Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 409e87f7 by Moritz Muehlenhoff at 2024-04-17T13:47:47+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -29,7 +29,7 @@ CVE-2024-3867 (The archive-tainacan-collection theme for WordPress is vulnerable CVE-2024-3672 (The BA Book Everything plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-3660 (A arbitrary code injection vulnerability in TensorFlow's Keras framewo ...) - TODO: check + - tensorflow <itp> (bug #804612) CVE-2024-3367 (Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1. ...) - check-mk <removed> CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) @@ -37,15 +37,15 @@ CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is vuln CVE-2024-3067 (The WooCommerce Google Feed Manager plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-32634 (In huge memory get unmapped area check, code can never be reached beca ...) - TODO: check + NOT-FOR-US: ASR Falcon CVE-2024-32633 (An unsigned value can never be negative, so eMMC full disk test will a ...) - TODO: check + NOT-FOR-US: ASR Falcon CVE-2024-32632 (A value in ATCMD will be misinterpreted by printf, causing incorrect o ...) - TODO: check + NOT-FOR-US: ASR Falcon CVE-2024-32631 (Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect compu ...) - TODO: check + NOT-FOR-US: ASR Falcon CVE-2024-32625 (In OffloadAMRWriter, a scalar field is not initialized so will contain ...) - TODO: check + NOT-FOR-US: ASR Falcon CVE-2024-32532 (Missing Authorization vulnerability in SiteGround Speed Optimizer.This ...) NOT-FOR-US: WordPress plugin CVE-2024-32525 (Missing Authorization vulnerability in Theme My Login.This issue affec ...) @@ -113,7 +113,7 @@ CVE-2024-30380 (An Improper Handling of Exceptional Conditions vulnerability in CVE-2024-30378 (A Use After Free vulnerability in command processing of Juniper Networ ...) NOT-FOR-US: Juniper CVE-2024-30256 (Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable ...) - TODO: check + NOT-FOR-US: Open WebUI CVE-2024-2309 (The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, ...) NOT-FOR-US: WordPress plugin CVE-2024-2118 (The Social Media Share Buttons & Social Sharing Icons WordPress plugin ...) @@ -127,7 +127,7 @@ CVE-2024-29402 (cskefu v7 suffers from Insufficient Session Expiration, which al CVE-2024-29291 (An issue in Laravel Framework 8 through 11 might allow a remote attack ...) TODO: check CVE-2024-27086 (The MSAL library enabled acquisition of security tokens to call protec ...) - TODO: check + NOT-FOR-US: microsoft-authentication-library-for-dotnet CVE-2024-25911 (Missing Authorization vulnerability in Skymoon Labs MoveTo.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-22440 (A potential security vulnerability has been identified in HPE Compute ...) @@ -179,7 +179,7 @@ CVE-2024-21103 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt CVE-2024-21102 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 <unfixed> CVE-2024-21101 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - TODO: check + NOT-FOR-US: MySQL Cluster CVE-2024-21100 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) NOT-FOR-US: Oracle CVE-2024-21099 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) @@ -423,13 +423,13 @@ CVE-2024-1219 (The Easy Social Feed WordPress plugin before 6.5.6 does not vali CVE-2024-0868 (The coreActivity: Activity Logging plugin for WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2023-51391 (A bug in Micrium OS Network HTTP Server permits an invalid pointer der ...) - TODO: check + NOT-FOR-US: Micrium OS Network HTTP Server CVE-2023-50872 (The API in Accredible Credential.net December 6th, 2023 allows an Inse ...) - TODO: check + NOT-FOR-US: Accredible Credential.net API CVE-2023-45000 (Missing Authorization vulnerability in LiteSpeed Technologies LiteSpee ...) - TODO: check + NOT-FOR-US: LiteSpeed Technologies CVE-2023-40000 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: LiteSpeed Technologies CVE-2024-XXXX [gix-transport indirect code execution via malicious username] - rust-gix-transport 0.42.0-1 NOTE: https://github.com/advisories/GHSA-98p4-xjmm-8mfh View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/409e87f713d2b6df0358a32712d6ff1b48156eb4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/409e87f713d2b6df0358a32712d6ff1b48156eb4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits