Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9128e489 by Salvatore Bonaccorso at 2024-04-25T22:35:45+02:00 Process some NFUs - - - - - 69bca91c by Salvatore Bonaccorso at 2024-04-25T22:35:45+02:00 Add two glpi issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,93 +1,97 @@ CVE-2024-4175 (Unicode transformation vulnerability in Hyperion affecting version 2.0 ...) - TODO: check + NOT-FOR-US: Hyperion CVE-2024-4174 (Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affect ...) - TODO: check + NOT-FOR-US: Hyperion CVE-2024-4172 (A vulnerability classified as problematic was found in idcCMS 1.35. Af ...) - TODO: check + NOT-FOR-US: idcCMS CVE-2024-4171 (A vulnerability classified as critical has been found in Tenda W30E 1. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4170 (A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4169 (A vulnerability was found in Tenda 4G300 1.01.42. It has been declared ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4168 (A vulnerability was found in Tenda 4G300 1.01.42. It has been classifi ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4167 (A vulnerability was found in Tenda 4G300 1.01.42 and classified as cri ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4166 (A vulnerability has been found in Tenda 4G300 1.01.42 and classified a ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4165 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4164 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-4077 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4035 (The Photo Gallery \u2013 GT3 Image Gallery & Gutenberg Block Gallery p ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4024 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) TODO: check CVE-2024-4006 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) TODO: check CVE-2024-3994 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3733 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3730 (The Simple Membership plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33592 (Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Play ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33247 (Sourcecodester Employee Task Management System v1.0 is vulnerable to S ...) - TODO: check + NOT-FOR-US: Sourcecodester Employee Task Management System CVE-2024-32961 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32676 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32649 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) - TODO: check + NOT-FOR-US: Vyper CVE-2024-32648 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) - TODO: check + NOT-FOR-US: Vyper CVE-2024-32647 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) - TODO: check + NOT-FOR-US: Vyper CVE-2024-32646 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) - TODO: check + NOT-FOR-US: Vyper CVE-2024-32645 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) - TODO: check + NOT-FOR-US: Vyper CVE-2024-32481 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) - TODO: check + NOT-FOR-US: Vyper CVE-2024-32467 (MeterSphere is an open source continuous testing platform. Prior to ve ...) - TODO: check + NOT-FOR-US: MeterSphere CVE-2024-32358 (An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitra ...) - TODO: check + NOT-FOR-US: Jpress CVE-2024-32324 (Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd ...) - TODO: check + NOT-FOR-US: Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 CVE-2024-32236 (An issue in CmsEasy v.7.7 and before allows a remote attacker to obtai ...) - TODO: check + NOT-FOR-US: CmsEasy CVE-2024-31615 (ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php.) - TODO: check + NOT-FOR-US: ThinkCMF CVE-2024-31574 (Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attac ...) - TODO: check + NOT-FOR-US: TWCMS CVE-2024-31266 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30939 (An issue discovered in Yealink VP59 Teams Editions with firmware versi ...) - TODO: check + NOT-FOR-US: Yealink CVE-2024-30890 (Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacke ...) - TODO: check + NOT-FOR-US: ED01-CMS CVE-2024-30560 (Cross-Site Request Forgery (CSRF) vulnerability in \u5927\u4fa0WP DX-W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2829 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) TODO: check CVE-2024-2434 (An issue has been discovered in GitLab affecting all versions of GitLa ...) TODO: check CVE-2024-29660 (Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local att ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-28241 (The GLPI Agent is a generic management agent. Prior to version 1.7.2, ...) - TODO: check + - glpi <removed> + NOTE: https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-3268-p58w-86hw + NOTE: https://github.com/glpi-project/glpi-agent/commit/9a97114f595562c91b0833b4a800dd51e9df65e9 CVE-2024-28240 (The GLPI Agent is a generic management agent. A vulnerability that onl ...) - TODO: check + - glpi <removed> + NOTE: https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-hx3x-mmqg-h3jp + NOTE: https://github.com/glpi-project/glpi-agent/commit/41bbb1169e899bd15350a9e2fdbf9269a3b7a14f CVE-2024-25917 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25624 (Iris is a web collaborative platform aiming to help incident responder ...) - TODO: check + NOT-FOR-US: Iris CVE-2024-25569 (An out-of-bounds read vulnerability exists in the RAWCodec::DecodeByte ...) TODO: check CVE-2024-25026 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Applicatio ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cfaffae9b185a961bd736e4ee474dd4fb9f8375c...69bca91ca2e9df172751f6a20fb65681530be77d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cfaffae9b185a961bd736e4ee474dd4fb9f8375c...69bca91ca2e9df172751f6a20fb65681530be77d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits