Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 235c5fb0 by Moritz Muehlenhoff at 2024-05-24T09:05:43+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -7,13 +7,13 @@ CVE-2024-5264 (Network Transfer with AES KHT in Thales Luna EFT 2.1 and above al CVE-2024-5258 (An authorization vulnerability exists within GitLab from versions 16.1 ...) TODO: check CVE-2024-5202 (Arbitrary File Readin OpenText Dimensions RM allowsauthenticated users ...) - TODO: check + NOT-FOR-US: OpenText Dimensions RM CVE-2024-5201 (Privilege Escalationin OpenText Dimensions RM allows an authenticated ...) - TODO: check + NOT-FOR-US: OpenText Dimensions RM CVE-2024-5168 (Improper access control vulnerability in Prodys' Quantum Audio codec a ...) - TODO: check + NOT-FOR-US: Prodys Quantum Audio codec CVE-2024-5165 (In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several in ...) - TODO: check + NOT-FOR-US: Eclipse Ditto CVE-2024-5143 (A user with device administrative privileges can change existing SMTP ...) NOT-FOR-US: HP CVE-2024-5085 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is ...) @@ -37,11 +37,11 @@ CVE-2024-35570 (An arbitrary file upload vulnerability in the component \control CVE-2024-35375 (There is an arbitrary file upload vulnerability on the media add .php ...) NOT-FOR-US: DedeCMS CVE-2024-35224 (OpenProject is the leading open source project management software. Op ...) - TODO: check + NOT-FOR-US: OpenProject CVE-2024-35223 (Dapr is a portable, event-driven, runtime for building distributed app ...) - TODO: check + NOT-FOR-US: Dapr CVE-2024-35222 (Tauri is a framework for building binaries for all major desktop platf ...) - TODO: check + NOT-FOR-US: Tauri CVE-2024-35197 (gitoxide is a pure Rust implementation of Git. On Windows, fetching re ...) - rust-gitoxide <itp> (bug #1043208) CVE-2024-35186 (gitoxide is a pure Rust implementation of Git. During checkout, `gix-w ...) @@ -87,9 +87,9 @@ CVE-2024-34928 (A SQL injection vulnerability in /model/update_subject_routing.p CVE-2024-34927 (A SQL injection vulnerability in /model/update_classroom.php in Campco ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34060 (IrisEVTXModule is an interface module for Evtx2Splunk and Iris in orde ...) - TODO: check + NOT-FOR-US: IrisEVTXModule CVE-2024-32969 (vantage6 is an open-source infrastructure for privacy preserving analy ...) - TODO: check + NOT-FOR-US: vantage6 CVE-2024-31843 (An issue was discovered in Italtel Embrace 1.6.4. The Web application ...) NOT-FOR-US: Italtel Embrace CVE-2024-30280 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) @@ -99,17 +99,17 @@ CVE-2024-30279 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier a CVE-2024-2861 (The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2024-2301 (Certain HP LaserJet Pro devices are potentially vulnerable to a Cross- ...) - TODO: check + NOT-FOR-US: HP CVE-2024-28188 (Jupyter Scheduler is collection of extensions for programming jobs to ...) TODO: check CVE-2024-26139 (OpenCTI is an open source platform allowing organizations to manage th ...) - TODO: check + NOT-FOR-US: OpenCTI CVE-2024-1815 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1814 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1803 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4859 REJECTED CVE-2024-5241 (A vulnerability was found in Huashi Private Cloud CDN Live Streaming A ...) @@ -153,9 +153,9 @@ CVE-2024-4486 (The Awesome Contact Form7 for Elementor plugin for WordPress is v CVE-2024-4431 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) NOT-FOR-US: WordPress plugin CVE-2024-4399 (The does not validate a parameter before making a request to it, whic ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4388 (This does not validate a path generated with user input when download ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4347 (The WP Fastest Cache plugin for WordPress is vulnerable to Directory T ...) NOT-FOR-US: WordPress plugin CVE-2024-4043 (The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored ...) @@ -182,9 +182,9 @@ CVE-2024-3201 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to S CVE-2024-3065 (The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugi ...) NOT-FOR-US: WordPress plugin CVE-2024-2220 (The Button contact VR WordPress plugin through 4.7 does not sanitise a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2038 (The Visual Website Collaboration, Feedback & Project Management \u2013 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29853 (An authentication bypass vulnerability in Veeam Agent for Microsoft Wi ...) NOT-FOR-US: Veeam CVE-2024-29852 (Veeam Backup Enterprise Manager allows high-privileged users to read b ...) @@ -196,17 +196,17 @@ CVE-2024-29850 (Veeam Backup Enterprise Manager allows account takeover via NTLM CVE-2024-29849 (Veeam Backup Enterprise Manager allows unauthenticated users to log in ...) NOT-FOR-US: Veeam CVE-2024-22026 (A local privilege escalation vulnerability in EPMM before 12.1.0.0 all ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-1855 (The WPCafe \u2013 Restaurant Menu, Online Ordering for WooCommerce, Pi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6844 (The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6325 (The RomethemeForm For Elementor plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-46807 (An SQL Injection vulnerability in web component of EPMM before 12.1.0. ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-46806 (An SQL Injection vulnerability in a web component of EPMM versions bef ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-36013 (In the Linux kernel, the following vulnerability has been resolved: B ...) - linux <unfixed> NOTE: https://git.kernel.org/linus/4d7b41c0e43995b0e992b9f8903109275744b658 (6.9) @@ -245,7 +245,7 @@ CVE-2024-5194 (A vulnerability was found in Arris VAP2500 08.50. It has been dec CVE-2024-5193 (A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been ...) NOT-FOR-US: Ritlabs TinyWeb Server CVE-2024-5166 (An Insecure Direct Object Reference in Google Cloud's Looker allowed m ...) - TODO: check + NOT-FOR-US: Google Cloud Looker CVE-2024-5031 (The Memberpress plugin for WordPress is vulnerable to Blind Server-Sid ...) NOT-FOR-US: WordPress plugin CVE-2024-5025 (The Memberpress plugin for WordPress is vulnerable to Stored Cross-Sit ...) @@ -280,7 +280,7 @@ CVE-2024-3495 (The Country State City Dropdown CF7 plugin for WordPress is vulne CVE-2024-36077 (Qlik Sense Enterprise for Windows before 14.187.4 allows a remote atta ...) NOT-FOR-US: Qlik Sense Enterprise for Windows CVE-2024-35627 (tileserver-gl up to v4.4.10 was discovered to contain a cross-site scr ...) - TODO: check + NOT-FOR-US: tileserver-gl CVE-2024-35561 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: idccms CVE-2024-35560 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) @@ -344,9 +344,9 @@ CVE-2024-31894 (IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allo CVE-2024-31893 (IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an a ...) NOT-FOR-US: IBM CVE-2024-31617 (OpenLiteSpeed before 1.8.1 mishandles chunked encoding.) - TODO: check + NOT-FOR-US: OpenLiteSpeed CVE-2024-2036 (The ApplyOnline \u2013 Application Form Builder and Manager plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29421 (xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow ...) NOT-FOR-US: xmedcon CVE-2024-29392 (Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via Cl ...) @@ -354,27 +354,27 @@ CVE-2024-29392 (Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) CVE-2024-27264 (IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local ...) NOT-FOR-US: IBM CVE-2024-25738 (A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/Fix ...) - TODO: check + NOT-FOR-US: Open Library Foundation VuFind CVE-2024-25737 (A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show ...) - TODO: check + NOT-FOR-US: Open Library Foundation VuFind CVE-2024-21791 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injectio ...) - TODO: check + NOT-FOR-US: Zoho CVE-2024-20363 (Multiple Cisco products are affected by a vulnerability in the Snort I ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20361 (A vulnerability in the Object Groups for Access Control Lists (ACLs) f ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20360 (A vulnerability in the web-based management interface of Cisco Firepow ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20355 (A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20293 (A vulnerability in the activation of an access control list (ACL) on C ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20261 (A vulnerability in the file policy feature that is used to inspect enc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-51637 (Sante PACS Server PG Patient Query SQL Injection Remote Code Execution ...) - TODO: check + NOT-FOR-US: Sante PACS Server PG CVE-2023-51636 (Avira Prime Link Following Local Privilege Escalation Vulnerability. T ...) - TODO: check + NOT-FOR-US: Avira CVE-2024-36010 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.8.9-1 [bookworm] - linux <not-affected> (Vulnerable code not present) @@ -4883,9 +4883,9 @@ CVE-2023-46689 (Improper neutralization in Intel(R) Power Gadget software for ma CVE-2023-45846 (Incomplete cleanup in Intel(R) Power Gadget software for macOS all ver ...) NOT-FOR-US: Intel CVE-2023-45845 (Improper conditions check for some Intel(R) Wireless Bluetooth(R) prod ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-45743 (Uncontrolled search path in some Intel(R) DSA software uninstallers be ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-45736 (Insecure inherited permissions in Intel(R) Power Gadget software for W ...) NOT-FOR-US: Intel CVE-2023-45320 (Uncontrolled search path element in some Intel(R) VTune(TM) Profiler s ...) @@ -4933,7 +4933,7 @@ CVE-2023-41092 (Unchecked return value in SDM firmware for Intel(R) Stratix 10 a CVE-2023-41082 (Null pointer dereference for some Intel(R) CST software before version ...) NOT-FOR-US: Intel CVE-2023-40536 (Race condition for some some Intel(R) PROSet/Wireless WiFi software fo ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-40155 (Uncontrolled search path for some Intel(R) CST software before version ...) NOT-FOR-US: Intel CVE-2023-40071 (Improper access control in some Intel(R) GPA software installers befor ...) @@ -4947,7 +4947,7 @@ CVE-2023-39433 (Improper access control for some Intel(R) CST software before ve CVE-2023-39163 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: WordPress plugin CVE-2023-38654 (Improper input validation for some some Intel(R) PROSet/Wireless WiFi ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-38581 (Buffer overflow in Intel(R) Power Gadget software for Windows all vers ...) NOT-FOR-US: Intel CVE-2023-38420 (Improper conditions check in Intel(R) Power Gadget software for macOS ...) @@ -5239,7 +5239,7 @@ CVE-2024-35185 (Minder is a software supply chain security platform. Prior to ve CVE-2024-35184 (Paperless-ngx is a document management system that transforms physical ...) NOT-FOR-US: Paperless-ngx CVE-2024-35183 (wolfictl is a command line tool for working with Wolfi. A git authenti ...) - TODO: check + NOT-FOR-US: wolfictl CVE-2024-35176 (REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a den ...) - ruby3.2 <unfixed> (bug #1071627) - ruby3.1 <unfixed> (bug #1071626) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/235c5fb0e757931d462004138c30b77b02e81e0b -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/235c5fb0e757931d462004138c30b77b02e81e0b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits