Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7c77ff6d by Salvatore Bonaccorso at 2024-05-20T16:46:40+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -372,13 +372,13 @@ CVE-2024-5104 (A vulnerability was found in Campcodes Complete Web-Based School CVE-2024-5103 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4284 (A vulnerability in mintplex-labs/anything-llm allows for a denial of s ...) - TODO: check + NOT-FOR-US: mintplex-labs/anything-llm CVE-2024-3368 (The All in One SEO WordPress plugin before 4.6.1.1 does not validate ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-36081 (Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated u ...) - TODO: check + NOT-FOR-US: Westermo EDW-100 devices CVE-2024-36080 (Westermo EDW-100 devices through 2024-05-03 have a hidden root user ac ...) - TODO: check + NOT-FOR-US: Westermo EDW-100 devices CVE-2024-5101 (A vulnerability was found in SourceCodester Simple Inventory System 1. ...) NOT-FOR-US: SourceCodester Simple Inventory System CVE-2024-5100 (A vulnerability was found in SourceCodester Simple Inventory System 1. ...) @@ -390,7 +390,7 @@ CVE-2024-36076 (Syslifters SysReptor before 2024.40 has a CSRF vulnerability for CVE-2024-36070 (tine before 2023.11.8, when an LDAP backend is used, allows anonymous ...) TODO: check CVE-2024-36053 (In the mintupload package through 4.2.0 for Linux Mint, service-name m ...) - TODO: check + NOT-FOR-US: mintupload CVE-2024-35947 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux <unfixed> NOTE: https://git.kernel.org/linus/00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c (6.9-rc7) @@ -852,7 +852,7 @@ CVE-2024-3745 (MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypas CVE-2024-3658 (The Build App Online plugin for WordPress is vulnerable to authenticat ...) NOT-FOR-US: WordPress plugin CVE-2024-36043 (question_image.ts in SurveyJS Form Library before 1.10.4 allows conten ...) - TODO: check + NOT-FOR-US: SurveyJS Form Library CVE-2024-34083 (aiosmptd is a reimplementation of the Python stdlib smtpd.py based on ...) TODO: check CVE-2024-31879 (IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbit ...) @@ -872,7 +872,7 @@ CVE-2024-4698 (The Testimonial Carousel For Elementor plugin for WordPress is vu CVE-2024-4374 (The DethemeKit For Elementor plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2024-4264 (A remote code execution (RCE) vulnerability exists in the berriai/lite ...) - TODO: check + NOT-FOR-US: berriai/litellm CVE-2024-3812 (The Salient Core plugin for WordPress is vulnerable to Local File Incl ...) NOT-FOR-US: WordPress plugin CVE-2024-3811 (The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cr ...) @@ -892,11 +892,11 @@ CVE-2024-2772 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Dra CVE-2024-2771 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) NOT-FOR-US: WordPress plugin CVE-2024-23583 (An attacker could potentially intercept credentials via the task manag ...) - TODO: check + NOT-FOR-US: HCL CVE-2024-23556 (SSL/TLS Renegotiation functionality potentially leading to DoS attack ...) - TODO: check + NOT-FOR-US: HCL CVE-2024-23554 (Cross-Site Request Forgery (CSRF) on Session Token vulnerability that ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-52424 (The IEEE 802.11 standard sometimes enables an adversary to trick a vic ...) TODO: check CVE-2024-5072 (Improper input validation in PAM JIT elevation feature in Devolutions ...) @@ -934,7 +934,7 @@ CVE-2024-5043 (A vulnerability was found in Emlog Pro 2.3.4 and classified as cr CVE-2024-5042 (A flaw was found in the Submariner project. Due to unnecessary role-ba ...) NOT-FOR-US: Submariner CVE-2024-5022 (The file scheme of URLs would be hidden, resulting in potential spoofi ...) - TODO: check + NOT-FOR-US: Focus for iOS CVE-2024-4998 REJECTED CVE-2024-4789 (Cost Calculator Builder Pro plugin for WordPress is vulnerable to Serv ...) @@ -1669,21 +1669,21 @@ CVE-2024-24873 (: Improper Control of Interaction Frequency vulnerability in Cod CVE-2024-24869 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: WordPress plugin CVE-2024-24715 (Improper Validation of Specified Quantity in Input vulnerability in Th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-23522 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-22429 (Dell BIOS contains an Improper Input Validation vulnerability. A local ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-22157 (Improper Privilege Management vulnerability in WebWizards SalesKing al ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-22145 (Improper Privilege Management vulnerability in InstaWP Team InstaWP Co ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-22139 (Authentication Bypass by Spoofing vulnerability in Filipe Seabra WordP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-22120 (Zabbix server can perform command execution for configured scripts. Af ...) TODO: check CVE-2024-21746 (Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate R ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5597 (A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboar ...) TODO: check CVE-2023-52698 (In the Linux kernel, the following vulnerability has been resolved: c ...) @@ -1909,19 +1909,19 @@ CVE-2023-52657 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/955558030954b9637b41c97b730f9b38c92ac488 (6.8-rc7) CVE-2023-51546 (Improper Privilege Management vulnerability in WebToffee WooCommerce P ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51483 (Improper Privilege Management vulnerability in Glowlogix WP Frontend P ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51481 (Improper Privilege Management vulnerability in powerfulwp Local Delive ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51479 (Improper Privilege Management vulnerability in Abdul Hakeem Build App ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51476 (Improper Privilege Management vulnerability in IOSS WP MLM Unilevel al ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51424 (Improper Privilege Management vulnerability in Saleswonder Team Webina ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51401 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51398 (Improper Privilege Management vulnerability in Brainstorm Force Ultima ...) TODO: check CVE-2023-51356 (Improper Privilege Management vulnerability in Repute Infosystems ARMe ...) @@ -2001,55 +2001,55 @@ CVE-2024-23980 (Improper buffer restrictions in PlatformPfrDxe driver in UEFI fi CVE-2024-23487 (Improper input validation in UserAuthenticationSmm driver in UEFI firm ...) TODO: check CVE-2024-22476 (Improper input validation in some Intel(R) Neural Compressor software ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-22390 (Improper input validation in firmware for some Intel(R) FPGA products ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-22384 (Out-of-bounds read for some Intel(R) Trace Analyzer and Collector soft ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-22382 (Improper input validation in PprRequestLog module in UEFI firmware for ...) TODO: check CVE-2024-22379 (Uncontrolled search path in some Intel(R) Inspector software before ve ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-22095 (Improper input validation in PlatformVariableInitDxe driver in UEFI fi ...) TODO: check CVE-2024-22015 (Improper input validation for some Intel(R) DLB driver software before ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21864 (Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21862 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Ed ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21861 (Uncontrolled search path in some Intel(R) GPA Framework software befor ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21843 (Uncontrolled search path for some Intel(R) Computing Improvement Progr ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21841 (Uncontrolled search path for some Intel(R) Distribution for GDB softwa ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21837 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Editio ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21835 (Insecure inherited permissions in some Intel(R) XTU software before ve ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21831 (Uncontrolled search path in some Intel(R) Processor Diagnostic Tool so ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21828 (Improper access control in some Intel(R) Ethernet Controller Administr ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21818 (Uncontrolled search path in some Intel(R) PCM software before version ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21814 (Uncontrolled search path for some Intel(R) Chipset Device Software bef ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21813 (Exposure of resource to wrong sphere in some Intel(R) DTT software ins ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21809 (Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edit ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21792 (Time-of-check Time-of-use race condition in Intel(R) Neural Compressor ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21788 (Uncontrolled search path in some Intel(R) GPA software before version ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21777 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21774 (Uncontrolled search path in some Intel(R) Processor Identification Uti ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21772 (Uncontrolled search path in some Intel(R) Advisor software before vers ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-49614 (Out of bounds write in firmware for some Intel(R) FPGA products before ...) TODO: check CVE-2023-48727 (NULL pointer dereference in some Intel(R) oneVPL software before versi ...) @@ -2351,9 +2351,9 @@ CVE-2024-4352 (The Tutor LMS Pro plugin for WordPress is vulnerable to unauthori CVE-2024-4351 (The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized a ...) NOT-FOR-US: WordPress plugin CVE-2024-4326 (A vulnerability in parisneo/lollms-webui versions up to 9.3 allows rem ...) - TODO: check + NOT-FOR-US: parisneo/lollms-webui CVE-2024-4322 (A path traversal vulnerability exists in the parisneo/lollms-webui app ...) - TODO: check + NOT-FOR-US: parisneo/lollms-webui CVE-2024-4321 (A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/c ...) NOT-FOR-US: gaizhenbiao/chuanhuchatgpt application CVE-2024-4318 (The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Inj ...) @@ -2369,9 +2369,9 @@ CVE-2024-4223 (The Tutor LMS plugin for WordPress is vulnerable to unauthorized CVE-2024-4222 (The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized a ...) NOT-FOR-US: WordPress plugin CVE-2024-4181 (A command injection vulnerability exists in the RunGptLLM class of the ...) - TODO: check + NOT-FOR-US: llama_index CVE-2024-4078 (A vulnerability in the parisneo/lollms, specifically in the `/unInstal ...) - TODO: check + NOT-FOR-US: parisneo/lollms CVE-2024-3887 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-3851 (A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imart ...) @@ -2391,13 +2391,13 @@ CVE-2024-3641 (The Newsletter Popup WordPress plugin through 1.2 does not saniti CVE-2024-3640 (An unquoted executable path exists in the Rockwell AutomationFactoryTa ...) NOT-FOR-US: Rockwell Automation CVE-2024-3435 (A path traversal vulnerability exists in the 'save_settings' endpoint ...) - TODO: check + NOT-FOR-US: parisneo/lollms-webui CVE-2024-3403 (imartinez/privategpt version 0.2.0 is vulnerable to a local file inclu ...) NOT-FOR-US: imartinez/privategpt CVE-2024-3286 (A buffer overflow vulnerability was identified in some Lenovo printers ...) NOT-FOR-US: Lenovo CVE-2024-3126 (A command injection vulnerability exists in the 'run_xtts_api_server' ...) - TODO: check + NOT-FOR-US: parisneo/lollms-webui CVE-2024-35302 (In JetBrains TeamCity before 2023.11 stored XSS during restore from ba ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-35301 (In JetBrains TeamCity before 2024.03.1 commit status publisher didn't ...) @@ -2483,11 +2483,11 @@ CVE-2024-30275 (Adobe Aero Desktop versions 23.4 and earlier are affected by a U CVE-2024-30274 (Substance3D - Painter versions 9.1.2 and earlier are affected by an ou ...) NOT-FOR-US: Adobe CVE-2024-2366 (A remote code execution vulnerability exists in the parisneo/lollms-we ...) - TODO: check + NOT-FOR-US: parisneo/lollms-webui CVE-2024-2361 (A vulnerability in the parisneo/lollms-webui allows for arbitrary file ...) - TODO: check + NOT-FOR-US: parisneo/lollms-webui CVE-2024-2358 (A path traversal vulnerability in the '/apply_settings' endpoint of pa ...) - TODO: check + NOT-FOR-US: parisneo/lollms-webui CVE-2024-27260 (IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged ...) NOT-FOR-US: IBM CVE-2024-27244 (Insufficient verification of data authenticity in the installer for Zo ...) @@ -2495,17 +2495,17 @@ CVE-2024-27244 (Insufficient verification of data authenticity in the installer CVE-2024-27243 (Buffer overflow in some Zoom Workplace Apps and SDK\u2019s may allow a ...) NOT-FOR-US: Zoom CVE-2024-20793 (Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-o ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20792 (Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use Af ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20791 (Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-o ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-20389 (A vulnerability in the ConfD CLI and the Cisco Crosswork Network Serv ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20326 (A vulnerability in the ConfD CLI and the Cisco Crosswork Network Serv ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-1417 (Improper Neutralization of Special Elements used in a Command ('Comman ...) - TODO: check + NOT-FOR-US: WatchGuard AuthPoint Password Manager on MacOS CVE-2023-48643 (Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthen ...) TODO: check CVE-2023-47717 (IBM Security Guardium 12.0 could allow a privileged user to perform un ...) @@ -2631,11 +2631,11 @@ CVE-2024-30310 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier a CVE-2024-30284 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-2248 (A Header Injection vulnerability in the JFrog platform in versions bel ...) - TODO: check + NOT-FOR-US: JFrog CVE-2024-28087 (In Bonitasoft runtime Community edition, the lack of dynamic permissio ...) NOT-FOR-US: Bonitasoft CVE-2024-28042 (SUBNET Solutions Inc. has identified vulnerabilities in third-party co ...) - TODO: check + NOT-FOR-US: PowerSYSTEM Center CVE-2024-27593 (A stored cross-site scripting (XSS) vulnerability in the Filter functi ...) NOT-FOR-US: Eramba CVE-2024-27353 (A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde ...) @@ -2665,21 +2665,21 @@ CVE-2024-20256 (A vulnerability in the web-based management interface of Cisco A CVE-2023-7258 (A denial of service exists in Gvisor Sandbox where a bug in reference ...) TODO: check CVE-2023-6324 (ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session ...) - TODO: check + NOT-FOR-US: ThroughTek Kalay SDK CVE-2023-6323 (ThroughTek Kalay SDK does not verify the authenticity of received mess ...) - TODO: check + NOT-FOR-US: ThroughTek Kalay SDK CVE-2023-6322 (A stack-based buffer overflow vulnerability exists in the message pars ...) TODO: check CVE-2023-6321 (A command injection vulnerability exists in the IOCTL that manages OTA ...) TODO: check CVE-2023-5938 (Multiple functions use archives without properly validating the filena ...) - TODO: check + NOT-FOR-US: Nozomi Networks CVE-2023-5937 (On Windows systems, the Arc configuration files resulted to be world-r ...) - TODO: check + NOT-FOR-US: Nozomi Networks CVE-2023-5936 (On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe ...) - TODO: check + NOT-FOR-US: Nozomi Networks CVE-2023-5935 (When configuring Arc (e.g. during the first setup), a local web interf ...) - TODO: check + NOT-FOR-US: Nozomi Networks CVE-2023-40297 (Stakater Forecastle 1.0.139 and before allows %5C../ directory travers ...) TODO: check CVE-2024-4894 (ITPison OMICARD EDM fails to properly filter specific URL parameter, ...) @@ -2789,7 +2789,7 @@ CVE-2024-31467 (There are buffer overflow vulnerabilities in the underlying CLI CVE-2024-31466 (There are buffer overflow vulnerabilities in the underlying CLI servic ...) NOT-FOR-US: Aruba CVE-2024-0437 (The Password Protected \u2013 Ultimate Plugin to Password Protect Your ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-33327 (Improper Privilege Management vulnerability in Teplitsa of social tech ...) TODO: check CVE-2024-3044 (Unchecked script execution in Graphic on-click binding in affected Lib ...) @@ -3177,19 +3177,19 @@ CVE-2024-1914 (An attacker who successfully exploited these vulnerabilities coul CVE-2024-1913 (An attacker who successfully exploited these vulnerabilities could cau ...) TODO: check CVE-2024-1630 (Path traversal vulnerability in \u201cgetAllFolderContents\u201d funct ...) - TODO: check + NOT-FOR-US: GE HealthCare CVE-2024-1629 (Path traversal vulnerability in \u201cdeleteFiles\u201d function of Co ...) - TODO: check + NOT-FOR-US: GE HealthCare CVE-2024-1628 (OS command injection vulnerabilities in GE HealthCare ultrasound devic ...) - TODO: check + NOT-FOR-US: GE HealthCare CVE-2024-1598 (Potential buffer overflow in unsafe UEFI variable handling in Phoen ...) - TODO: check + NOT-FOR-US: Phoenix SecureCore for Intel Gemini Lake CVE-2024-1486 (Elevation of privileges via misconfigured access control list in GE He ...) - TODO: check + NOT-FOR-US: GE HealthCare CVE-2024-0862 (The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection ...) - TODO: check + NOT-FOR-US: Proofpoint CVE-2024-0762 (Potential buffer overflow in unsafe UEFI variable handling in Phoen ...) - TODO: check + NOT-FOR-US: Phoenix SecureCore CVE-2023-50180 (An exposure of sensitive system information to an unauthorized control ...) TODO: check CVE-2023-46714 (A stack-based buffer overflow [CWE-121] vulnerability in Fortinet Fort ...) @@ -3638,7 +3638,7 @@ CVE-2024-25641 (Cacti provides an operational monitoring and fault management fr NOTE: https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210 NOTE: https://github.com/Cacti/cacti/commit/624673fd417a920adbbfb4b6d6eb7ddb35a9f891 (release/1.2.27) CVE-2024-22774 (An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.760 ...) - TODO: check + NOT-FOR-US: Panoramic Corporation Digital Imaging Software CVE-2023-50718 (NocoDB is software for building databases as spreadsheets. Prior to ve ...) TODO: check CVE-2023-50717 (NocoDB is software for building databases as spreadsheets. Starting in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c77ff6d55cdaf4dee5f6d4dccafb5f1aa970158 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c77ff6d55cdaf4dee5f6d4dccafb5f1aa970158 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits