Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: e30d0302 by Moritz Muehlenhoff at 2024-05-29T11:29:48+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -15,11 +15,11 @@ CVE-2024-3937 (The Playlist for Youtube WordPress plugin through 1.32 does not s CVE-2024-3921 (The Gianism WordPress plugin through 5.1.0 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2024-3050 (The Site Reviews WordPress plugin before 7.0.0 retrieves client IP add ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-36112 (Nautobot is a Network Source of Truth and Network Automation Platform. ...) - TODO: check + NOT-FOR-US: Nautobot CVE-2024-35548 (A SQL injection vulnerability in Mybatis plus versions below 3.5.6 all ...) - TODO: check + NOT-FOR-US: Mybatis CVE-2024-35511 (phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injec ...) NOT-FOR-US: phpgurukul Men Salon Management System CVE-2024-35240 (Umbraco Commerce is an open source dotnet ecommerce solution. In affec ...) @@ -29,17 +29,17 @@ CVE-2024-35239 (Umbraco Commerce is an open source dotnet web forms solution. In CVE-2024-35226 (Smarty is a template engine for PHP, facilitating the separation of pr ...) TODO: check CVE-2024-23580 (HCL DRYiCE Optibot Reset Station is impacted byinsecure encryption of ...) - TODO: check + NOT-FOR-US: HCL CVE-2024-23579 (HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of ...) - TODO: check + NOT-FOR-US: HCL CVE-2024-22641 (TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Express ...) TODO: check CVE-2024-21512 (Versions of the package mysql2 before 3.9.8 are vulnerable to Prototyp ...) - TODO: check + NOT-FOR-US: Node mysql2 CVE-2024-0434 (The WordPress Tour & Travel Booking Plugin for WooCommerce \u2013 WpTr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6743 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-36015 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux <unfixed> NOTE: https://git.kernel.org/linus/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e (6.10-rc1) @@ -74,13 +74,13 @@ CVE-2024-36472 (In GNOME Shell through 45.7, a portal helper can be launched aut - gnome-shell <unfixed> (bug #1072124) NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688 CVE-2024-36110 (ansibleguy-webui is an open source WebUI for using Ansible. Multiple f ...) - TODO: check + NOT-FOR-US: ansibleguy-webui CVE-2024-36109 (CoCalc is web-based software that enables collaboration in research, t ...) - TODO: check + NOT-FOR-US: CoCalc CVE-2024-36107 (MinIO is a High Performance Object Storage released under GNU Affero G ...) - minio <itp> (bug #859207) CVE-2024-35621 (A cross-site scripting (XSS) vulnerability in the Edit function of For ...) - TODO: check + NOT-FOR-US: Formwork CVE-2024-35583 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) NOT-FOR-US: Sourcecodester Laboratory Management System CVE-2024-35582 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) @@ -88,7 +88,7 @@ CVE-2024-35582 (A cross-site scripting (XSS) vulnerability in Sourcecodester Lab CVE-2024-35581 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) NOT-FOR-US: Sourcecodester Laboratory Management System CVE-2024-35563 (CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL ...) - TODO: check + NOT-FOR-US: CDG-Server CVE-2024-35510 (An arbitrary file upload vulnerability in /dede/file_manage_control.ph ...) NOT-FOR-US: DedeCMS CVE-2024-35403 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...) @@ -144,13 +144,13 @@ CVE-2024-33450 (SQL Injection in Finereport v.8.0 allows a remote attacker to ob CVE-2024-33402 (A SQL injection vulnerability in /model/approve_petty_cash.php in camp ...) NOT-FOR-US: campcodes Complete Web-Based School Management System CVE-2024-30212 (If a SCSI READ(10) command is initiated via USB using the largest LBA ...) - TODO: check + NOT-FOR-US: Microchip MPLAB CVE-2024-30165 (Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that ...) NOT-FOR-US: Amazon AWS Client VPN CVE-2024-30164 (Amazon AWS Client VPN has a buffer overflow that could potentially all ...) NOT-FOR-US: Amazon AWS Client VPN CVE-2024-2451 (Improper fingerprint validation in the TeamViewer Client (Full & Host) ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2024-2199 (A denial of service vulnerability was found in 389-ds-base ldap server ...) TODO: check CVE-2024-29072 (A privilege escalation vulnerability exists in the Foxit Reader 2024.2 ...) @@ -160,7 +160,7 @@ CVE-2024-28061 (An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypa CVE-2024-28060 (An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijackin ...) NOT-FOR-US: Apiris Kafeo CVE-2024-26024 (SUBNET Solutions Inc. has identified vulnerabilities in third-party co ...) - TODO: check + NOT-FOR-US: SUBNET Substation Server CVE-2024-24963 (A stack-based buffer overflow vulnerability exists in the Programming ...) NOT-FOR-US: AutomationDirect CVE-2024-24962 (A stack-based buffer overflow vulnerability exists in the Programming ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e30d030287f7102a19f75c42f578523a42bde16e -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e30d030287f7102a19f75c42f578523a42bde16e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits