Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
08f91f7f by security tracker role at 2024-06-07T20:12:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2024-5761
+ REJECTED
+CVE-2024-5745 (A vulnerability was found in itsourcecode Bakery Online
Ordering Syste ...)
+ TODO: check
+CVE-2024-5734 (A vulnerability classified as critical has been found in
itsourcecode ...)
+ TODO: check
+CVE-2024-5733 (A vulnerability was found in itsourcecode Online Discussion
Forum 1.0. ...)
+ TODO: check
+CVE-2024-5732 (A vulnerability was found in Clash up to 0.20.1 on Windows. It
has bee ...)
+ TODO: check
+CVE-2024-5645 (The Envo Extra plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-5637 (The Market Exporter plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2024-5599 (The FileOrganizer \u2013 Manage WordPress and Website Files
plugin for ...)
+ TODO: check
+CVE-2024-5542 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle,
Conditio ...)
+ TODO: check
+CVE-2024-5481 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery
plugin ...)
+ TODO: check
+CVE-2024-5438 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
+ TODO: check
+CVE-2024-5426 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery
plugin ...)
+ TODO: check
+CVE-2024-5382 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle,
Conditio ...)
+ TODO: check
+CVE-2024-4610 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel
Driver, Arm ...)
+ TODO: check
+CVE-2024-4152
+ REJECTED
+CVE-2024-3380
+ REJECTED
+CVE-2024-3133
+ REJECTED
+CVE-2024-37388 (An XML External Entity (XXE) vulnerability in the
ebookmeta.get_metada ...)
+ TODO: check
+CVE-2024-37163 (SkyScrape is a GUI Dashboard for AWS Infrastructure and
Managing Resou ...)
+ TODO: check
+CVE-2024-37162 (zsa is a library for building typesafe server actions in
Next.js. All ...)
+ TODO: check
+CVE-2024-37160 (Formwork is a flat file-based Content Management System (CMS).
An atta ...)
+ TODO: check
+CVE-2024-36827 (An XML External Entity (XXE) vulnerability in the
ebookmeta.get_metada ...)
+ TODO: check
+CVE-2024-36811 (An arbitrary file upload vulnerability in the image upload
function of ...)
+ TODO: check
+CVE-2024-36792 (An issue in the implementation of the WPS in Netgear WNR614
JNR1010V2/ ...)
+ TODO: check
+CVE-2024-36790 (Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered
to store ...)
+ TODO: check
+CVE-2024-36789 (An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1
allows attac ...)
+ TODO: check
+CVE-2024-36788 (Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not
properly set th ...)
+ TODO: check
+CVE-2024-36787 (An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1
allows attac ...)
+ TODO: check
+CVE-2024-36773 (A cross-site scripting (XSS) vulnerability in Monstra CMS
v3.0.4 allow ...)
+ TODO: check
+CVE-2024-36673 (Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0
is vuln ...)
+ TODO: check
+CVE-2024-32503 (An issue was discovered in Samsung Mobile Processor and
Wearable Proce ...)
+ TODO: check
+CVE-2024-32502 (An issue was discovered in Samsung Mobile Processor and
Wearable Proce ...)
+ TODO: check
+CVE-2024-31959 (An issue was discovered in Samsung Mobile Processor Exynos
2200, Exyno ...)
+ TODO: check
+CVE-2024-31958 (An issue was discovered in Samsung Mobile Processor EExynos
2200, Exyn ...)
+ TODO: check
+CVE-2024-31878 (IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is
vulnerable ...)
+ TODO: check
+CVE-2024-30163 (Invision Community before 4.7.16 allow SQL injection via the
applicati ...)
+ TODO: check
+CVE-2024-30162 (Invision Community through 4.7.16 allows remote code execution
via the ...)
+ TODO: check
+CVE-2024-23595
+ REJECTED
+CVE-2023-6997
+ REJECTED
+CVE-2023-5424 (The WS Form LITE plugin for WordPress is vulnerable to CSV
Injection i ...)
+ TODO: check
+CVE-2023-49222 (Precor touchscreen console P82 contains a private SSH key that
corresp ...)
+ TODO: check
+CVE-2023-49221 (Precor touchscreen console P62, P80, and P82 could allow a
remote atta ...)
+ TODO: check
CVE-2024-23445
- elasticsearch <removed>
CVE-2024-37279
@@ -193,7 +277,8 @@ CVE-2024-5186 (A Server-Side Request Forgery (SSRF)
vulnerability exists in the
NOT-FOR-US: privategpt
CVE-2024-5133 (In lunary-ai/lunary version 1.2.4, an account takeover
vulnerability e ...)
NOT-FOR-US: lunary-ai/lunary
-CVE-2024-5132 (In lunary-ai/lunary version 1.2.2, a business logic error
allows users ...)
+CVE-2024-5132
+ REJECTED
NOT-FOR-US: lunary-ai/lunary
CVE-2024-5131 (An Improper Access Control vulnerability exists in the
lunary-ai/lunar ...)
NOT-FOR-US: lunary-ai/lunary
@@ -3501,7 +3586,8 @@ CVE-2024-4262 (The Piotnet Addons For Elementor plugin
for WordPress is vulnerab
NOT-FOR-US: WordPress plugin
CVE-2024-4261 (The Responsive Contact Form Builder & Lead Generation Plugin
plugin fo ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-4153 (A vulnerability in lunary-ai/lunary version 1.2.2 allows
attackers to ...)
+CVE-2024-4153
+ REJECTED
NOT-FOR-US: lunary-ai/lunary
CVE-2024-3926 (The Element Pack Elementor Addons (Header Footer, Template
Library, Dy ...)
NOT-FOR-US: WordPress plugin
@@ -19035,7 +19121,8 @@ CVE-2024-1738 (An incorrect authorization vulnerability
exists in the lunary-ai/
NOT-FOR-US: lunary-ai/lunary
CVE-2024-1666 (In lunary-ai/lunary version 1.0.0, an authorization flaw exists
that a ...)
NOT-FOR-US: lunary-ai/lunary
-CVE-2024-1665 (lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized
evaluatio ...)
+CVE-2024-1665
+ REJECTED
NOT-FOR-US: lunary-ai/lunary
CVE-2024-1646 (parisneo/lollms-webui is vulnerable to authentication bypass
due to in ...)
NOT-FOR-US: lollms-webui
@@ -20364,7 +20451,8 @@ CVE-2024-1602 (parisneo/lollms-webui is vulnerable to
stored Cross-Site Scriptin
NOT-FOR-US: parisneo/lollms-webui
CVE-2024-1600 (A Local File Inclusion (LFI) vulnerability exists in the
parisneo/loll ...)
NOT-FOR-US: parisneo/lollms-webui
-CVE-2024-1599 (lunary-ai/lunary version 0.3.0 is vulnerable to unauthorized
project c ...)
+CVE-2024-1599
+ REJECTED
NOT-FOR-US: lunary-ai/lunary
CVE-2024-1520 (An OS Command Injection vulnerability exists in the
'/open_code_folder ...)
NOT-FOR-US: parisneo/lollms-webui
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08f91f7f61c93fb36b1557b7cedc2270dc4fd674
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08f91f7f61c93fb36b1557b7cedc2270dc4fd674
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
