Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 08f91f7f by security tracker role at 2024-06-07T20:12:37+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,87 @@ +CVE-2024-5761 + REJECTED +CVE-2024-5745 (A vulnerability was found in itsourcecode Bakery Online Ordering Syste ...) + TODO: check +CVE-2024-5734 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-5733 (A vulnerability was found in itsourcecode Online Discussion Forum 1.0. ...) + TODO: check +CVE-2024-5732 (A vulnerability was found in Clash up to 0.20.1 on Windows. It has bee ...) + TODO: check +CVE-2024-5645 (The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-5637 (The Market Exporter plugin for WordPress is vulnerable to unauthorized ...) + TODO: check +CVE-2024-5599 (The FileOrganizer \u2013 Manage WordPress and Website Files plugin for ...) + TODO: check +CVE-2024-5542 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...) + TODO: check +CVE-2024-5481 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...) + TODO: check +CVE-2024-5438 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) + TODO: check +CVE-2024-5426 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...) + TODO: check +CVE-2024-5382 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...) + TODO: check +CVE-2024-4610 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...) + TODO: check +CVE-2024-4152 + REJECTED +CVE-2024-3380 + REJECTED +CVE-2024-3133 + REJECTED +CVE-2024-37388 (An XML External Entity (XXE) vulnerability in the ebookmeta.get_metada ...) + TODO: check +CVE-2024-37163 (SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resou ...) + TODO: check +CVE-2024-37162 (zsa is a library for building typesafe server actions in Next.js. All ...) + TODO: check +CVE-2024-37160 (Formwork is a flat file-based Content Management System (CMS). An atta ...) + TODO: check +CVE-2024-36827 (An XML External Entity (XXE) vulnerability in the ebookmeta.get_metada ...) + TODO: check +CVE-2024-36811 (An arbitrary file upload vulnerability in the image upload function of ...) + TODO: check +CVE-2024-36792 (An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/ ...) + TODO: check +CVE-2024-36790 (Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store ...) + TODO: check +CVE-2024-36789 (An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attac ...) + TODO: check +CVE-2024-36788 (Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set th ...) + TODO: check +CVE-2024-36787 (An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attac ...) + TODO: check +CVE-2024-36773 (A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allow ...) + TODO: check +CVE-2024-36673 (Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vuln ...) + TODO: check +CVE-2024-32503 (An issue was discovered in Samsung Mobile Processor and Wearable Proce ...) + TODO: check +CVE-2024-32502 (An issue was discovered in Samsung Mobile Processor and Wearable Proce ...) + TODO: check +CVE-2024-31959 (An issue was discovered in Samsung Mobile Processor Exynos 2200, Exyno ...) + TODO: check +CVE-2024-31958 (An issue was discovered in Samsung Mobile Processor EExynos 2200, Exyn ...) + TODO: check +CVE-2024-31878 (IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable ...) + TODO: check +CVE-2024-30163 (Invision Community before 4.7.16 allow SQL injection via the applicati ...) + TODO: check +CVE-2024-30162 (Invision Community through 4.7.16 allows remote code execution via the ...) + TODO: check +CVE-2024-23595 + REJECTED +CVE-2023-6997 + REJECTED +CVE-2023-5424 (The WS Form LITE plugin for WordPress is vulnerable to CSV Injection i ...) + TODO: check +CVE-2023-49222 (Precor touchscreen console P82 contains a private SSH key that corresp ...) + TODO: check +CVE-2023-49221 (Precor touchscreen console P62, P80, and P82 could allow a remote atta ...) + TODO: check CVE-2024-23445 - elasticsearch <removed> CVE-2024-37279 @@ -193,7 +277,8 @@ CVE-2024-5186 (A Server-Side Request Forgery (SSRF) vulnerability exists in the NOT-FOR-US: privategpt CVE-2024-5133 (In lunary-ai/lunary version 1.2.4, an account takeover vulnerability e ...) NOT-FOR-US: lunary-ai/lunary -CVE-2024-5132 (In lunary-ai/lunary version 1.2.2, a business logic error allows users ...) +CVE-2024-5132 + REJECTED NOT-FOR-US: lunary-ai/lunary CVE-2024-5131 (An Improper Access Control vulnerability exists in the lunary-ai/lunar ...) NOT-FOR-US: lunary-ai/lunary @@ -3501,7 +3586,8 @@ CVE-2024-4262 (The Piotnet Addons For Elementor plugin for WordPress is vulnerab NOT-FOR-US: WordPress plugin CVE-2024-4261 (The Responsive Contact Form Builder & Lead Generation Plugin plugin fo ...) NOT-FOR-US: WordPress plugin -CVE-2024-4153 (A vulnerability in lunary-ai/lunary version 1.2.2 allows attackers to ...) +CVE-2024-4153 + REJECTED NOT-FOR-US: lunary-ai/lunary CVE-2024-3926 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) NOT-FOR-US: WordPress plugin @@ -19035,7 +19121,8 @@ CVE-2024-1738 (An incorrect authorization vulnerability exists in the lunary-ai/ NOT-FOR-US: lunary-ai/lunary CVE-2024-1666 (In lunary-ai/lunary version 1.0.0, an authorization flaw exists that a ...) NOT-FOR-US: lunary-ai/lunary -CVE-2024-1665 (lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluatio ...) +CVE-2024-1665 + REJECTED NOT-FOR-US: lunary-ai/lunary CVE-2024-1646 (parisneo/lollms-webui is vulnerable to authentication bypass due to in ...) NOT-FOR-US: lollms-webui @@ -20364,7 +20451,8 @@ CVE-2024-1602 (parisneo/lollms-webui is vulnerable to stored Cross-Site Scriptin NOT-FOR-US: parisneo/lollms-webui CVE-2024-1600 (A Local File Inclusion (LFI) vulnerability exists in the parisneo/loll ...) NOT-FOR-US: parisneo/lollms-webui -CVE-2024-1599 (lunary-ai/lunary version 0.3.0 is vulnerable to unauthorized project c ...) +CVE-2024-1599 + REJECTED NOT-FOR-US: lunary-ai/lunary CVE-2024-1520 (An OS Command Injection vulnerability exists in the '/open_code_folder ...) NOT-FOR-US: parisneo/lollms-webui View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08f91f7f61c93fb36b1557b7cedc2270dc4fd674 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08f91f7f61c93fb36b1557b7cedc2270dc4fd674 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits