Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9128e489 by Salvatore Bonaccorso at 2024-04-25T22:35:45+02:00
Process some NFUs
- - - - -
69bca91c by Salvatore Bonaccorso at 2024-04-25T22:35:45+02:00
Add two glpi issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,93 +1,97 @@
CVE-2024-4175 (Unicode transformation vulnerability in Hyperion affecting
version 2.0 ...)
- TODO: check
+ NOT-FOR-US: Hyperion
CVE-2024-4174 (Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server
affect ...)
- TODO: check
+ NOT-FOR-US: Hyperion
CVE-2024-4172 (A vulnerability classified as problematic was found in idcCMS
1.35. Af ...)
- TODO: check
+ NOT-FOR-US: idcCMS
CVE-2024-4171 (A vulnerability classified as critical has been found in Tenda
W30E 1. ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4170 (A vulnerability was found in Tenda 4G300 1.01.42. It has been
rated as ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4169 (A vulnerability was found in Tenda 4G300 1.01.42. It has been
declared ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4168 (A vulnerability was found in Tenda 4G300 1.01.42. It has been
classifi ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4167 (A vulnerability was found in Tenda 4G300 1.01.42 and classified
as cri ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4166 (A vulnerability has been found in Tenda 4G300 1.01.42 and
classified a ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4165 (A vulnerability, which was classified as critical, was found in
Tenda ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4164 (A vulnerability, which was classified as critical, has been
found in T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4077 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4035 (The Photo Gallery \u2013 GT3 Image Gallery & Gutenberg Block
Gallery p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4024 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
TODO: check
CVE-2024-4006 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
TODO: check
CVE-2024-3994 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3733 (The Essential Addons for Elementor \u2013 Best Elementor
Templates, Wi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3730 (The Simple Membership plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33592 (Server-Side Request Forgery (SSRF) vulnerability in SoftLab
Radio Play ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33247 (Sourcecodester Employee Task Management System v1.0 is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Employee Task Management System
CVE-2024-32961 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32676 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32649 (Vyper is a pythonic Smart Contract Language for the Ethereum
virtual m ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2024-32648 (Vyper is a pythonic Smart Contract Language for the Ethereum
virtual m ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2024-32647 (Vyper is a pythonic Smart Contract Language for the Ethereum
virtual m ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2024-32646 (Vyper is a pythonic Smart Contract Language for the Ethereum
virtual m ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2024-32645 (Vyper is a pythonic Smart Contract Language for the Ethereum
virtual m ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2024-32481 (Vyper is a pythonic Smart Contract Language for the Ethereum
virtual m ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2024-32467 (MeterSphere is an open source continuous testing platform.
Prior to ve ...)
- TODO: check
+ NOT-FOR-US: MeterSphere
CVE-2024-32358 (An issue in Jpress v.5.1.0 allows a remote attacker to execute
arbitra ...)
- TODO: check
+ NOT-FOR-US: Jpress
CVE-2024-32324 (Buffer Overflow vulnerability in Shenzhen Libituo Technology
Co., Ltd ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Libituo Technology Co., Ltd LBT-T300-T400
CVE-2024-32236 (An issue in CmsEasy v.7.7 and before allows a remote attacker
to obtai ...)
- TODO: check
+ NOT-FOR-US: CmsEasy
CVE-2024-31615 (ThinkCMF 6.0.9 is vulnerable to File upload via
UeditorController.php.)
- TODO: check
+ NOT-FOR-US: ThinkCMF
CVE-2024-31574 (Cross Site Scripting vulnerability in TWCMS v.2.6 allows a
local attac ...)
- TODO: check
+ NOT-FOR-US: TWCMS
CVE-2024-31266 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30939 (An issue discovered in Yealink VP59 Teams Editions with
firmware versi ...)
- TODO: check
+ NOT-FOR-US: Yealink
CVE-2024-30890 (Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an
attacke ...)
- TODO: check
+ NOT-FOR-US: ED01-CMS
CVE-2024-30560 (Cross-Site Request Forgery (CSRF) vulnerability in
\u5927\u4fa0WP DX-W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2829 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
TODO: check
CVE-2024-2434 (An issue has been discovered in GitLab affecting all versions
of GitLa ...)
TODO: check
CVE-2024-29660 (Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a
local att ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2024-28241 (The GLPI Agent is a generic management agent. Prior to version
1.7.2, ...)
- TODO: check
+ - glpi <removed>
+ NOTE:
https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-3268-p58w-86hw
+ NOTE:
https://github.com/glpi-project/glpi-agent/commit/9a97114f595562c91b0833b4a800dd51e9df65e9
CVE-2024-28240 (The GLPI Agent is a generic management agent. A vulnerability
that onl ...)
- TODO: check
+ - glpi <removed>
+ NOTE:
https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-hx3x-mmqg-h3jp
+ NOTE:
https://github.com/glpi-project/glpi-agent/commit/41bbb1169e899bd15350a9e2fdbf9269a3b7a14f
CVE-2024-25917 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25624 (Iris is a web collaborative platform aiming to help incident
responder ...)
- TODO: check
+ NOT-FOR-US: Iris
CVE-2024-25569 (An out-of-bounds read vulnerability exists in the
RAWCodec::DecodeByte ...)
TODO: check
CVE-2024-25026 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere
Applicatio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cfaffae9b185a961bd736e4ee474dd4fb9f8375c...69bca91ca2e9df172751f6a20fb65681530be77d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cfaffae9b185a961bd736e4ee474dd4fb9f8375c...69bca91ca2e9df172751f6a20fb65681530be77d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
