODO: check
+CVE-2024-31783 (Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and
before, ...)
+ TODO: check
+CVE-2024-31652 (A cross-site scripting (XSS) in Cosmetics and Beauty Product
Online St ...)
+ TODO: check
+CVE-2024-31651 (A cross-site scripting (XSS) in Cosmetics and Beauty Product
Online St ...)
+ TODO: check
+CVE-2024-31650 (A cross-site scripting (XSS) in Cosmetics and Beauty Product
Online St ...)
+ TODO: check
+CVE-2024-31649 (A cross-site scripting (XSS) in Cosmetics and Beauty Product
Online St ...)
+ TODO: check
+CVE-2024-31648 (Cross Site Scripting (XSS) in Insurance Management System
v1.0, allows ...)
+ TODO: check
+CVE-2024-31634 (Cross Site Scripting (XSS) vulnerability in Xunruicms versions
4.6.3 a ...)
+ TODO: check
+CVE-2024-30656 (An issue in Fireboltt Dream Wristphone
BSW202_FB_AAC_v2.0_20240110-202 ...)
+ TODO: check
+CVE-2024-30567 (An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version
JM-V15 allow ...)
+ TODO: check
+CVE-2024-2912 (An insecure deserialization vulnerability exists in the BentoML
framew ...)
+ TODO: check
+CVE-2024-2424 (An input validation vulnerability exists in the Rockwell
Automation501 ...)
+ TODO: check
+CVE-2024-2260 (A session fixation vulnerability exists in the zenml-io/zenml
applicat ...)
+ TODO: check
+CVE-2024-2083 (A directory traversal vulnerability exists in the
zenml-io/zenml repos ...)
+ TODO: check
+CVE-2024-27794 (Claris FileMaker Server before version 20.3.2 was susceptible
to a ref ...)
+ TODO: check
+CVE-2024-23561 (HCL DevOps Deploy / HCL Launch is vulnerable to sensitive
information ...)
+ TODO: check
+CVE-2024-23558 (HCL DevOps Deploy / HCL Launch does not invalidate session
after logou ...)
+ TODO: check
+CVE-2024-22262 (Applications that use UriComponentsBuilderto parse an
externally provi ...)
+ TODO: check
+CVE-2024-1961 (vertaai/modeldb is vulnerable to a path traversal attack due to
improp ...)
+ TODO: check
+CVE-2024-1739 (lunary-ai/lunary is vulnerable to an authentication issue due
to impro ...)
+ TODO: check
+CVE-2024-1738 (An incorrect authorization vulnerability exists in the
lunary-ai/lunar ...)
+ TODO: check
+CVE-2024-1666 (In lunary-ai/lunary version 1.0.0, an authorization flaw exists
that a ...)
+ TODO: check
+CVE-2024-1665 (lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized
evaluatio ...)
+ TODO: check
+CVE-2024-1646 (parisneo/lollms-webui is vulnerable to authentication bypass
due to in ...)
+ TODO: check
+CVE-2024-1626 (An Insecure Direct Object Reference (IDOR) vulnerability exists
in the ...)
+ TODO: check
+CVE-2024-1601 (An SQL injection vulnerability exists in the
`delete_discussion()` fun ...)
+ TODO: check
+CVE-2024-1594 (A path traversal vulnerability exists in the mlflow/mlflow
repository, ...)
+ TODO: check
+CVE-2024-1593 (A path traversal vulnerability exists in the mlflow/mlflow
repository ...)
+ TODO: check
+CVE-2024-1569 (parisneo/lollms-webui is vulnerable to a denial of service
(DoS) attac ...)
+ TODO: check
+CVE-2024-1561 (An issue was discovered in gradio-app/gradio, where the
`/component_se ...)
+ TODO: check
+CVE-2024-1560 (A
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bb6d802e by security tracker role at 2024-04-15T20:11:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,255 @@
+CVE-2024-3804 (A vulnerability, which was classified as critical, has been
found in V ...)
+ TODO: check
+CVE-2024-3803 (A vulnerability classified as critical was found in Vesystem
Cloud Des ...)
+ TODO: check
+CVE-2024-3802 (Vulnerabilities in Celeste 22.x was vulnerable to takeover from
unauth ...)
+ TODO: check
+CVE-2024-3797 (A vulnerability was found in SourceCodester QR Code Bookmark
System 1. ...)
+ TODO: check
+CVE-2024-3796 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
+ TODO: check
+CVE-2024-3795 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
+ TODO: check
+CVE-2024-3794 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
+ TODO: check
+CVE-2024-3793 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
+ TODO: check
+CVE-2024-3792 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
+ TODO: check
+CVE-2024-3791 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
+ TODO: check
+CVE-2024-3790 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
+ TODO: check
+CVE-2024-3789 (Uncontrolled resource consumption vulnerability in White Bear
Solution ...)
+ TODO: check
+CVE-2024-3788 (Vulnerability in WBSAirback 21.02.04, which involves improper
neutrali ...)
+ TODO: check
+CVE-2024-3787 (Vulnerability in WBSAirback 21.02.04, which involves improper
neutrali ...)
+ TODO: check
+CVE-2024-3786 (Vulnerability in WBSAirback 21.02.04, which involves improper
neutrali ...)
+ TODO: check
+CVE-2024-3785 (Vulnerability in WBSAirback 21.02.04, which involves improper
neutrali ...)
+ TODO: check
+CVE-2024-3784 (Vulnerability in WBSAirback 21.02.04, which involves improper
neutrali ...)
+ TODO: check
+CVE-2024-3783 (The Backup Agents section in WBSAirback 21.02.04 is affected by
a Path ...)
+ TODO: check
+CVE-2024-3782 (Cross-Site Request Forgery vulnerability in WBSAirback
21.02.04, which ...)
+ TODO: check
+CVE-2024-3781 (Command injection vulnerability in the operating system.
Improper neut ...)
+ TODO: check
+CVE-2024-3780 (A vulnerability of Information Exposure has been found on
Technicolor ...)
+ TODO: check
+CVE-2024-32437 (Cross-Site Request Forgery (CSRF) vulnerability in impleCode
eCommerce ...)
+ TODO: check
+CVE-2024-32436 (Cross-Site Request Forgery (CSRF) vulnerability in
Codemenschen Gift V ...)
+ TODO: check
+CVE-2024-32435 (Cross-Site Request Forgery (CSRF) vulnerability in Affieasy
Team AffiE ...)
+ TODO: check
+CVE-2024-32434 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche
Softwares Ord ...)
+ TODO: check
+CVE-2024-32433 (Cross-Site Request Forgery (CSRF) vulnerability in Themefic
BEAF.This ...)
+ TODO: check
+CVE-2024-32141 (Cross-Site Request Forgery (CSRF) vulnerability in Libsyn
Libsyn Publi ...)
+ TODO: check
+CVE-2024-32129 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in F ...)
+ TODO: check
+CVE-2024-32104 (Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins
NextMove ...)
+ TODO: check
+CVE-2024-32103 (Cross-Site Request Forgery (CSRF) vulnerability in
Siteimprove.This is ...)
+ TODO: check
+CVE-2024-32102 (Cross-Site Request Forgery (CSRF) vulnerability in Scott
Kingsley Clar ...)
+ TODO: check
+CVE-2024-32101 (Cross-Site Request Forgery (CSRF) vulnerability in Omnisend
Email Mark ...)
+ TODO: check
+CVE-2024-32099 (Cross-Site Request Forgery (CSRF) vulnerability in James Ward
WP Mail ...)
+ TODO: check
+CVE-2024-32097 (Cross-Site Request Forgery (CSRF) vulnerability in Eyal
Fitoussi GEO m ...)
+ TODO: check
+CVE-2024-32096 (Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech
WP Migrat ...)
+ TODO: check
+CVE-2024-32095 (Cross-Site Request Forgery (CSRF) vulnerability in
MultiParcels MultiP ...)
+ TODO: check
+CVE-2024-32094 (Cross-Site Request Forgery (CSRF) vulnerability in
ChurchThemes Church ...)
+ TODO: check
+CVE-2024-32093 (Cross-Site Request Forgery (CSRF) vulnerability in Nose Graze
Novelist ...)
+ TODO: check
+CVE-2024-32092 (Cross-Site Request Forgery (CSRF) vulnerability in Michael
Bester Kimi ...)
+ TODO: check
+CVE-2024-32091 (Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo
Sangar Slide ...)
+ TODO: check
+CVE-2024-32090 (Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle
Church A ...)
+ TODO:
