Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0d182553 by Salvatore Bonaccorso at 2024-06-01T17:16:33+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -39,9 +39,9 @@ CVE-2024-34002 (In a shared hosting environment that has been misconfigured to a CVE-2024-34001 (Actions in the admin preset tool did not include the necessary token t ...) - moodle <removed> CVE-2024-2933 (The Page Builder Gutenberg Blocks \u2013 CoBlocks plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2506 (The Popup Builder \u2013 Create highly converting, mobile friendly mar ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2295 (The Contact Form Manager plugin for WordPress is vulnerable to Stored ...) TODO: check CVE-2024-1324 (The QQWorld Auto Save Images plugin for WordPress is vulnerable to una ...) @@ -84,7 +84,7 @@ CVE-2024-36120 (javascript-deobfuscator removes common JavaScript obfuscation te CVE-2024-36108 (casgate is an Open Source Identity and Access Management system. In af ...) TODO: check CVE-2024-35196 (Sentry is a developer-first error tracking and performance monitoring ...) - TODO: check + NOT-FOR-US: Sentry CVE-2024-35142 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a ...) NOT-FOR-US: IBM CVE-2024-35140 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a ...) @@ -108,29 +108,29 @@ CVE-2024-31889 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross- CVE-2024-31030 (An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote ...) TODO: check CVE-2024-29848 (An unrestricted file upload vulnerability in web component of Ivanti A ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-29846 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-29830 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-29829 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-29828 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-29827 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-29826 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-29825 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-29824 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-29823 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-29822 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-28736 (An issue in Debezium Community debezium-ui v.2.5 allows a local attack ...) - TODO: check + NOT-FOR-US: Debezium Community debezium-ui CVE-2024-23692 (Rejetto HTTP File Server, up to and including version 2.3m, is vulnera ...) TODO: check CVE-2024-23316 (HTTP request desynchronization in Ping Identity PingAccess, all versio ...) @@ -186,9 +186,9 @@ CVE-2024-36246 (Missing authorization vulnerability exists in Unifier and Unifie CVE-2024-36119 (Statamic is a, Laravel + Git powered CMS designed for building website ...) TODO: check CVE-2024-32850 (Improper neutralization of special elements used in a command ('Comman ...) - TODO: check + NOT-FOR-US: SkyBridge CVE-2024-2793 (The Visual Website Collaboration, Feedback & Project Management \u2013 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-23847 (Incorrect default permissions issue exists in Unifier and Unifier Cast ...) TODO: check CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where an Atta ...) @@ -269,9 +269,9 @@ CVE-2024-3584 (qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal d CVE-2024-3583 (The Simple Like Page Plugin plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-3301 (An unsafe .NET object deserialization vulnerability in DELMIA Apriso R ...) - TODO: check + NOT-FOR-US: DELMIA Apriso CVE-2024-3300 (An unsafe .NET object deserialization vulnerability in DELMIA Apriso R ...) - TODO: check + NOT-FOR-US: DELMIA Apriso CVE-2024-36118 (MeterSphere is a test management and interface testing tool. In affect ...) NOT-FOR-US: MeterSphere CVE-2024-35504 (A cross-site scripting (XSS) vulnerability in the login page of FineSo ...) @@ -317,17 +317,17 @@ CVE-2024-35349 (A vulnerability has been discovered in Di\xf1o Physics School As CVE-2024-35345 (A vulnerability has been discovered in Di\xf1o Physics School Assistan ...) NOT-FOR-US: Dino Physics School Assistant CVE-2024-35228 (Wagtail is an open source content management system built on Django. D ...) - TODO: check + NOT-FOR-US: Wagtail CVE-2024-35189 (Fides is an open-source privacy engineering platform. The Fides webser ...) - TODO: check + NOT-FOR-US: Fides CVE-2024-34171 (Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer o ...) - TODO: check + NOT-FOR-US: Fuji Electric Monitouch V-SFT CVE-2024-32877 (Yii 2 is a PHP application framework. During internal penetration test ...) TODO: check CVE-2024-32029 REJECTED CVE-2024-2657 (The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2422 (LenelS2 NetBox access control and event monitoring system was discover ...) TODO: check CVE-2024-2421 (LenelS2 NetBox access control and event monitoring system was discover ...) @@ -769,7 +769,7 @@ CVE-2024-36267 (Path traversal vulnerability exists in Redmine DMSF Plugin versi CVE-2024-36114 (Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zst ...) TODO: check CVE-2024-35221 (Rubygems.org is the Ruby community's gem hosting service. A Gem publis ...) - TODO: check + NOT-FOR-US: Rubygems.org gem hosting service CVE-2024-2253 (The Testimonial Carousel For Elementor plugin for WordPress is vulnera ...) NOT-FOR-US: WordPress plugin CVE-2024-5185 (The EmbedAI application is susceptible to security issues that enable ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d182553e2b13640d44ba0e25d45aed507b9a1c9 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d182553e2b13640d44ba0e25d45aed507b9a1c9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits