[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 817d4e1d by security tracker role at 2024-07-29T20:12:39+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,455 +1,545 @@ -CVE-2024-42098 [crypto: ecdh - explicitly zeroize private_key] +CVE-2024-7200 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-7199 (A vulnerability classified as critical was found in SourceCodester Com ...) + TODO: check +CVE-2024-7198 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-7197 (A vulnerability was found in SourceCodester Complaints Report Manageme ...) + TODO: check +CVE-2024-7196 (A vulnerability was found in SourceCodester Complaints Report Manageme ...) + TODO: check +CVE-2024-7195 (A vulnerability was found in itsourcecode Society Management System 1. ...) + TODO: check +CVE-2024-7194 (A vulnerability was found in itsourcecode Society Management System 1. ...) + TODO: check +CVE-2024-7193 (A vulnerability has been found in Mp3tag up to 3.26d and classified as ...) + TODO: check +CVE-2024-7192 (A vulnerability, which was classified as critical, was found in itsour ...) + TODO: check +CVE-2024-7191 (A vulnerability, which was classified as critical, has been found in i ...) + TODO: check +CVE-2024-6984 (An issue was discovered in Juju that resulted in the leak of the sensi ...) + TODO: check +CVE-2024-6881 (Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authe ...) + TODO: check +CVE-2024-6761 + REJECTED +CVE-2024-6748 (Zohocorp ManageEngineOpManager, OpManager Plus, OpManager MSP and RMM ...) + TODO: check +CVE-2024-6727 (A flaw in versions of Delphix Data Control Tower (DCT) prior to 19.0.0 ...) + TODO: check +CVE-2024-6726 (Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw wh ...) + TODO: check +CVE-2024-6578 (A stored cross-site scripting (XSS) vulnerability exists in aimhubio/a ...) + TODO: check +CVE-2024-6576 (Improper Authentication vulnerability in Progress MOVEit Transfer (SFT ...) + TODO: check +CVE-2024-6124 (Reflected XSS in M-Files Hubshare before version 5.0.6.0 allowsan atta ...) + TODO: check +CVE-2024-4848 + REJECTED +CVE-2024-41881 (SDoP versions prior to 1.11 fails to handle appropriately some paramet ...) + TODO: check +CVE-2024-41819 (Note Mark is a web-based Markdown notes app. A stored cross-site scrip ...) + TODO: check +CVE-2024-41818 (fast-xml-parser is an open source, pure javascript xml parser. a ReDOS ...) + TODO: check +CVE-2024-41817 (ImageMagick is a free and open-source software suite, used for editing ...) + TODO: check +CVE-2024-41810 (Twisted is an event-based framework for internet applications, support ...) + TODO: check +CVE-2024-41799 (tgstation-server is a production scale tool for BYOND server managemen ...) + TODO: check +CVE-2024-41726 (Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 ...) + TODO: check +CVE-2024-41676 (Magento-lts is a long-term support alternative to Magento Community Ed ...) + TODO: check +CVE-2024-41671 (Twisted is an event-based framework for internet applications, support ...) + TODO: check +CVE-2024-41640 (Cross Site Scripting (XSS) vulnerability in AML Surety Eco up to 3.5 a ...) + TODO: check +CVE-2024-41631 (Buffer Overflow vulnerability in host-host NEUQ_board v.1.0 allows a r ...) + TODO: check +CVE-2024-41624 (Incorrect access control in Himalaya Xiaoya nano smart speaker rom_ver ...) + TODO: check +CVE-2024-41143 (Origin validation error vulnerability exists in SKYSEA Client View Ver ...) + TODO: check +CVE-2024-41139 (Incorrect privilege assignment vulnerability exists in SKYSEA Client V ...) + TODO: check +CVE-2024-40576 (Cross Site Scripting vulnerability in Best House Rental Management Sys ...) + TODO: check +CVE-2024-38529 (Admidio is a free, open source user management system for websites of ...) + TODO: check +CVE-2024-37906 (Admidio is a free, open source user management system for websites of ...) + TODO: check +CVE-2024-37859 (Cross Site Scripting vulnerability in Lost and Found Information Syste ...) + TODO: check +CVE-2024-37858 (SQL Injection vulnerability in Lost and Found Information System 1.0 a ...) + TODO: check +CVE-2024-37857 (SQL Injection vulnerability in Lost and Found Information System 1.0 a ...) + TODO: check +CVE-2024-37856 (Cross Site Scripting vulnerability in Lost and Found Information Syste ...) + TODO: check +CVE-2024-33365 (Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7cf2ac1d by security tracker role at 2024-07-29T08:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,24 +1,92 @@ -CVE-2024-41019 [fs/ntfs3: Validate ff offset] +CVE-2024-7202 (The query functionality of WinMatrix3 Web package from Simopro Technol ...) + TODO: check +CVE-2024-7201 (The login functionality of WinMatrix3 Web package from Simopro Technol ...) + TODO: check +CVE-2024-7190 (A vulnerability classified as critical was found in itsourcecode Socie ...) + TODO: check +CVE-2024-7189 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-7188 (A vulnerability was found in Bylancer Quicklancer 2.4. It has been rat ...) + TODO: check +CVE-2024-7187 (A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. I ...) + TODO: check +CVE-2024-7186 (A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. I ...) + TODO: check +CVE-2024-7185 (A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 an ...) + TODO: check +CVE-2024-7184 (A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B202011 ...) + TODO: check +CVE-2024-7183 (A vulnerability, which was classified as critical, was found in TOTOLI ...) + TODO: check +CVE-2024-7182 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-7181 (A vulnerability classified as critical was found in TOTOLINK A3600R 4. ...) + TODO: check +CVE-2024-7180 (A vulnerability classified as critical has been found in TOTOLINK A360 ...) + TODO: check +CVE-2024-7179 (A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. I ...) + TODO: check +CVE-2024-7178 (A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. I ...) + TODO: check +CVE-2024-7177 (A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. I ...) + TODO: check +CVE-2024-7176 (A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 an ...) + TODO: check +CVE-2024-7175 (A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B202011 ...) + TODO: check +CVE-2024-7174 (A vulnerability, which was classified as critical, was found in TOTOLI ...) + TODO: check +CVE-2024-7173 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-7172 (A vulnerability classified as critical was found in TOTOLINK A3600R 4. ...) + TODO: check +CVE-2024-7171 (A vulnerability classified as critical has been found in TOTOLINK A360 ...) + TODO: check +CVE-2024-7170 (A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been r ...) + TODO: check +CVE-2024-6487 (The Inline Related Posts WordPress plugin before 3.8.0 does not saniti ...) + TODO: check +CVE-2024-6366 (The User Profile Builder WordPress plugin before 3.11.8 does not have ...) + TODO: check +CVE-2024-6362 (The Ultimate Blocks WordPress plugin before 3.2.0 does not validate a ...) + TODO: check +CVE-2024-5883 (The Ultimate Classified Listings WordPress plugin before 1.3 does not ...) + TODO: check +CVE-2024-5882 (The Ultimate Classified Listings WordPress plugin before 1.3 does not ...) + TODO: check +CVE-2024-5670 (The web services of Softnext's products, Mail SQR Expert and Mail Arch ...) + TODO: check +CVE-2024-5285 (The wp-affiliate-platform WordPress plugin before 6.5.2 does not have ...) + TODO: check +CVE-2024-4483 (The Email Encoder WordPress plugin before 2.2.2 does not escape the W ...) + TODO: check +CVE-2024-41637 (RaspAP before 3.1.5 allows an attacker to escalate privileges: the www ...) + TODO: check +CVE-2024-37381 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-32671 (Heap-based Buffer Overflow vulnerability in Samsung Open Source Escarg ...) + TODO: check +CVE-2024-41019 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.9.12-1 NOTE: https://git.kernel.org/linus/50c47879650b4c97836a0086632b3a2e300b0f06 (6.11-rc1) -CVE-2024-41018 [fs/ntfs3: Add a check for attr_names and oatbl] +CVE-2024-41018 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.9.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/702d4930eb06dcfda85a2fa67e8a1a27bfa2a845 (6.11-rc1) -CVE-2024-41017 [jfs: don't walk off the end of ealist] +CVE-2024-41017 (In the Linux kernel, the following vulnerability has been resolved: j
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
275405b0 by security tracker role at 2024-07-28T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,35 @@
+CVE-2024-7169 (A vulnerability classified as problematic has been found in
SourceCode ...)
+ TODO: check
+CVE-2024-7168 (A vulnerability was found in SourceCodester School Fees Payment
System ...)
+ TODO: check
+CVE-2024-7167 (A vulnerability was found in SourceCodester School Fees Payment
System ...)
+ TODO: check
+CVE-2024-7166 (A vulnerability was found in SourceCodester School Fees Payment
System ...)
+ TODO: check
+CVE-2024-7165 (A vulnerability was found in SourceCodester School Fees Payment
System ...)
+ TODO: check
+CVE-2024-7164 (A vulnerability has been found in SourceCodester School Fees
Payment S ...)
+ TODO: check
+CVE-2024-7163 (A vulnerability, which was classified as problematic, was found
in Sea ...)
+ TODO: check
+CVE-2024-7162 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-7161 (A vulnerability classified as problematic was found in SeaCMS
13.0. Af ...)
+ TODO: check
+CVE-2024-7160 (A vulnerability classified as critical has been found in
TOTOLINK A370 ...)
+ TODO: check
+CVE-2024-7159 (A vulnerability was found in TOTOLINK A3600R
4.1.2cu.5182_B20201102. I ...)
+ TODO: check
+CVE-2024-7158 (A vulnerability was found in TOTOLINK A3100R
4.1.2cu.5050_B20200504. I ...)
+ TODO: check
+CVE-2024-7157 (A vulnerability was found in TOTOLINK A3100R
4.1.2cu.5050_B20200504. I ...)
+ TODO: check
+CVE-2024-7156 (A vulnerability was found in TOTOLINK A3700R
9.1.2u.5822_B20200513 and ...)
+ TODO: check
+CVE-2024-7155 (A vulnerability has been found in TOTOLINK A3300R
17.0.0cu.557_B202210 ...)
+ TODO: check
+CVE-2024-7154 (A vulnerability, which was classified as problematic, was found
in TOT ...)
+ TODO: check
CVE-2024- [SPRT dissector crash]
- wireshark 4.2.6-1
[bookworm] - wireshark (Minor issue)
@@ -5777,6 +5809,7 @@ CVE-2024-32853 (Dell PowerScale OneFS versions 8.2.2.x
through 9.7.0.2 contain a
CVE-2024-32852 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain
use of ...)
NOT-FOR-US: Dell
CVE-2024-32230 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a
negative-size- ...)
+ {DSA-5721-1 DSA-5712-1}
- ffmpeg
NOTE: https://trac.ffmpeg.org/ticket/10952
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/275405b0115b6963e48df305e59f83cfc95d1cd7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/275405b0115b6963e48df305e59f83cfc95d1cd7
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 917f8b88 by security tracker role at 2024-07-28T08:11:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2024-7153 (A vulnerability classified as problematic has been found in Netgear WN ...) + TODO: check +CVE-2024-7152 (A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been rate ...) + TODO: check +CVE-2024-42055 (Cervantes through 0.5-alpha allows stored XSS.) + TODO: check +CVE-2024-42054 (Cervantes through 0.5-alpha accepts insecure file uploads.) + TODO: check +CVE-2024-42053 (The MSI installer for Splashtop Streamer for Windows before 3.6.0.0 us ...) + TODO: check +CVE-2024-42052 (The MSI installer for Splashtop Streamer for Windows before 3.5.8.0 us ...) + TODO: check +CVE-2024-42051 (The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 us ...) + TODO: check +CVE-2024-42050 (The MSI installer for Splashtop Streamer for Windows before 3.7.0.0 us ...) + TODO: check +CVE-2024-42049 (TightVNC (Server for Windows) before 2.8.84 allows attackers to connec ...) + TODO: check CVE-2024-7151 (A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been decl ...) NOT-FOR-US: Tenda CVE-2024-6897 (The aThemes Starter Sites plugin for WordPress is vulnerable to Stored ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/917f8b88d6d59a5f1370aa3332aaea38ca5fda1a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/917f8b88d6d59a5f1370aa3332aaea38ca5fda1a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 850f068d by security tracker role at 2024-07-27T20:11:47+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,23 @@ +CVE-2024-7151 (A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been decl ...) + TODO: check +CVE-2024-6897 (The aThemes Starter Sites plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-6703 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-6627 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-6569 (The Campaign Monitor for WordPress plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-6521 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-6520 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-6518 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-6458 (The WooCommerce Product Table Lite plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-5614 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...) + TODO: check CVE-2024-6661 (The ParityPress \u2013 Parity Pricing with Discount Rules plugin for W ...) NOT-FOR-US: WordPress plugin CVE-2024-6634 (The Master Currency WP plugin for WordPress is vulnerable to Stored Cr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/850f068d108d4211e4658de0167fdabc7eecdf48 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/850f068d108d4211e4658de0167fdabc7eecdf48 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b0d770c4 by security tracker role at 2024-07-27T08:12:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,59 @@ +CVE-2024-6661 (The ParityPress \u2013 Parity Pricing with Discount Rules plugin for W ...) + TODO: check +CVE-2024-6634 (The Master Currency WP plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-6591 (The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-6573 (The Intelligence plugin for WordPress is vulnerable to Full Path Discl ...) + TODO: check +CVE-2024-6566 (The Aramex Shipping WooCommerce plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-6549 (The Admin Post Navigation plugin for WordPress is vulnerable to Full P ...) + TODO: check +CVE-2024-6548 (The Add Admin JavaScript plugin for WordPress is vulnerable to Full Pa ...) + TODO: check +CVE-2024-6547 (The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disc ...) + TODO: check +CVE-2024-6546 (The One Click Close Comments plugin for WordPress is vulnerable to Ful ...) + TODO: check +CVE-2024-6545 (The Admin Trim Interface plugin for WordPress is vulnerable to Full Pa ...) + TODO: check +CVE-2024-6431 (The Media.net Ads Manager plugin for WordPress is vulnerable to arbitr ...) + TODO: check +CVE-2024-6152 (The Flipbox Builder plugin for WordPress is vulnerable to PHP Object I ...) + TODO: check +CVE-2024-5969 (The AIomatic - Automatic AI Content Writer for WordPress is vulnerable ...) + TODO: check +CVE-2024-4410 (The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-42029 (xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyp ...) + TODO: check +CVE-2024-41815 (Starship is a cross-shell prompt. Starting in version 1.0.0 and prior ...) + TODO: check +CVE-2024-41628 (Directory Traversal vulnerability in Severalnines Cluster Control 1.9. ...) + TODO: check +CVE-2024-41120 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-41119 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-41118 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-41117 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-41116 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-41115 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-41114 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-40433 (Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows a ...) + TODO: check +CVE-2024-37034 (An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 bef ...) + TODO: check +CVE-2024-1804 (The Tutor LMS \u2013 Migration Tool plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-1798 (The Tutor LMS \u2013 Migration Tool plugin for WordPress is vulnerable ...) + TODO: check CVE-2024-7128 (A flaw was found in the Openshift console. Several endpoints in the ap ...) NOT-FOR-US: Openshift CVE-2024-7062 (Nimble Commander suffers from a privilege escalation vulnerability due ...) @@ -375,7 +431,7 @@ CVE-2024-33519 (A vulnerability in the web-based management interface of HPE Aru NOT-FOR-US: HPE Aruba Networking EdgeConnect SD-WAN gateway CVE-2024-31977 (Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version ...) NOT-FOR-US: Adtran 834-5 -CVE-2024-31971 (Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran N ...) +CVE-2024-31971 (**UNSUPPORTED WHEN ASSIGNED** Multiple stored cross-site scripting (XS ...) NOT-FOR-US: AdTran NetVanta 3120 devices CVE-2024-31970 (AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixe ...) NOT-FOR-US: Adtran 834-5 devices @@ -38639,7 +38695,7 @@ CVE-2024-28131 (EasyRange Ver 1.41 contains an issue with the executable file se NOT-FOR-US: EasyRange CVE-2024-28126 (Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. ...) NOT-FOR-US: 0ch BBS Script -CVE-2024-28093 (The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is en ...) +CVE-2024-28093 (**UNSUPPORTED WHEN ASSIGNED** The TELNET service of AdTran NetVanta 31 ...) NOT-FOR-US: AdTran NetVanta devices CVE-2024-28048 (OS command injection vulnerability exists in ffBull ver.4.11, which ma
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5162cab5 by security tracker role at 2024-07-26T20:12:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,97 @@ +CVE-2024-7128 (A flaw was found in the Openshift console. Several endpoints in the ap ...) + TODO: check +CVE-2024-7062 (Nimble Commander suffers from a privilege escalation vulnerability due ...) + TODO: check +CVE-2024-7050 (Improper Authentication vulnerability in OpenText OpenText Directory S ...) + TODO: check +CVE-2024-6922 (Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Sid ...) + TODO: check +CVE-2024-4786 (An improper validation vulnerability was reported in the Lenovo Tab K1 ...) + TODO: check +CVE-2024-42007 (SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal ...) + TODO: check +CVE-2024-41813 (txtdot is an HTTP proxy that parses only text, links, and pictures fro ...) + TODO: check +CVE-2024-41812 (txtdot is an HTTP proxy that parses only text, links, and pictures fro ...) + TODO: check +CVE-2024-41807 + REJECTED +CVE-2024-41805 (Tracks, a Getting Things Done (GTD) web application, is vulnerable to ...) + TODO: check +CVE-2024-41692 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...) + TODO: check +CVE-2024-41691 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...) + TODO: check +CVE-2024-41690 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...) + TODO: check +CVE-2024-41689 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...) + TODO: check +CVE-2024-41688 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due la ...) + TODO: check +CVE-2024-41687 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...) + TODO: check +CVE-2024-41686 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...) + TODO: check +CVE-2024-41685 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...) + TODO: check +CVE-2024-41684 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...) + TODO: check +CVE-2024-41670 (In the module "PayPal Official" for PrestaShop 7+ releases prior to ve ...) + TODO: check +CVE-2024-41375 (ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/termi ...) + TODO: check +CVE-2024-41374 (ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/setti ...) + TODO: check +CVE-2024-41373 (ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-ve ...) + TODO: check +CVE-2024-41357 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin ...) + TODO: check +CVE-2024-41356 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\ ...) + TODO: check +CVE-2024-41355 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools ...) + TODO: check +CVE-2024-41354 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin ...) + TODO: check +CVE-2024-41353 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\ ...) + TODO: check +CVE-2024-41113 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-41112 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-40689 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...) + TODO: check +CVE-2024-40117 (Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- ...) + TODO: check +CVE-2024-40116 (An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was d ...) + TODO: check +CVE-2024-39304 (ChurchCRM is an open-source church management system. Versions of the ...) + TODO: check +CVE-2024-38872 (Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below a ...) + TODO: check +CVE-2024-38871 (Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below a ...) + TODO: check +CVE-2024-38512 (A privilege escalation vulnerability was discovered in XCC that could ...) + TODO: check +CVE-2024-38511 (A privilege escalation vulnerability was discovered in an upload proce ...) + TODO: check +CVE-2024-38510 (A privilege escalation vulnerability was discovered in the SSH captive ...) + TODO: check +CVE-2024-38509 (A privilege escalation vulnerability was discovered in XCC that could ...) + TODO: check +CVE-2024-38508 (A privilege escalation vulnerability was discovered in the web interfa ...) + TODO: check +CVE-2024-27358 (An issue was discovered in WithSecure
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2ca57aaa by security tracker role at 2024-07-26T08:11:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,45 @@
+CVE-2024-7120 (A vulnerability, which was classified as critical, was found in
Raisec ...)
+ TODO: check
+CVE-2024-7119 (A vulnerability, which was classified as critical, has been
found in M ...)
+ TODO: check
+CVE-2024-7118 (A vulnerability classified as critical was found in
MD-MAFUJUL-HASAN O ...)
+ TODO: check
+CVE-2024-7117 (A vulnerability classified as critical has been found in
MD-MAFUJUL-HA ...)
+ TODO: check
+CVE-2024-7116 (A vulnerability was found in MD-MAFUJUL-HASAN
Online-Payroll-Managemen ...)
+ TODO: check
+CVE-2024-7115 (A vulnerability was found in MD-MAFUJUL-HASAN
Online-Payroll-Managemen ...)
+ TODO: check
+CVE-2024-7114 (A vulnerability was found in Tianchoy Blog up to 1.8.8. It has
been cl ...)
+ TODO: check
+CVE-2024-7106 (A vulnerability classified as problematic was found in Spina
CMS 2.18. ...)
+ TODO: check
+CVE-2024-7105 (A vulnerability classified as critical has been found in ForIP
Tecnolo ...)
+ TODO: check
+CVE-2024-6490 (During testing of the Master Slider WordPress plugin through
3.9.10, ...)
+ TODO: check
+CVE-2024-4447 (In the System \u2192 Maintenance tool, the Logged Users tab
surfaces s ...)
+ TODO: check
+CVE-2024-41809 (OpenObserve is an open-source observability platform. Starting
in vers ...)
+ TODO: check
+CVE-2024-41808 (The OpenObserve open-source observability platform provides
the abilit ...)
+ TODO: check
+CVE-2024-41473 (Tenda FH1201 v1.2.0.14 was discovered to contain a command
injection v ...)
+ TODO: check
+CVE-2024-41468 (Tenda FH1201 v1.2.0.14 was discovered to contain a command
injection v ...)
+ TODO: check
+CVE-2024-40897 (Stack-based buffer overflow vulnerability exists in orcparse.c
of ORC ...)
+ TODO: check
+CVE-2024-3938 (The "reset password" login page accepted an HTML injection via
URL par ...)
+ TODO: check
+CVE-2024-38103 (Microsoft Edge (Chromium-based) Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2024-24623 (Softaculous Webuzo contains a command injection vulnerability
in the F ...)
+ TODO: check
+CVE-2024-24622 (Softaculous Webuzo contains a command injection in the
password reset ...)
+ TODO: check
+CVE-2024-24621 (Softaculous Webuzo contains an authentication bypass
vulnerability thr ...)
+ TODO: check
CVE-2024-35296 [Invalid Accept-Encoding can force forwarding requests]
- trafficserver (bug #1077141)
NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
@@ -316,6 +358,7 @@ CVE-2024-4080 (A memory corruption issue due to an improper
length check in LabV
CVE-2024-4079 (An out of bounds read due to a missing bounds check in LabVIEW
may dis ...)
NOT-FOR-US: NI LabVIEW
CVE-2024-4076 (Client queries that trigger serving stale data and that also
require l ...)
+ {DSA-5734-1}
- bind9 1:9.20.0-1
NOTE: https://kb.isc.org/docs/cve-2024-4076
CVE-2024-41839 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
@@ -347,9 +390,11 @@ CVE-2024-34128 (Adobe Experience Manager versions 6.5.20
and earlier are affecte
CVE-2024-29070 (On versions before 2.1.4,session is not invalidated after
logout. When ...)
NOT-FOR-US: Apache StreamPark
CVE-2024-1975 (If a server hosts a zone containing a "KEY" Resource Record, or
a reso ...)
+ {DSA-5734-1}
- bind9 1:9.20.0-1
NOTE: https://kb.isc.org/docs/cve-2024-1975
CVE-2024-1737 (Resolver caches and authoritative zone databases that hold
significant ...)
+ {DSA-5734-1}
- bind9 1:9.20.0-1
NOTE: https://kb.isc.org/docs/cve-2024-1737
NOTE: RRset limits in zones:
https://kb.isc.org/docs/rrset-limits-in-zones
@@ -3531,7 +3576,7 @@ CVE-2024-39071 (Fujian Kelixun <=7.6.6.4391 is vulnerable
to SQL Injection in se
NOT-FOR-US: Fujian Kelixun
CVE-2024-39069 (An issue in ifood Order Manager v3.35.5 'Gestor de
Peddios.exe' allows ...)
NOT-FOR-US: ifood Order Manager
-CVE-2024-39031 (In Silverpeas Core <= 6.3.5, inside of mes agendas a user can
create a ...)
+CVE-2024-39031 (In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create
new eve ...)
NOT-FOR-US: Silverpeas Core
CVE-2024-38963 (Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS)
via the ...)
NOT-FOR-US: Nopcommerce
@@ -62077,7 +62122,7 @@ CVE-2023-6710 (A flaw was found in the
mod_proxy_cluster in the Apache server. T
CVE-2023-5379 (A flaw was found in Undertow. When an AJP request is sent that
exceeds ...)
- undertow (bug #1059055)
NOTE:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f39a872 by security tracker role at 2024-07-25T20:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,57 @@ +CVE-2024-7101 (A vulnerability, which was classified as critical, has been found in F ...) + TODO: check +CVE-2024-7007 (Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an ...) + TODO: check +CVE-2024-6589 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-6558 (HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable ...) + TODO: check +CVE-2024-41806 (The Open edX Platform is a learning management platform. Instructors c ...) + TODO: check +CVE-2024-41801 (OpenProject is open source project management software. Prior to versi ...) + TODO: check +CVE-2024-41800 (Craft is a content management system (CMS). Craft CMS 5 allows reuse o ...) + TODO: check +CVE-2024-40873 (There is a cross-site scripting vulnerability in the Secure Access adm ...) + TODO: check +CVE-2024-40872 (There is an elevation of privilege vulnerability in server and client ...) + TODO: check +CVE-2024-40324 (A CRLF injection vulnerability in E-Staff v5.1 allows attackers to ins ...) + TODO: check +CVE-2024-40318 (An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allo ...) + TODO: check +CVE-2024-39674 (Plaintext vulnerability in the Gallery search module. Impact: Successf ...) + TODO: check +CVE-2024-39673 (Vulnerability of serialisation/deserialisation mismatch in the iAware ...) + TODO: check +CVE-2024-39672 (Memory request logic vulnerability in the memory module. Impact: Succe ...) + TODO: check +CVE-2024-39671 (Access control vulnerability in the security verification module. Impa ...) + TODO: check +CVE-2024-39670 (Privilege escalation vulnerability in the account synchronisation modu ...) + TODO: check +CVE-2024-38289 (A boolean-based SQL injection issue in the Virtual Meeting Password (V ...) + TODO: check +CVE-2024-38288 (A command-injection issue in the Certificate Signing Request (CSR) fun ...) + TODO: check +CVE-2024-38287 (The password-reset mechanism in the Forgot Password functionality in R ...) + TODO: check +CVE-2024-37084 (In Spring Cloud Data Flow versions prior to 2.11.4,a malicious user wh ...) + TODO: check +CVE-2024-36542 (Insecure permissions in kuma v2.7.0 allows attackers to access sensiti ...) + TODO: check +CVE-2024-36111 (KubePi is a K8s panel. Starting in version 1.6.3 and prior to version ...) + TODO: check +CVE-2024-29069 (In snapd versions prior to 2.62, snapd failed to properly check the de ...) + TODO: check +CVE-2024-29068 (In snapd versions prior to 2.62, snapd failed to properly check the fi ...) + TODO: check +CVE-2024-28772 (IBM Security Directory Integrator 7.2.0 and IBM Security Verify Direct ...) + TODO: check +CVE-2024-1724 (In snapd versions prior to 2.62, when using AppArmor for enforcement o ...) + TODO: check +CVE-2023-7271 (Privilege escalation vulnerability in the NMS module Impact: Successfu ...) + TODO: check CVE-2024-7091 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) - gitlab CVE-2024-7081 (A vulnerability was found in itsourcecode Tailoring Management System ...) @@ -169394,8 +169448,8 @@ CVE-2022-32769 (Multiple authentication bypass vulnerabilities exist in the obje NOT-FOR-US: WWBN AVideo CVE-2022-32768 (Multiple authentication bypass vulnerabilities exist in the objects id ...) NOT-FOR-US: WWBN AVideo -CVE-2022-32759 - RESERVED +CVE-2022-32759 (IBM Security Directory Integrator 7.2.0 and IBM Security Verify Direct ...) + TODO: check CVE-2022-32758 RESERVED CVE-2022-32757 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequ ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f39a872bea62b0cbfa1b71bcc70e0a18e4a5729 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f39a872bea62b0cbfa1b71bcc70e0a18e4a5729 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f31a086 by security tracker role at 2024-07-25T08:11:45+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,45 @@ +CVE-2024-7091 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-7081 (A vulnerability was found in itsourcecode Tailoring Management System ...) + TODO: check +CVE-2024-7060 (An information disclosure vulnerability in GitLab CE/EE in project/gro ...) + TODO: check +CVE-2024-7057 (An information disclosure vulnerability in GitLab CE/EE affecting all ...) + TODO: check +CVE-2024-7047 (A cross site scripting vulnerability exists in GitLab CE/EE affecting ...) + TODO: check +CVE-2024-6972 (In affected versions of Octopus Server under certain circumstances it ...) + TODO: check +CVE-2024-5067 (An issue was discovered in GitLab EE affecting all versions starting f ...) + TODO: check +CVE-2024-4811 (In affected versions of Octopus Server under certain conditions, a use ...) + TODO: check +CVE-2024-41707 (An issue was discovered in Archer Platform 6 before 2024.06. Authentic ...) + TODO: check +CVE-2024-41706 (A stored XSS issue was discovered in Archer Platform 6 before version ...) + TODO: check +CVE-2024-41705 (A stored XSS issue was discovered in Archer Platform 6.8 before 2024.0 ...) + TODO: check +CVE-2024-41466 (Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-41465 (Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-41464 (Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-41463 (Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-41462 (Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-41461 (Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-41460 (Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-41459 (Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-41136 (An authenticated command injection vulnerability exists in the HPE Aru ...) + TODO: check +CVE-2024-0231 (A resource misdirection vulnerability in GitLab CE/EE versions 12.0 pr ...) + TODO: check CVE-2024-41091 - linux CVE-2024-41090 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f31a086efba2de9acc4f745ebaf8866d767d3b7 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f31a086efba2de9acc4f745ebaf8866d767d3b7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c75f5a34 by security tracker role at 2024-07-24T20:11:39+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,95 @@ +CVE-2024-7080 (A vulnerability was found in SourceCodester Insurance Management Syste ...) + TODO: check +CVE-2024-7079 (A flaw was found in the Openshift console. The /API/helm/verify endpoi ...) + TODO: check +CVE-2024-7069 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-7068 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2024-7067 (A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap u ...) + TODO: check +CVE-2024-7066 (A vulnerability was found in F-logic DataCube3 1.0. It has been declar ...) + TODO: check +CVE-2024-7065 (A vulnerability was found in Spina CMS up to 2.18.0. It has been class ...) + TODO: check +CVE-2024-6896 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is ...) + TODO: check +CVE-2024-6327 (In Progress\xae Telerik\xae Report Server versions prior to 2024 Q2 (1 ...) + TODO: check +CVE-2024-6096 (In Progress\xae Telerik\xae Reporting versions prior to 18.1.24.709, a ...) + TODO: check +CVE-2024-5818 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) + TODO: check +CVE-2024-41914 (A vulnerability in the web-based management interface of EdgeConnect S ...) + TODO: check +CVE-2024-41672 (DuckDB is a SQL database management system. In versions 1.0.0 and prio ...) + TODO: check +CVE-2024-41667 (OpenAM is an open access management solution. In versions 15.0.3 and p ...) + TODO: check +CVE-2024-41666 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + TODO: check +CVE-2024-41662 (VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerab ...) + TODO: check +CVE-2024-41551 (CampCodes Supplier Management System v1.0 is vulnerable to SQL injecti ...) + TODO: check +CVE-2024-41550 (CampCodes Supplier Management System v1.0 is vulnerable to SQL injecti ...) + TODO: check +CVE-2024-41135 (A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN ...) + TODO: check +CVE-2024-41134 (A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN ...) + TODO: check +CVE-2024-41133 (A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN ...) + TODO: check +CVE-2024-41110 (Moby is an open-source project created by Docker for software containe ...) + TODO: check +CVE-2024-40575 (An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7. ...) + TODO: check +CVE-2024-40495 (A vulnerability was discovered in Linksys Router E2500 with firmware 2 ...) + TODO: check +CVE-2024-40422 (The snapshot_path parameter in the /api/get-browser-snapshot endpoint ...) + TODO: check +CVE-2024-40137 (Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remo ...) + TODO: check +CVE-2024-3896 (The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for Word ...) + TODO: check +CVE-2024-39345 (AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH s ...) + TODO: check +CVE-2024-37533 (IBM InfoSphere Information Server 11.7 could disclose sensitive user i ...) + TODO: check +CVE-2024-36541 (Insecure permissions in logging-operator v4.6.0 allows attackers to ac ...) + TODO: check +CVE-2024-36540 (Insecure permissions in external-secrets v0.9.16 allows attackers to a ...) + TODO: check +CVE-2024-36539 (Insecure permissions in contour v1.28.3 allows attackers to access sen ...) + TODO: check +CVE-2024-36538 (Insecure permissions in chaos-mesh v2.6.3 allows attackers to access s ...) + TODO: check +CVE-2024-36537 (Insecure permissions in cert-manager v1.14.4 allows attackers to acces ...) + TODO: check +CVE-2024-36536 (Insecure permissions in fabedge v0.8.1 allows attackers to access sens ...) + TODO: check +CVE-2024-36535 (Insecure permissions in meshery v0.7.51 allows attackers to access sen ...) + TODO: check +CVE-2024-36534 (Insecure permissions in hwameistor v0.14.3 allows attackers to access ...) + TODO: check +CVE-2024-36533 (Insecure permissions in volcano v1.8.2 allows attackers to access sens ...) + TODO: check +CVE-2024-33519 (A vulnerability in the web-based management interface of HPE Aruba Net ...) + TODO: check +CVE-2024-31977 (Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version ...) + TODO: check +CVE-2024-31971 (Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran N ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9693d3f7 by security tracker role at 2024-07-24T08:11:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2024-7027 (The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to a ...) + TODO: check +CVE-2024-6930 (The WP Booking Calendar plugin for WordPress is vulnerable to Stored C ...) + TODO: check +CVE-2024-6836 (The Funnel Builder for WordPress by FunnelKit \u2013 Customize WooComm ...) + TODO: check +CVE-2024-6756 (The Social Auto Poster plugin for WordPress is vulnerable to arbitrary ...) + TODO: check +CVE-2024-6755 (The Social Auto Poster plugin for WordPress is vulnerable to unauthori ...) + TODO: check +CVE-2024-6754 (The Social Auto Poster plugin for WordPress is vulnerable to unauthori ...) + TODO: check +CVE-2024-6753 (The Social Auto Poster plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-6752 (The Social Auto Poster plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-6751 (The Social Auto Poster plugin for WordPress is vulnerable to Cross-Sit ...) + TODO: check +CVE-2024-6750 (The Social Auto Poster plugin for WordPress is vulnerable to unauthori ...) + TODO: check +CVE-2024-6629 (The All-in-One Video Gallery plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-6571 (The Optimize Images ALT Text (alt tag) & names for SEO using AI plugin ...) + TODO: check +CVE-2024-6553 (The WP Meteor Website Speed Optimization Addon plugin for WordPress is ...) + TODO: check +CVE-2024-6094 (The WP ULike WordPress plugin before 4.7.1 does not sanitise and esca ...) + TODO: check +CVE-2024-5861 (The WP EasyPay \u2013 Square for WordPress plugin for WordPress is vul ...) + TODO: check +CVE-2024-41656 (Sentry is an error tracking and performance monitoring platform. Start ...) + TODO: check +CVE-2024-3454 (An implementation issue in the Connectivity Standards Alliance Matter ...) + TODO: check +CVE-2024-3297 (An issue in the Certificate Authenticated Session Establishment (CASE) ...) + TODO: check +CVE-2024-3246 (The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site R ...) + TODO: check +CVE-2024-39676 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-38176 (An improper restriction of excessive authentication attempts in GroupM ...) + TODO: check +CVE-2024-38164 (An improper access control vulnerability in GroupMe allows an a unauth ...) + TODO: check +CVE-2024-0981 (Okta Browser Plugin versions 6.5.0 through 6.31.0 (Chrome/Edge/Firefox ...) + TODO: check +CVE-2023-48362 (XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greate ...) + TODO: check +CVE-2023-32471 (Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bou ...) + TODO: check +CVE-2023-32466 (Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bou ...) + TODO: check CVE-2024-7014 (EvilVideo vulnerability allows sending malicious apps disguised as vid ...) NOT-FOR-US: Telegram for Android CVE-2024-6783 (A vulnerability has been discovered in Vue, that allows an attacker to ...) @@ -5138,7 +5190,7 @@ CVE-2023-51776 (Improper privilege management in Jungo WinDriver before 12.1.0 a NOT-FOR-US: Jungo WinDriver CVE-2023-39324 REJECTED -CVE-2024-40767 +CVE-2024-40767 (In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1. ...) - nova (Incomplete fix/regression never introduced in Debian as fix for CVE-2024-32498 complete) CVE-2024-32498 (An issue was discovered in OpenStack Cinder through 24.0.0, Glance bef ...) - cinder (bug #1074763) @@ -7421,14 +7473,14 @@ CVE-2023-3352 (The Smush plugin for WordPress is vulnerable to unauthorized dele NOT-FOR-US: WordPress plugin CVE-2021-47621 (ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XX ...) NOT-FOR-US: ClassGraph -CVE-2024-6874 +CVE-2024-6874 (libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/ ...) - curl [bookworm] - curl (Vulnerable code introduced later) [bullseye] - curl (Vulnerable code introduced later) NOTE: https://curl.se/docs/CVE-2024-6874.html NOTE: Introduced in: https://github.com/curl/curl/commit/add22feeef07858307be5722e1869e082554290e (curl-8_8_0) NOTE: Fixed by: https://github.com/curl/curl/commit/686d54baf1df6e0775898f484d1670742898b3b2 (curl-8_9_0) -CVE-2024-6197 [freeing stack buffer in utf8asn1str] +CVE-2024-6197 (libcurl's ASN1 parser has this utf8asn1str() function used for parsing ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61b7067d by security tracker role at 2024-07-23T20:12:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,53 @@ +CVE-2024-7014 (EvilVideo vulnerability allows sending malicious apps disguised as vid ...) + TODO: check +CVE-2024-6783 (A vulnerability has been discovered in Vue, that allows an attacker to ...) + TODO: check +CVE-2024-6714 (An issue was discovered in provd before version 0.1.5 with a setuid bi ...) + TODO: check +CVE-2024-5602 (A stack-based buffer overflow vulnerability due to a missing bounds ch ...) + TODO: check +CVE-2024-4081 (A memory corruption issue due to an improper length check in NI LabVIE ...) + TODO: check +CVE-2024-4080 (A memory corruption issue due to an improper length check in LabVIEW t ...) + TODO: check +CVE-2024-4079 (An out of bounds read due to a missing bounds check in LabVIEW may dis ...) + TODO: check +CVE-2024-4076 (Client queries that trigger serving stale data and that also require l ...) + TODO: check +CVE-2024-41839 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-41836 (InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by ...) + TODO: check +CVE-2024-41668 (The cBioPortal for Cancer Genomics provides visualization, analysis, a ...) + TODO: check +CVE-2024-41665 (Ampache, a web based audio/video streaming application and file manage ...) + TODO: check +CVE-2024-41664 (Canarytokens help track activity and actions on a network. Prior to `s ...) + TODO: check +CVE-2024-41663 (Canarytokens help track activity and actions on a network. A Cross-Si ...) + TODO: check +CVE-2024-41661 (reNgine is an automated reconnaissance framework for web applications. ...) + TODO: check +CVE-2024-41655 (TF2 Item Format helps users format TF2 items to the community standard ...) + TODO: check +CVE-2024-41319 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a comm ...) + TODO: check +CVE-2024-41178 (Exposure of temporary credentials in logsin Apache Arrow Rust Object S ...) + TODO: check +CVE-2024-40060 (go-chart v2.1.1 was discovered to contain an infinite loop via the dra ...) + TODO: check +CVE-2024-39702 (In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string ha ...) + TODO: check +CVE-2024-34128 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-29070 (On versions before 2.1.4,session is not invalidated after logout. When ...) + TODO: check +CVE-2024-1975 (If a server hosts a zone containing a "KEY" Resource Record, or a reso ...) + TODO: check +CVE-2024-1737 (Resolver caches and authoritative zone databases that hold significant ...) + TODO: check +CVE-2024-0760 (A malicious client can send many DNS messages over TCP, potentially ca ...) + TODO: check CVE-2024-6913 (Execution with unnecessary privileges in PerkinElmer ProcessPlus allow ...) NOT-FOR-US: PerkinElmer ProcessPlus CVE-2024-6912 (Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Wind ...) @@ -326603,10 +326653,10 @@ CVE-2020-11642 (The local file inclusion vulnerability present in B SiteManage NOT-FOR-US: B SiteManager CVE-2020-11641 (A local file inclusion vulnerability in B SiteManager versions <9.2. ...) NOT-FOR-US: B GateManager -CVE-2020-11640 - RESERVED -CVE-2020-11639 - RESERVED +CVE-2020-11640 (AdvaBuild uses a command queue to launch certain operations. An attack ...) + TODO: check +CVE-2020-11639 (An attacker could exploit the vulnerability by injecting garbage data ...) + TODO: check CVE-2020-11638 RESERVED CVE-2020-11637 (A memory leak in the TFTP service in B Automation Runtime versions < ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61b7067d3a5a0e418f73ca09e08b3b1bbf64fdf9 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61b7067d3a5a0e418f73ca09e08b3b1bbf64fdf9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 44287a1b by security tracker role at 2024-07-23T08:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,39 @@ +CVE-2024-6913 (Execution with unnecessary privileges in PerkinElmer ProcessPlus allow ...) + TODO: check +CVE-2024-6912 (Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Wind ...) + TODO: check +CVE-2024-6911 (Files on the Windows system are accessible without authentication to e ...) + TODO: check +CVE-2024-6885 (The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles pl ...) + TODO: check +CVE-2024-6828 (The Redux Framework plugin for WordPress is vulnerable to unauthentica ...) + TODO: check +CVE-2024-6806 (The NI VeriStand Gateway is missing authorization checks when an actor ...) + TODO: check +CVE-2024-6805 (The NI VeriStand Gateway is missing authorization checks when an actor ...) + TODO: check +CVE-2024-6794 (A deserialization of untrusted data vulnerability exists in NI VeriSta ...) + TODO: check +CVE-2024-6793 (Adeserialization of untrusted datavulnerabilityexists in NI VeriStand ...) + TODO: check +CVE-2024-6791 (A directory path traversal vulnerability exists when loading a vsmodel ...) + TODO: check +CVE-2024-6717 (HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 arc ...) + TODO: check +CVE-2024-6420 (The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent ...) + TODO: check +CVE-2024-6231 (The Request a Quote WordPress plugin before 2.4.1 does not sanitise an ...) + TODO: check +CVE-2024-4260 (The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does ...) + TODO: check +CVE-2024-41012 (In the Linux kernel, the following vulnerability has been resolved: f ...) + TODO: check +CVE-2024-40502 (SQL injection vulnerability in Hospital Management System Project in A ...) + TODO: check +CVE-2024-24507 (Cross Site Scripting vulnerability in Act-On 2023 allows a remote atta ...) + TODO: check +CVE-2024-1575 (The improper privilege management vulnerability in the Zyxel WBE660S f ...) + TODO: check CVE-2024-6675 (A deserialization of untrusted data vulnerability exists in NI VeriSta ...) NOT-FOR-US: NI VeriStand CVE-2024-6638 (An integer overflow vulnerability due to improper input validation whe ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44287a1b2b692fff38201f1d7f60728762b01feb -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44287a1b2b692fff38201f1d7f60728762b01feb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
45c784c3 by security tracker role at 2024-07-22T20:11:45+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,211 @@
+CVE-2024-6675 (A deserialization of untrusted data vulnerability exists in NI
VeriSta ...)
+ TODO: check
+CVE-2024-6638 (An integer overflow vulnerability due to improper input
validation whe ...)
+ TODO: check
+CVE-2024-6542 (Improper neutralization of livestatus command delimiters in
mknotifyd ...)
+ TODO: check
+CVE-2024-6122 (An incorrect permission in the installation directory for the
shared N ...)
+ TODO: check
+CVE-2024-6121 (An out-of-date version of Redis shipped with NI SystemLink
Server is s ...)
+ TODO: check
+CVE-2024-41880 (In veilid-core in Veilid before 0.3.4, the protocol's ping
function ca ...)
+ TODO: check
+CVE-2024-41829 (In JetBrains TeamCity before 2024.07 an OAuth code for
JetBrains Space ...)
+ TODO: check
+CVE-2024-41828 (In JetBrains TeamCity before 2024.07 comparison of
authorization token ...)
+ TODO: check
+CVE-2024-41827 (In JetBrains TeamCity before 2024.07 access tokens could
continue work ...)
+ TODO: check
+CVE-2024-41826 (In JetBrains TeamCity before 2024.07 stored XSS was possible
on Show C ...)
+ TODO: check
+CVE-2024-41825 (In JetBrains TeamCity before 2024.07 stored XSS was possible
on the Co ...)
+ TODO: check
+CVE-2024-41824 (In JetBrains TeamCity before 2024.07 parameters of the
"password" type ...)
+ TODO: check
+CVE-2024-41320 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to
contain a comm ...)
+ TODO: check
+CVE-2024-41318 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to
contain a comm ...)
+ TODO: check
+CVE-2024-41317 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to
contain a comm ...)
+ TODO: check
+CVE-2024-41316 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to
contain a comm ...)
+ TODO: check
+CVE-2024-41315 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to
contain a comm ...)
+ TODO: check
+CVE-2024-41314 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to
contain a comm ...)
+ TODO: check
+CVE-2024-41132 (ImageSharp is a 2D graphics API. A vulnerability discovered in
the Ima ...)
+ TODO: check
+CVE-2024-41131 (ImageSharp is a 2D graphics API. An Out-of-bounds Write
vulnerability ...)
+ TODO: check
+CVE-2024-41130 (llama.cpp provides LLM inference in C/C++. Prior to b3427,
llama.cpp c ...)
+ TODO: check
+CVE-2024-41129 (The ops library is a Python framework for developing and
testing Kuber ...)
+ TODO: check
+CVE-2024-40634 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
+ TODO: check
+CVE-2024-40075 (Laravel v11.x was discovered to contain an XML External Entity
(XXE) v ...)
+ TODO: check
+CVE-2024-40051 (IP Guard v4.81.0307.0 was discovered to contain an arbitrary
file read ...)
+ TODO: check
+CVE-2024-39902 (Tuleap is an open source suite to improve management of
software devel ...)
+ TODO: check
+CVE-2024-39688 (Bert-VITS2 is the VITS2 Backbone with multilingual bert. User
input su ...)
+ TODO: check
+CVE-2024-39686 (Bert-VITS2 is the VITS2 Backbone with multilingual bert. User
input su ...)
+ TODO: check
+CVE-2024-39685 (Bert-VITS2 is the VITS2 Backbone with multilingual bert. User
input su ...)
+ TODO: check
+CVE-2024-39601 (A vulnerability has been identified in CPCI85 Central
Processing/Commu ...)
+ TODO: check
+CVE-2024-39250 (EfroTech Timetrax v8.3 was discovered to contain an
unauthenticated SQ ...)
+ TODO: check
+CVE-2024-38944 (An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6
allows a ...)
+ TODO: check
+CVE-2024-38788 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-38773 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-38759 (Deserialization of Untrusted Data vulnerability in WP MEDIA
SAS Search ...)
+ TODO: check
+CVE-2024-38755 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-38730 (Server-Side Request Forgery (SSRF) vulnerability in Noor alam
Magical ...)
+ TODO: check
+CVE-2024-38728 (Server-Side Request Forgery (SSRF) vulnerability in
Seraphinite Soluti ...)
+ TODO: check
+CVE-2024-38723 (Server-Side Request Forgery (SSRF) vulnerability in Bernhard
Kux JSON ...)
+ TODO: check
+CVE-2024-38708 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-38701 (Authorization Bypass Through User-Controlled Key vulnerability
in Acad
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 48097ea6 by security tracker role at 2024-07-22T08:11:37+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,105 @@ +CVE-2024-6970 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-6969 (A vulnerability was found in SourceCodester Clinics Patient Management ...) + TODO: check +CVE-2024-6968 (A vulnerability was found in SourceCodester Clinics Patient Management ...) + TODO: check +CVE-2024-6967 (A vulnerability was found in SourceCodester Employee and Visitor Gate ...) + TODO: check +CVE-2024-6966 (A vulnerability was found in itsourcecode Online Blood Bank Management ...) + TODO: check +CVE-2024-6965 (A vulnerability has been found in Tenda O3 1.0.0.10 and classified as ...) + TODO: check +CVE-2024-6964 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-6963 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-6962 (A vulnerability classified as critical was found in Tenda O3 1.0.0.10. ...) + TODO: check +CVE-2024-6961 (RAIL documents are an XML-based format invented by Guardrails AI to en ...) + TODO: check +CVE-2024-6960 (The H2O machine learning platform uses "Iced" classes as the primary m ...) + TODO: check +CVE-2024-6958 (A vulnerability classified as critical was found in itsourcecode Unive ...) + TODO: check +CVE-2024-6957 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-6956 (A vulnerability was found in itsourcecode University Management System ...) + TODO: check +CVE-2024-6955 (A vulnerability was found in SourceCodester Record Management System 1 ...) + TODO: check +CVE-2024-6954 (A vulnerability was found in SourceCodester Record Management System 1 ...) + TODO: check +CVE-2024-6953 (A vulnerability was found in itsourcecode Tailoring Management System ...) + TODO: check +CVE-2024-6952 (A vulnerability has been found in itsourcecode University Management S ...) + TODO: check +CVE-2024-6951 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-6950 (A vulnerability, which was classified as critical, has been found in P ...) + TODO: check +CVE-2024-6949 (A vulnerability classified as problematic was found in Gargaj wuhu up ...) + TODO: check +CVE-2024-6948 (A vulnerability classified as critical has been found in Gargaj wuhu u ...) + TODO: check +CVE-2024-6947 (A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been rate ...) + TODO: check +CVE-2024-6946 (A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been decl ...) + TODO: check +CVE-2024-6271 (The Community Events WordPress plugin before 1.5 does not have CSRF ch ...) + TODO: check +CVE-2024-6244 (The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CS ...) + TODO: check +CVE-2024-6243 (The HTML Forms WordPress plugin before 1.3.33 does not sanitize and e ...) + TODO: check +CVE-2024-5973 (The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 d ...) + TODO: check +CVE-2024-5529 (The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and ...) + TODO: check +CVE-2024-5004 (The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does ...) + TODO: check +CVE-2024-41709 (Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficien ...) + TODO: check +CVE-2024-41704 (LibreChat through 0.7.4-rc1 does not validate the normalized pathnames ...) + TODO: check +CVE-2024-41703 (LibreChat through 0.7.4-rc1 has incorrect access control for message u ...) + TODO: check +CVE-2024-40430 (In SFTPGO 2.6.2, the JWT implementation lacks cerrtain security measur ...) + TODO: check +CVE-2024-38786 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38785 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38784 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38782 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38781 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37485 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37480 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7fc6a0f3 by security tracker role at 2024-07-21T08:12:04+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,97 @@ +CVE-2024-6945 (A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been clas ...) + TODO: check +CVE-2024-6944 (A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and class ...) + TODO: check +CVE-2024-6943 (A vulnerability has been found in ZhongBangKeJi CRMEB up to 5.4.0 and ...) + TODO: check +CVE-2024-6942 (A vulnerability, which was classified as problematic, was found in Thi ...) + TODO: check +CVE-2024-6941 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-6940 (A vulnerability was found in DedeCMS 5.7.114. It has been classified a ...) + TODO: check +CVE-2024-6939 (A vulnerability was found in Xinhu RockOA 2.6.3 and classified as prob ...) + TODO: check +CVE-2024-6938 (A vulnerability has been found in SiYuan 3.1.0 and classified as probl ...) + TODO: check +CVE-2024-6937 (A vulnerability, which was classified as problematic, was found in for ...) + TODO: check +CVE-2024-6936 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-6935 (A vulnerability classified as problematic was found in formtools.org F ...) + TODO: check +CVE-2024-6934 (A vulnerability classified as problematic has been found in formtools. ...) + TODO: check +CVE-2024-6933 (A vulnerability was found in LimeSurvey 6.5.14-240624. It has been rat ...) + TODO: check +CVE-2024-6932 (A vulnerability was found in ClassCMS 4.5. It has been declared as pro ...) + TODO: check +CVE-2024-38438 (D-Link - CWE-294: Authentication Bypass by Capture-replay) + TODO: check +CVE-2024-38437 (D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Chan ...) + TODO: check +CVE-2024-38436 (Commugen SOX 365 \u2013CWE-79: Improper Neutralization of Input During ...) + TODO: check +CVE-2024-38435 (Unitronics Vision PLC \u2013CWE-703: Improper Check or Handling of Exc ...) + TODO: check +CVE-2024-38434 (Unitronics Vision PLC \u2013CWE-676: Use of Potentially Dangerous ...) + TODO: check +CVE-2024-37559 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37558 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37557 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37556 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37552 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37551 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37550 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37549 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37548 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37545 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37538 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37537 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37536 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37523 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37522 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37521 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37519 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37515 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37514 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37512 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37509 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37507 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e2907d9f by security tracker role at 2024-07-20T20:11:36+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2024-6848 (The Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Edit ...) + TODO: check +CVE-2024-6497 (The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-37959 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37958 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37957 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37956 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37955 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37954 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37953 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37951 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37950 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37949 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37948 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37947 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37946 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37944 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37943 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37936 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37922 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37920 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37919 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37918 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37565 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37563 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37562 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37561 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check CVE-2024-6694 (The WP Mail SMTP plugin for WordPress is vulnerable to information exp ...) TODO: check CVE-2024-6637 (The WooCommerce - Social Login plugin for WordPress is vulnerable to u ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2907d9f74da84b9ba747cf19024b281739a7dc3 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2907d9f74da84b9ba747cf19024b281739a7dc3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e4dc298b by security tracker role at 2024-07-20T08:12:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,115 @@ +CVE-2024-6694 (The WP Mail SMTP plugin for WordPress is vulnerable to information exp ...) + TODO: check +CVE-2024-6637 (The WooCommerce - Social Login plugin for WordPress is vulnerable to u ...) + TODO: check +CVE-2024-6636 (The WooCommerce - Social Login plugin for WordPress is vulnerable to u ...) + TODO: check +CVE-2024-6635 (The WooCommerce - Social Login plugin for WordPress is vulnerable to a ...) + TODO: check +CVE-2024-6560 (The Addonify \u2013 Quick View For WooCommerce plugin for WordPress is ...) + TODO: check +CVE-2024-6491 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-6489 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-6281 (A path traversal vulnerability exists in the `apply_settings` function ...) + TODO: check +CVE-2024-5804 (The Conditional Fields for Contact Form 7 plugin for WordPress is vuln ...) + TODO: check +CVE-2024-40348 (An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allow ...) + TODO: check +CVE-2024-40347 (A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresc ...) + TODO: check +CVE-2024-3934 (The Mercado Pago payments for WooCommerce plugin for WordPress is vuln ...) + TODO: check +CVE-2024-38767 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38758 (Server-Side Request Forgery (SSRF) vulnerability in WappPress Team Wap ...) + TODO: check +CVE-2024-38757 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38750 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38741 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38739 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38738 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38725 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38722 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38720 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38718 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38713 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38712 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38711 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38710 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38705 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38703 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38698 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38697 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38696 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38694 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38689 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38687 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38686 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38685 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38684 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38683 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38682 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38681 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0d737e8f by security tracker role at 2024-07-19T20:11:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,71 @@
+CVE-2024-6916 (A vulnerability in Zowe CLI allows local, privileged actors to
display ...)
+ TODO: check
+CVE-2024-6908 (Improper privilege management in Yugabyte Platform allows
authenticate ...)
+ TODO: check
+CVE-2024-6907 (A vulnerability was found in SourceCodester Record Management
System 1 ...)
+ TODO: check
+CVE-2024-6906 (A vulnerability was found in SourceCodester Record Management
System 1 ...)
+ TODO: check
+CVE-2024-6905 (A vulnerability has been found in SourceCodester Record
Management Sys ...)
+ TODO: check
+CVE-2024-6904 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2024-6895 (Insufficient authentication in user account management in
Yugabyte Pla ...)
+ TODO: check
+CVE-2024-5977 (The GiveWP \u2013 Donation Plugin and Fundraising Platform
plugin for ...)
+ TODO: check
+CVE-2024-41603 (Spina CMS v2.18.0 was discovered to contain a Cross-Site
Request Forge ...)
+ TODO: check
+CVE-2024-41602 (Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0
and bef ...)
+ TODO: check
+CVE-2024-41601 (Insecure Permissions vulnerability in lin-CMS v.0.2.0 and
before allow ...)
+ TODO: check
+CVE-2024-41600 (Insecure Permissions vulnerability in lin-CMS Springboot
v.0.2.1 and b ...)
+ TODO: check
+CVE-2024-41599 (Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before
allows ...)
+ TODO: check
+CVE-2024-41597 (Cross Site Request Forgery vulnerability in ProcessWire
v.3.0.229 allo ...)
+ TODO: check
+CVE-2024-41492 (A stack overflow in Tenda AX1806 v1.0.0.1 allows attackers to
cause a ...)
+ TODO: check
+CVE-2024-41281 (Linksys WRT54G v4.21.5 has a stack overflow vulnerability in
get_merge ...)
+ TODO: check
+CVE-2024-41172 (In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and
lower vers ...)
+ TODO: check
+CVE-2024-41124 (Puncia is the Official CLI utility for Subdomain Center &
Exploit Obse ...)
+ TODO: check
+CVE-2024-41122 (Woodpecker is a simple yet powerful CI/CD engine with great
extensibil ...)
+ TODO: check
+CVE-2024-41121 (Woodpecker is a simple yet powerful CI/CD engine with great
extensibil ...)
+ TODO: check
+CVE-2024-41107 (The CloudStack SAML authentication (disabled by default) does
not enfo ...)
+ TODO: check
+CVE-2024-40400 (An arbitrary file upload vulnerability in the image upload
function of ...)
+ TODO: check
+CVE-2024-39963 (AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and
AX3000 Du ...)
+ TODO: check
+CVE-2024-39962 (D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router
v21_D240126 w ...)
+ TODO: check
+CVE-2024-39906 (A command injection vulnerability was found in the IndieAuth
functiona ...)
+ TODO: check
+CVE-2024-39457 (Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting
vulnerabi ...)
+ TODO: check
+CVE-2024-39123 (In janeczku Calibre-Web 0.6.0 to 0.6.21, the
edit_book_comments functi ...)
+ TODO: check
+CVE-2024-37066 (A command injection vulnerability exists in Wyze V4 Pro
firmware versi ...)
+ TODO: check
+CVE-2024-32007 (An improper input validation of thep2c parameter in the Apache
CXF JOS ...)
+ TODO: check
+CVE-2024-29736 (A SSRF vulnerability in WADL service description in versions
of Apache ...)
+ TODO: check
+CVE-2024-29080 (Potential vulnerabilities have been identified in the HP
Display Contr ...)
+ TODO: check
+CVE-2024-27489 (An issue in the DelFile() function of WMCMS v4.4 allows
attackers to d ...)
+ TODO: check
+CVE-2024-24970 (Potential vulnerabilities have been identified in the HP
Display Contr ...)
+ TODO: check
+CVE-2024-0006 (Information exposure in the logging system in Yugabyte Platform
allows ...)
+ TODO: check
CVE-2024-6903 (A vulnerability, which was classified as critical, has been
found in S ...)
NOT-FOR-US: SourceCodester Record Management System
CVE-2024-6902 (A vulnerability classified as critical was found in
SourceCodester Rec ...)
@@ -502,18 +570,24 @@ CVE-2024-21122 (Vulnerability in the PeopleSoft
Enterprise HCM Shared Components
CVE-2024-20996 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.38-1
CVE-2023-7013 (Inappropriate implementation in Compositing in Google Chrome
prior to ...)
+ {DSA-5546-1}
- chromium 119.0.6045.105-1
CVE-2023-7012 (Insufficient data validation in Permission Prompts in Google
Chrome pr ...)
+ {DSA-5499-1}
- chromium 117.0.5938.62-1
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
38cf2f91 by security tracker role at 2024-07-19T08:11:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,49 @@
+CVE-2024-6903 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2024-6902 (A vulnerability classified as critical was found in
SourceCodester Rec ...)
+ TODO: check
+CVE-2024-6901 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2024-6900 (A vulnerability was found in SourceCodester Record Management
System 1 ...)
+ TODO: check
+CVE-2024-6899 (A vulnerability was found in SourceCodester Record Management
System 1 ...)
+ TODO: check
+CVE-2024-6898 (A vulnerability was found in SourceCodester Record Management
System 1 ...)
+ TODO: check
+CVE-2024-6799 (The YITH Essential Kit for WooCommerce #1 plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2024-6455 (The ElementsKit Elementor addons plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-6338 (The FV Flowplayer Video Player plugin for WordPress is
vulnerable to t ...)
+ TODO: check
+CVE-2024-6205 (The PayPlus Payment Gateway WordPress plugin before 6.6.9 does
not pro ...)
+ TODO: check
+CVE-2024-5997 (The Duplica \u2013 Duplicate Posts, Pages, Custom Posts or
Users plugi ...)
+ TODO: check
+CVE-2024-5604 (The Bug Library WordPress plugin before 2.1.2 does not sanitise
and es ...)
+ TODO: check
+CVE-2024-4 (Sliver is an open source cross-platform adversary
emulation/red team f ...)
+ TODO: check
+CVE-2024-40724 (Heap-based buffer overflow vulnerability in Assimp versions
prior to 5 ...)
+ TODO: check
+CVE-2024-40642 (The netty incubator codec.bhttp is a java language binary http
parser. ...)
+ TODO: check
+CVE-2024-38156 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
+CVE-2024-35199 (TorchServe is a flexible and easy-to-use tool for serving and
scaling ...)
+ TODO: check
+CVE-2024-35198 (TorchServe is a flexible and easy-to-use tool for serving and
scaling ...)
+ TODO: check
+CVE-2024-30130 (HCL Nomad server on Domino is vulnerable to the cache
containing sensi ...)
+ TODO: check
+CVE-2024-21583 (Versions of the package
github.com/gitpod-io/gitpod/components/server/ ...)
+ TODO: check
+CVE-2024-21527 (Versions of the package
github.com/gotenberg/gotenberg/v8/pkg/gotenber ...)
+ TODO: check
+CVE-2023-7269 (The ArtPlacer Widget WordPress plugin before 2.21.2 does not
have CSRF ...)
+ TODO: check
+CVE-2023-7268 (The ArtPlacer Widget WordPress plugin before 2.21.2 does not
have auth ...)
+ TODO: check
CVE-2024-6504 (Rapid7 InsightVM Console versions below 6.6.260 suffer from a
protecti ...)
NOT-FOR-US: Rapid7 InsightVM Console
CVE-2024-5625 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
@@ -3301,7 +3347,7 @@ CVE-2024-6605 (Firefox Android allowed immediate
interaction with permission pro
- firefox (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6605
CVE-2024-6604 (Memory safety bugs present in Firefox 127, Firefox ESR 115.12,
and Thu ...)
- {DSA-5727-1}
+ {DSA-5733-1 DSA-5727-1}
- firefox 128.0-1
- firefox-esr 115.13.0esr-1
- thunderbird 1:115.13.0-1
@@ -3309,7 +3355,7 @@ CVE-2024-6604 (Memory safety bugs present in Firefox 127,
Firefox ESR 115.12, an
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6604
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/#CVE-2024-6604
CVE-2024-6603 (In an out-of-memory scenario an allocation could fail but free
would h ...)
- {DSA-5727-1}
+ {DSA-5733-1 DSA-5727-1}
- firefox 128.0-1
- firefox-esr 115.13.0esr-1
- thunderbird 1:115.13.0-1
@@ -3317,7 +3363,7 @@ CVE-2024-6603 (In an out-of-memory scenario an allocation
could fail but free wo
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6603
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/#CVE-2024-6603
CVE-2024-6602 (A mismatch between allocator and deallocator could have lead to
memory ...)
- {DSA-5727-1}
+ {DSA-5733-1 DSA-5727-1}
- firefox 128.0-1
- firefox-esr 115.13.0esr-1
- thunderbird 1:115.13.0-1
@@ -3326,7 +3372,7 @@ CVE-2024-6602 (A mismatch between allocator and
deallocator could have lead to m
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/#CVE-2024-6602
TODO: check how its related to src:nss and if src:nss tracking is
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3d86f0e4 by security tracker role at 2024-07-18T20:11:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,67 @@
+CVE-2024-6504 (Rapid7 InsightVM Console versions below 6.6.260 suffer from a
protecti ...)
+ TODO: check
+CVE-2024-5625 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
+ TODO: check
+CVE-2024-5620 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2024-5619 (Authorization Bypass Through User-Controlled Key vulnerability
in Pruv ...)
+ TODO: check
+CVE-2024-5618 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
+ TODO: check
+CVE-2024- (The Element Pack Elementor Addons (Header Footer, Template
Library, Dy ...)
+ TODO: check
+CVE-2024-5554 (The Element Pack Elementor Addons (Header Footer, Template
Library, Dy ...)
+ TODO: check
+CVE-2024-5321 (A security issue was discovered in Kubernetes clusters with
Windows no ...)
+ TODO: check
+CVE-2024-40648 (matrix-rust-sdk is an implementation of a Matrix client-server
library ...)
+ TODO: check
+CVE-2024-40647 (sentry-sdk is the official Python SDK for Sentry.io. A bug in
Sentry's ...)
+ TODO: check
+CVE-2024-40644 (gitoxide An idiomatic, lean, fast & safe pure Rust
implementation of G ...)
+ TODO: check
+CVE-2024-40629 (JumpServer is an open-source Privileged Access Management
(PAM) tool t ...)
+ TODO: check
+CVE-2024-40628 (JumpServer is an open-source Privileged Access Management
(PAM) tool t ...)
+ TODO: check
+CVE-2024-3242 (The Brizy \u2013 Page Builder plugin for WordPress is
vulnerable to ar ...)
+ TODO: check
+CVE-2024-39911 (1Panel is a web-based linux server management control panel.
1Panel co ...)
+ TODO: check
+CVE-2024-39907 (1Panel is a web-based linux server management control panel.
There are ...)
+ TODO: check
+CVE-2024-39173 (calculator-boilerplate v1.0 was discovered to contain a remote
code ex ...)
+ TODO: check
+CVE-2024-39152
+ REJECTED
+CVE-2024-39090 (The PHPGurukul Online Shopping Portal Project version 2.0
contains a v ...)
+ TODO: check
+CVE-2024-38806 (Failure to properly synchronize user's permissions in UAA in
Cloud Fou ...)
+ TODO: check
+CVE-2024-38302 (Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing
Encrypti ...)
+ TODO: check
+CVE-2024-34013 (Local privilege escalation due to OS command injection
vulnerability. ...)
+ TODO: check
+CVE-2024-30473 (Dell ECS, versions prior to 3.8.1, contain a privilege
elevation vulne ...)
+ TODO: check
+CVE-2024-30126 (HCL BigFix Compliance is affected by a missing X-Frame-Options
HTTP he ...)
+ TODO: check
+CVE-2024-30125 (HCL BigFix Compliance server can respond with an HTTP status
of 500, i ...)
+ TODO: check
+CVE-2024-29178 (On versions before 2.1.4, a user could log in and perform a
template i ...)
+ TODO: check
+CVE-2024-0857 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-50304 (IBM Engineering Requirements Management DOORS Web Access
9.7.2.8 is vu ...)
+ TODO: check
+CVE-2023-40704 (Philips Vue PACS uses default credentials for potentially
critical fun ...)
+ TODO: check
+CVE-2023-40539 (Philips Vue PACS does not require that users have strong
passwords, wh ...)
+ TODO: check
+CVE-2023-40223 (Philips Vue PACS does not properly assign, modify, track, or
check act ...)
+ TODO: check
+CVE-2023-40159 (A validated user not explicitly authorized to have access to
certain s ...)
+ TODO: check
CVE-2024-6705 (The RegLevel plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6599 (The Meks Video Importer plugin for WordPress is vulnerable to
unauthor ...)
@@ -31,7 +95,7 @@ CVE-2024-39679 (Cooked is a recipe plugin for WordPress. The
Cooked plugin for W
NOT-FOR-US: WordPress plugin
CVE-2024-39678 (Cooked is a recipe plugin for WordPress. The Cooked plugin is
vulnerab ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-29014 (Vulnerability in SonicWall NetExtender Windows (32 and 64-bit)
client ...)
+CVE-2024-29014 (Vulnerability in SonicWall SMA100 NetExtender Windows (32 and
64-bit) ...)
NOT-FOR-US: SonicWall
CVE-2023-6708 (The SVG Support plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
NOT-FOR-US: WordPress plugin
@@ -200,6 +264,7 @@ CVE-2024-5582 (The Schema & Structured Data for WP & AMP
plugin for WordPress is
CVE-2024-5566 (An improper privilege management vulnerability allowed users to
migrat ...)
NOT-FOR-US: GitHub Enterprise Server
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
44c8954c by security tracker role at 2024-07-18T08:11:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,4 +1,38 @@
-CVE-2024-41011 [drm/amdkfd: don't allow mapping the MMIO HDP page with large
pages]
+CVE-2024-6705 (The RegLevel plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2024-6599 (The Meks Video Importer plugin for WordPress is vulnerable to
unauthor ...)
+ TODO: check
+CVE-2024-6175 (The Booking Ultra Pro Appointments Booking Calendar Plugin
plugin for ...)
+ TODO: check
+CVE-2024-6164 (The Filter & Grids WordPress plugin before 2.8.33 is vulnerable
to Loc ...)
+ TODO: check
+CVE-2024-5964 (The Zenon Lite theme for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-5726 (The Timeline Event History plugin for WordPress is vulnerable
to PHP O ...)
+ TODO: check
+CVE-2024-41184 (In the vrrp_ipsets_handler handler (fglobal_parser.c) of
keepalived th ...)
+ TODO: check
+CVE-2024-40764 (Heap-based buffer overflow vulnerability in the SonicOS IPSec
VPN allo ...)
+ TODO: check
+CVE-2024-40492 (Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1
allows a ...)
+ TODO: check
+CVE-2024-39682 (Cooked is a recipe plugin for WordPress. The Cooked plugin for
WordPre ...)
+ TODO: check
+CVE-2024-39681 (Cooked is a recipe plugin for WordPress. The Cooked plugin for
WordPre ...)
+ TODO: check
+CVE-2024-39680 (Cooked is a recipe plugin for WordPress. The Cooked plugin for
WordPre ...)
+ TODO: check
+CVE-2024-39679 (Cooked is a recipe plugin for WordPress. The Cooked plugin for
WordPre ...)
+ TODO: check
+CVE-2024-39678 (Cooked is a recipe plugin for WordPress. The Cooked plugin is
vulnerab ...)
+ TODO: check
+CVE-2024-29014 (Vulnerability in SonicWall NetExtender Windows (32 and 64-bit)
client ...)
+ TODO: check
+CVE-2023-6708 (The SVG Support plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2023-43971 (Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a
remote ...)
+ TODO: check
+CVE-2024-41011 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.11-1
[bookworm] - linux 6.1.94-1
NOTE:
https://git.kernel.org/linus/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 (6.9)
@@ -356,27 +390,35 @@ CVE-2024-41009 (In the Linux kernel, the following
vulnerability has been resolv
[bookworm] - linux 6.1.98-1
NOTE:
https://git.kernel.org/linus/cfa1a2329a691ffd991fcf7248a57d752e712881 (6.10-rc6)
CVE-2024-6779 (Out of bounds memory access in V8 in Google Chrome prior to
126.0.6478 ...)
+ {DSA-5732-1}
- chromium 126.0.6478.182-1
[bullseye] - chromium (see #1061268)
CVE-2024-6778 (Race in DevTools in Google Chrome prior to 126.0.6478.182
allowed an a ...)
+ {DSA-5732-1}
- chromium 126.0.6478.182-1
[bullseye] - chromium (see #1061268)
CVE-2024-6777 (Use after free in Navigation in Google Chrome prior to
126.0.6478.182 ...)
+ {DSA-5732-1}
- chromium 126.0.6478.182-1
[bullseye] - chromium (see #1061268)
CVE-2024-6776 (Use after free in Audio in Google Chrome prior to
126.0.6478.182 allow ...)
+ {DSA-5732-1}
- chromium 126.0.6478.182-1
[bullseye] - chromium (see #1061268)
CVE-2024-6775 (Use after free in Media Stream in Google Chrome prior to
126.0.6478.18 ...)
+ {DSA-5732-1}
- chromium 126.0.6478.182-1
[bullseye] - chromium (see #1061268)
CVE-2024-6774 (Use after free in Screen Capture in Google Chrome prior to
126.0.6478. ...)
+ {DSA-5732-1}
- chromium 126.0.6478.182-1
[bullseye] - chromium (see #1061268)
CVE-2024-6773 (Inappropriate implementation in V8 in Google Chrome prior to
126.0.647 ...)
+ {DSA-5732-1}
- chromium 126.0.6478.182-1
[bullseye] - chromium (see #1061268)
CVE-2024-6772 (Inappropriate implementation in V8 in Google Chrome prior to
126.0.647 ...)
+ {DSA-5732-1}
- chromium 126.0.6478.182-1
[bullseye] - chromium (see #1061268)
CVE-2024-6621 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post,
and Au ...)
@@ -185837,7 +185879,7 @@ CVE-2020-36518 (jackson-databind before 2.13.0 allows
a Java StackOverflow excep
{DSA-5283-1 DLA-3207-1 DLA-2990-1}
- jackson-databind 2.13.2.2-1 (bug #1007109)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2816
-CVE-2018-25031 (Swagger UI before 4.1.3 could allow a remote attacker to
conduct spoof ...)
+CVE-2018-25031 (Swagger UI 4.1.2 and earlier could allow a remote attacker to
conduct ...)
-
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 95fdbcd6 by security tracker role at 2024-07-17T20:11:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,121 @@ +CVE-2024-6834 (A vulnerability in APIML Spring Cloud Gateway which leverages user pri ...) + TODO: check +CVE-2024-6833 (A vulnerability in Zowe CLI allows local, privileged actors to store p ...) + TODO: check +CVE-2024-6830 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-6765 + REJECTED +CVE-2024-5471 (Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnera ...) + TODO: check +CVE-2024-40641 (Nuclei is a fast and customizable vulnerability scanner based on simpl ...) + TODO: check +CVE-2024-40640 (vodozemac is an open source implementation of Olm and Megolm in pure R ...) + TODO: check +CVE-2024-40639 + REJECTED +CVE-2024-40636 (Steeltoe is an open source project that provides a collection of libra ...) + TODO: check +CVE-2024-40633 (Sylius is an Open Source eCommerce Framework on Symfony. A security vu ...) + TODO: check +CVE-2024-40617 (Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 ( ...) + TODO: check +CVE-2024-40420 (A Server-Side Template Injection (SSTI) vulnerability in the edit them ...) + TODO: check +CVE-2024-40402 (A SQL injection vulnerability was found in 'ajax.php' of Sourcecodeste ...) + TODO: check +CVE-2024-40119 (Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmw ...) + TODO: check +CVE-2024-39126 (Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG do ...) + TODO: check +CVE-2024-39125 (Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Refere ...) + TODO: check +CVE-2024-39124 (In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.) + TODO: check +CVE-2024-38870 (Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpM ...) + TODO: check +CVE-2024-38447 (NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modi ...) + TODO: check +CVE-2024-38446 (NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a r ...) + TODO: check +CVE-2024-36491 (FutureNet NXR series, VXR series and WXR series provided by Century Sy ...) + TODO: check +CVE-2024-36475 (FutureNet NXR series, VXR series and WXR series provided by Century Sy ...) + TODO: check +CVE-2024-32981 (Silverstripe framework is the PHP framework forming the base for the S ...) + TODO: check +CVE-2024-31979 (Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes ...) + TODO: check +CVE-2024-31411 (Unrestricted Upload of File with dangerous type vulnerability in Apach ...) + TODO: check +CVE-2024-31070 (Initialization of a resource with an insecure default vulnerability in ...) + TODO: check +CVE-2024-30471 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apa ...) + TODO: check +CVE-2024-29885 (silverstripe/reports is an API for creating backend reports in the Sil ...) + TODO: check +CVE-2024-29737 (In streampark, the project module integrates Maven's compilation capab ...) + TODO: check +CVE-2024-29120 (In Streampark (version < 2.1.4), when a user logged in successfully, t ...) + TODO: check +CVE-2024-28993 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...) + TODO: check +CVE-2024-28992 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...) + TODO: check +CVE-2024-28796 (IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross- ...) + TODO: check +CVE-2024-28074 (It was discovered that a previous vulnerability was not completely fix ...) + TODO: check +CVE-2024-27311 (Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnera ...) + TODO: check +CVE-2024-23475 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...) + TODO: check +CVE-2024-23474 (The SolarWinds Access Rights Manager was found to be susceptible to an ...) + TODO: check +CVE-2024-23472 (SolarWinds Access Rights Manager (ARM) is susceptible to Directory Tra ...) + TODO: check +CVE-2024-23471 (The SolarWinds Access Rights Manager was found to be susceptible to a ...) + TODO: check +CVE-2024-23470 (The SolarWinds Access Rights Manager was found to be susceptible to a ...) + TODO: check +CVE-2024-23469 (SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code ...) + TODO: check +CVE-2024-23468 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...) + TODO: check +CVE-2024-23467 (The SolarWinds
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 39cb9062 by security tracker role at 2024-07-17T08:11:49+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,34 +1,258 @@ -CVE-2024-41010 [bpf: Fix too early release of tcx_entry] +CVE-2024-6808 (A vulnerability was found in itsourcecode Simple Task List 1.0. It has ...) + TODO: check +CVE-2024-6807 (A vulnerability was found in SourceCodester Student Study Center Desk ...) + TODO: check +CVE-2024-6803 (A vulnerability has been found in itsourcecode Document Management Sys ...) + TODO: check +CVE-2024-6802 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-6801 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-6669 (The AI ChatBot for WordPress \u2013 WPBot plugin for WordPress is vuln ...) + TODO: check +CVE-2024-6660 (The BookingPress \u2013 Appointment Booking Calendar Plugin and Online ...) + TODO: check +CVE-2024-6535 (A flaw was found in Skupper. When Skupper is initialized with the cons ...) + TODO: check +CVE-2024-6467 (The BookingPress \u2013 Appointment Booking Calendar Plugin and Online ...) + TODO: check +CVE-2024-6395 (An exposure of sensitive information vulnerability in GitHub Enterpris ...) + TODO: check +CVE-2024-6336 (A Security Misconfiguration vulnerability in GitHub Enterprise Server ...) + TODO: check +CVE-2024-6220 (The \u7b80\u6570\u91c7\u96c6\u5668 (Keydatas) plugin for WordPress is ...) + TODO: check +CVE-2024-6033 (The Event Manager, Events Calendar, Tickets, Registrations \u2013 Even ...) + TODO: check +CVE-2024-5817 (An Incorrect Authorization vulnerability was identified in GitHub Ente ...) + TODO: check +CVE-2024-5816 (An Incorrect Authorization vulnerability was identified in GitHub Ente ...) + TODO: check +CVE-2024-5815 (A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server ...) + TODO: check +CVE-2024-5795 (A Denial of Service vulnerability was identified in GitHub Enterprise ...) + TODO: check +CVE-2024-5703 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) + TODO: check +CVE-2024-5582 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...) + TODO: check +CVE-2024-5566 (An improper privilege management vulnerability allowed users to migrat ...) + TODO: check +CVE-2024-5500 (Inappropriate implementation in Sign-In in Google Chrome prior to 1.3. ...) + TODO: check +CVE-2024-5255 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5254 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5253 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5252 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5251 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-40637 (dbt enables data analysts and engineers to transform their data using ...) + TODO: check +CVE-2024-40536 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were discovere ...) + TODO: check +CVE-2024-40535 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered ...) + TODO: check +CVE-2024-3176 (Out of bounds write in SwiftShader in Google Chrome prior to 117.0.593 ...) + TODO: check +CVE-2024-3175 (Insufficient data validation in Extensions in Google Chrome prior to 1 ...) + TODO: check +CVE-2024-3174 (Inappropriate implementation in V8 in Google Chrome prior to 119.0.604 ...) + TODO: check +CVE-2024-3173 (Insufficient data validation in Updater in Google Chrome prior to 120. ...) + TODO: check +CVE-2024-3172 (Insufficient data validation in DevTools in Google Chrome prior to 121 ...) + TODO: check +CVE-2024-3171 (Use after free in Accessibility in Google Chrome prior to 122.0.6261.5 ...) + TODO: check +CVE-2024-3170 (Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allow ...) + TODO: check +CVE-2024-3169 (Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed ...) + TODO: check +CVE-2024-3168 (Use after free in DevTools in Google Chrome prior to 122.0.6261.57 all ...) + TODO: check +CVE-2024-39877 (Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability t ...) + TODO: check +CVE-2024-39863 (Apache Airflow versions before 2.9.3 have a vulnerability that allows ...) + TODO: check +CVE-2024-2884 (Out of bounds read in V8 in Google Chrome prior
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 668e0550 by security tracker role at 2024-07-16T20:11:42+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,381 +1,465 @@ -CVE-2023-52886 [USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()] +CVE-2024-6621 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Au ...) + TODO: check +CVE-2024-6579 (The Web and WooCommerce Addons for WPBakery Builder plugin for WordPre ...) + TODO: check +CVE-2024-6570 (The Glossary plugin for WordPress is vulnerable to Full Path Disclosur ...) + TODO: check +CVE-2024-6565 (The AForms \u2014 Form Builder for Price Calculator & Cost Estimation ...) + TODO: check +CVE-2024-6492 (Exposure of Sensitive Information in edge browser session proxy featur ...) + TODO: check +CVE-2024-6457 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...) + TODO: check +CVE-2024-6435 (A privilege escalation vulnerability exists in the affected products w ...) + TODO: check +CVE-2024-6326 (An exposure of sensitive information vulnerability exists in the Rockw ...) + TODO: check +CVE-2024-6325 (The v6.40 release of Rockwell Automation FactoryTalk\xae Policy Manage ...) + TODO: check +CVE-2024-6089 (An input validation vulnerability exists in the Rockwell Automation501 ...) + TODO: check +CVE-2024-5852 (The WordPress File Upload plugin for WordPress is vulnerable to Direct ...) + TODO: check +CVE-2024-40626 (Outline is an open source, collaborative document editor. A type confu ...) + TODO: check +CVE-2024-40516 (An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R ...) + TODO: check +CVE-2024-40515 (An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.4 ...) + TODO: check +CVE-2024-40505 (**UNSUPPORTED WHEN ASSIGNED** Directory Traversal vulnerability in D-L ...) + TODO: check +CVE-2024-40503 (An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to c ...) + TODO: check +CVE-2024-40456 (ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerabili ...) + TODO: check +CVE-2024-40455 (An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows atta ...) + TODO: check +CVE-2024-40425 (File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop ...) + TODO: check +CVE-2024-40394 (Simple Library Management System Project Using PHP/MySQL v1.0 was disc ...) + TODO: check +CVE-2024-40393 (Online Clinic Management System In PHP With Free Source code v1.0 was ...) + TODO: check +CVE-2024-40392 (SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/M ...) + TODO: check +CVE-2024-40322 (An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection ...) + TODO: check +CVE-2024-40130 (open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c.) + TODO: check +CVE-2024-40129 (Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context ...) + TODO: check +CVE-2024-3779 (Denial of service vulnerability present shortly after product installa ...) + TODO: check +CVE-2024-3587 (The Premium Portfolio Features for Phlox theme plugin for WordPress is ...) + TODO: check +CVE-2024-3232 (A formula injection vulnerability exists in Tenable Identity Exposure ...) + TODO: check +CVE-2024-39908 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some ...) + TODO: check +CVE-2024-39887 (An SQL Injection vulnerability in Apache Superset exists due to improp ...) + TODO: check +CVE-2024-39700 (JupyterLab extension template is a `copier` template for JupyterLab e ...) + TODO: check +CVE-2024-39036 (SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php.) + TODO: check +CVE-2024-35338 (Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password ...) + TODO: check +CVE-2024-33182 (Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buff ...) + TODO: check +CVE-2024-33181 (Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buff ...) + TODO: check +CVE-2024-33180 (Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buff ...) + TODO: check +CVE-2024-32861 (Under certain circumstances the Software House C\u25cfCURE 9000 Site S ...) + TODO: check +CVE-2024-2691 (The WP Event Manager \u2013 Events Calendar, Registrations, Sell Ticke ...) + TODO: check +CVE-2024-22442 (The vulnerability could be remotely exploited to bypass authentication ...) + TODO: check +CVE-2024-21686 (This High severity Stored XSS vulnerability was introduced in versions ...) + TODO: check +CVE-2024-1937
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 64a14189 by security tracker role at 2024-07-16T08:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,23 @@ +CVE-2024-6780 (Improper permission control in the mobile application (com.android.ser ...) + TODO: check +CVE-2024-6559 (The Backup, Restore and Migrate WordPress Sites With the XCloner Plugi ...) + TODO: check +CVE-2024-6557 (The SchedulePress \u2013 Auto Post & Publish, Auto Social Share, Sched ...) + TODO: check +CVE-2024-4780 (The Image Hover Effects \u2013 Elementor Addon plugin for WordPress is ...) + TODO: check +CVE-2024-4224 (An authenticated stored cross-site scripting (XSS) exists in the TP-Li ...) + TODO: check +CVE-2024-4143 (A potential security vulnerability has been identified in certain HP P ...) + TODO: check +CVE-2024-41008 (In the Linux kernel, the following vulnerability has been resolved: d ...) + TODO: check +CVE-2024-40632 (Linkerd is an open source, ultralight, security-first service mesh for ...) + TODO: check +CVE-2024-40524 (Directory Traversal vulnerability in xmind2testcase v.1.5 allows a rem ...) + TODO: check +CVE-2023-52290 (In streampark-console the list pages(e.g: application pages), users ca ...) + TODO: check CVE-2024-6746 (A vulnerability classified as problematic was found in NaiboWang EasyS ...) NOT-FOR-US: NaiboWang EasySpider CVE-2024-6745 (A vulnerability classified as critical has been found in code-projects ...) @@ -361,7 +381,7 @@ CVE-2024-39909 (KubeClarity is a tool for detection and management of Software B NOT-FOR-US: KubeClarity CVE-2024-39903 (Solara is a pure Python, React-style framework for scaling Jupyter and ...) NOT-FOR-US: Solara -CVE-2024-39340 (Securepoint UTM before 12.6.5 mishandles OTP codes.) +CVE-2024-39340 (A security vulnerability has been discovered in the handling of OTP ke ...) NOT-FOR-US: Securepoint CVE-2024-38736 (Unrestricted Upload of File with Dangerous Type vulnerability in Realt ...) NOT-FOR-US: WordPress plugin View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64a1418935c41a0b84210c2edc434eb8daca90ab -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64a1418935c41a0b84210c2edc434eb8daca90ab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f43b9903 by security tracker role at 2024-07-15T20:12:44+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,106 @@ -CVE-2024-41007 [tcp: avoid too many retransmit packets] +CVE-2024-6746 (A vulnerability classified as problematic was found in NaiboWang EasyS ...) + TODO: check +CVE-2024-6745 (A vulnerability classified as critical has been found in code-projects ...) + TODO: check +CVE-2024-6741 (Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag ...) + TODO: check +CVE-2024-6740 (Openfind's Mail2000 does not properly validate email atachments, allow ...) + TODO: check +CVE-2024-6721 + REJECTED +CVE-2024-6689 (Local Privilege Escalation in MSI-Installer in baramundi Management Ag ...) + TODO: check +CVE-2024-6398 (An information disclosure vulnerability in SWG in versions 12.x prior ...) + TODO: check +CVE-2024-5402 (Unquoted Search Path or Element vulnerability in ABB Mint Workbench. ...) + TODO: check +CVE-2024-40631 (Plate media is an open source, rich-text editor for React. Editors tha ...) + TODO: check +CVE-2024-40630 (OpenImageIO is a toolset for reading, writing, and manipulating image ...) + TODO: check +CVE-2024-40627 (Fastapi OPA is an opensource fastapi middleware which includes auth fl ...) + TODO: check +CVE-2024-40624 (TorrentPier is an open source BitTorrent Public/Private tracker engine ...) + TODO: check +CVE-2024-40560 (Tmall_demo before v2024.07.03 was discovered to contain a SQL injectio ...) + TODO: check +CVE-2024-40555 (Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upl ...) + TODO: check +CVE-2024-40554 (An access control issue in Tmall_demo v2024.07.03 allows attackers to ...) + TODO: check +CVE-2024-40553 (Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upl ...) + TODO: check +CVE-2024-40416 (A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C functi ...) + TODO: check +CVE-2024-40415 (A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function ...) + TODO: check +CVE-2024-40414 (A vulnerability in /goform/SetNetControlList in the sub_656BC function ...) + TODO: check +CVE-2024-39919 (@jmondi/url-to-png is an open source URL to PNG utility featuring para ...) + TODO: check +CVE-2024-39918 (@jmondi/url-to-png is an open source URL to PNG utility featuring para ...) + TODO: check +CVE-2024-39915 (Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Ic ...) + TODO: check +CVE-2024-39912 (web-auth/webauthn-lib is an open source set of PHP libraries and a Sym ...) + TODO: check +CVE-2024-39827 (Improper input validation in the installer for Zoom Workplace Desktop ...) + TODO: check +CVE-2024-39826 (Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for ...) + TODO: check +CVE-2024-39821 (Race condition in the installer for Zoom Workplace App for Windows and ...) + TODO: check +CVE-2024-39820 (Uncontrolled search path element in the installer for Zoom Workplace D ...) + TODO: check +CVE-2024-39819 (Improper privilege management in the installer for some Zoom Workplace ...) + TODO: check +CVE-2024-39767 (Mattermost Mobile Apps versions <=2.16.0 fail to validate that the pus ...) + TODO: check +CVE-2024-38496 (The vulnerability allows a malicious low-privileged PAM user to access ...) + TODO: check +CVE-2024-38495 (A specific authentication strategy allows a malicious attacker to lear ...) + TODO: check +CVE-2024-38494 (This vulnerability allows a high-privileged authenticated PAM user to ...) + TODO: check +CVE-2024-38493 (A reflected cross-site scripting (XSS) vulnerability exists in the PAM ...) + TODO: check +CVE-2024-38492 (This vulnerability allows an unauthenticated attacker to achieve remot ...) + TODO: check +CVE-2024-38491 (The vulnerability allows an unauthenticated attacker to read arbitrary ...) + TODO: check +CVE-2024-38360 (Discourse is an open source platform for community discussion. In affe ...) + TODO: check +CVE-2024-37386 (An issue was discovered in Stormshield Network Security (SNS) 4.0.0 th ...) + TODO: check +CVE-2024-37016 (Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypa ...) + TODO: check +CVE-2024-36458 (The vulnerability allows a malicious low-privileged PAM user to perfor ...) + TODO: check +CVE-2024-36457 (The vulnerability allows an attacker to bypass the authentication requ ...) + TODO: check +CVE-2024-36456 (This vulnerability allows an unauthenticated attacker to achieve remot ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ced1073 by security tracker role at 2024-07-15T08:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,73 @@ +CVE-2024-6744 (The SMTP Listener of Secure Email Gateway from Cellopoint does not pro ...) + TODO: check +CVE-2024-6743 (AguardNet's Space Management System does not properly validate user in ...) + TODO: check +CVE-2024-6742 (AguardNet Technology's Space Management System does not properly filte ...) + TODO: check +CVE-2024-6739 (The session cookie in MailGates and MailAudit from Openfind does not h ...) + TODO: check +CVE-2024-6738 (The tumbnail API of Tronclass from WisdomGarden lacks proper access co ...) + TODO: check +CVE-2024-6737 (The access control in the Electronic Official Document Management Syst ...) + TODO: check +CVE-2024-6736 (A vulnerability was found in SourceCodester Employee and Visitor Gate ...) + TODO: check +CVE-2024-6735 (A vulnerability was found in itsourcecode Tailoring Management System ...) + TODO: check +CVE-2024-6734 (A vulnerability was found in itsourcecode Tailoring Management System ...) + TODO: check +CVE-2024-6733 (A vulnerability was found in itsourcecode Tailoring Management System ...) + TODO: check +CVE-2024-6732 (A vulnerability classified as critical was found in SourceCodester Stu ...) + TODO: check +CVE-2024-6731 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-6540 (Improper filtering of fields when using the export function in the tic ...) + TODO: check +CVE-2024-6345 (A vulnerability in the package_index module of pypa/setuptools version ...) + TODO: check +CVE-2024-6289 (The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent r ...) + TODO: check +CVE-2024-6076 (The wp-cart-for-digital-products WordPress plugin before 8.5.5 does no ...) + TODO: check +CVE-2024-6075 (The wp-cart-for-digital-products WordPress plugin before 8.5.5 does no ...) + TODO: check +CVE-2024-6074 (The wp-cart-for-digital-products WordPress plugin before 8.5.5 does no ...) + TODO: check +CVE-2024-6073 (The wp-cart-for-digital-products WordPress plugin before 8.5.5 does no ...) + TODO: check +CVE-2024-6072 (The wp-cart-for-digital-products WordPress plugin before 8.5.5 does no ...) + TODO: check +CVE-2024-5630 (The Insert or Embed Articulate Content into WordPress plugin before 4. ...) + TODO: check +CVE-2024-39741 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allo ...) + TODO: check +CVE-2024-39740 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays v ...) + TODO: check +CVE-2024-39739 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnera ...) + TODO: check +CVE-2024-39737 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allo ...) + TODO: check +CVE-2024-39736 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnera ...) + TODO: check +CVE-2024-39735 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnera ...) + TODO: check +CVE-2024-39731 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weake ...) + TODO: check +CVE-2024-39729 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allo ...) + TODO: check +CVE-2024-39728 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnera ...) + TODO: check +CVE-2024-23794 (An incorrect privilege assignment vulnerability in the inline editing ...) + TODO: check +CVE-2024-21513 (Versions of the package langchain-experimental from 0.0.15 and before ...) + TODO: check +CVE-2023-49566 (In Apache Linkis <=1.5.0, due to the lack of effective filtering of pa ...) + TODO: check +CVE-2023-46801 (In Apache Linkis <= 1.5.0, data source management module, when adding ...) + TODO: check +CVE-2023-41916 (In Apache Linkis =1.4.0, due to the lack of effective filtering of par ...) + TODO: check CVE-2024-39734 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not s ...) NOT-FOR-US: IBM CVE-2024-39733 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores use ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ced1073f78367bdc157e424711298a83c17b7bf -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ced1073f78367bdc157e424711298a83c17b7bf You're receiving this email because of your account on salsa.debian.org. ___
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e6ec5151 by security tracker role at 2024-07-14T20:12:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2024-39734 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not s ...) + TODO: check +CVE-2024-39733 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores use ...) + TODO: check +CVE-2024-39732 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporaril ...) + TODO: check CVE-2024-6730 (A vulnerability was found in Nanjing Xingyuantu Technology SparkShop u ...) NOT-FOR-US: Nanjing Xingyuantu Technology SparkShop CVE-2024-6729 (A vulnerability was found in SourceCodester Kortex Lite Advocate Offic ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6ec51519c9bb85722d13aa5ab1cdd12dff4e401 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6ec51519c9bb85722d13aa5ab1cdd12dff4e401 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 08fd62f4 by security tracker role at 2024-07-14T08:11:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,10 @@ -CVE-2023-52885 [SUNRPC: Fix UAF in svc_tcp_listen_data_ready()] +CVE-2024-6730 (A vulnerability was found in Nanjing Xingyuantu Technology SparkShop u ...) + TODO: check +CVE-2024-6729 (A vulnerability was found in SourceCodester Kortex Lite Advocate Offic ...) + TODO: check +CVE-2024-6728 (A vulnerability was found in itsourcecode Tailoring Management System ...) + TODO: check +CVE-2023-52885 (In the Linux kernel, the following vulnerability has been resolved: S ...) - linux 6.4.4-1 [bookworm] - linux 6.1.52-1 [bullseye] - linux 5.10.191-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08fd62f4a8878c664267317ea0cf90773abed3c9 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08fd62f4a8878c664267317ea0cf90773abed3c9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e7ae4cec by security tracker role at 2024-07-13T20:12:01+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-6465 (The WP Links Page plugin for WordPress is vulnerable to unauthorized m ...) + TODO: check CVE-2024-6716 - tiff NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2297636 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ae4cece9ffe7507378d70f931f3a7565c270bc -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ae4cece9ffe7507378d70f931f3a7565c270bc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f41cc4b9 by security tracker role at 2024-07-13T08:12:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,101 @@ +CVE-2024-6574 (The Laposta plugin for WordPress is vulnerable to Full Path Disclosure ...) + TODO: check +CVE-2024-6070 (The If-So Dynamic Content Personalization WordPress plugin before 1.8. ...) + TODO: check +CVE-2024-5902 (The User Feedback \u2013 Create Interactive Feedback Form, User Survey ...) + TODO: check +CVE-2024-5744 (The wp-eMember WordPress plugin before 10.6.7 does not escape the $_SE ...) + TODO: check +CVE-2024-5715 (The wp-eMember WordPress plugin before 10.6.7 does not sanitise and es ...) + TODO: check +CVE-2024-5713 (The If-So Dynamic Content Personalization WordPress plugin before 1.8. ...) + TODO: check +CVE-2024-5644 (The Tournamatch WordPress plugin before 4.6.1 does not sanitise and es ...) + TODO: check +CVE-2024-5627 (The Tournamatch WordPress plugin before 4.6.1 does not sanitise and es ...) + TODO: check +CVE-2024-5575 (The Ditty WordPress plugin before 3.1.43 does not sanitise and escape ...) + TODO: check +CVE-2024-5472 (The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and ...) + TODO: check +CVE-2024-5450 (The Bug Library WordPress plugin before 2.1.1 does not check the file ...) + TODO: check +CVE-2024-5442 (The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.5 ...) + TODO: check +CVE-2024-5287 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not have ...) + TODO: check +CVE-2024-5286 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanit ...) + TODO: check +CVE-2024-5284 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not have ...) + TODO: check +CVE-2024-5283 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanit ...) + TODO: check +CVE-2024-5282 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanit ...) + TODO: check +CVE-2024-5281 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanit ...) + TODO: check +CVE-2024-5280 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not have ...) + TODO: check +CVE-2024-5167 (The CM Email Registration Blacklist and Whitelist WordPress plugin bef ...) + TODO: check +CVE-2024-5151 (The SULly WordPress plugin before 4.3.1 does not sanitise and escape s ...) + TODO: check +CVE-2024-5080 (The wp-eMember WordPress plugin before 10.6.6 does not validate files ...) + TODO: check +CVE-2024-5079 (The wp-eMember WordPress plugin before 10.6.7 does not sanitise and es ...) + TODO: check +CVE-2024-5077 (The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check ...) + TODO: check +CVE-2024-5076 (The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check ...) + TODO: check +CVE-2024-5075 (The wp-eMember WordPress plugin before 10.6.6 does not sanitise and es ...) + TODO: check +CVE-2024-5074 (The wp-eMember WordPress plugin before 10.6.6 does not sanitise and es ...) + TODO: check +CVE-2024-5034 (The SULly WordPress plugin before 4.3.1 does not have CSRF checks in s ...) + TODO: check +CVE-2024-5033 (The SULly WordPress plugin before 4.3.1 does not have CSRF check in so ...) + TODO: check +CVE-2024-5032 (The SULly WordPress plugin before 4.3.1 does not sanitise and escape a ...) + TODO: check +CVE-2024-5028 (The CM WordPress Search And Replace Plugin WordPress plugin before 1.3 ...) + TODO: check +CVE-2024-5002 (The User Submitted Posts WordPress plugin before 20240516 does not sa ...) + TODO: check +CVE-2024-4977 (The Index WP MySQL For Speed WordPress plugin before 1.4.18 does not s ...) + TODO: check +CVE-2024-4752 (The EventON WordPress plugin before 2.2.15 does not sanitise and escap ...) + TODO: check +CVE-2024-4602 (The Embed Peertube Playlist WordPress plugin before 1.10 does not sani ...) + TODO: check +CVE-2024-4272 (The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG f ...) + TODO: check +CVE-2024-4269 (The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG fil ...) + TODO: check +CVE-2024-4217 (The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not pro ...) + TODO: check +CVE-2024-3964 (The Product Enquiry for WooCommerce WordPress plugin before 3.1.8 does ...) + TODO: check +CVE-2024-3963 (The Giveaways and Contests by RafflePress WordPress plugin before 1.1 ...) + TODO: check +CVE-2024-3919 (The OpenPGP Form Encryption for WordPress plugin before 1.5.1 does not ...) + TODO: check +CVE-2024-3753
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
39dbeee4 by security tracker role at 2024-07-12T20:12:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,454 +1,570 @@
-CVE-2024-41006 [netrom: Fix a memory leak in nr_heartbeat_expiry()]
+CVE-2024-6495 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-6353 (The Wallet for WooCommerce plugin for WordPress is vulnerable
to SQL I ...)
+ TODO: check
+CVE-2024-6328 (The MStore API \u2013 Create Native Android & iOS Apps On The
Cloud pl ...)
+ TODO: check
+CVE-2024-5325 (The Form Vibes plugin for WordPress is vulnerable to SQL
Injection via ...)
+ TODO: check
+CVE-2024-40690 (IBM InfoSphere Server 11.7 is vulnerable to cross-site
scripting. This ...)
+ TODO: check
+CVE-2024-40552 (PublicCMS v4.0.202302.e was discovered to contain a remote
commande ex ...)
+ TODO: check
+CVE-2024-40551 (An arbitrary file upload vulnerability in the component
/admin/cmsTemp ...)
+ TODO: check
+CVE-2024-40550 (An arbitrary file upload vulnerability in the component
/admin/cmsTemp ...)
+ TODO: check
+CVE-2024-40549 (An arbitrary file upload vulnerability in the component
/admin/cmsTemp ...)
+ TODO: check
+CVE-2024-40548 (An arbitrary file upload vulnerability in the component
/admin/cmsTemp ...)
+ TODO: check
+CVE-2024-40547 (PublicCMS v4.0.202302.e was discovered to contain an arbitrary
file co ...)
+ TODO: check
+CVE-2024-40546 (An arbitrary file upload vulnerability in the component
/admin/cmsWebF ...)
+ TODO: check
+CVE-2024-40545 (An arbitrary file upload vulnerability in the component
/admin/cmsWebF ...)
+ TODO: check
+CVE-2024-40544 (PublicCMS v4.0.202302.e was discovered to contain a
Server-Side Reques ...)
+ TODO: check
+CVE-2024-40543 (PublicCMS v4.0.202302.e was discovered to contain a
Server-Side Reques ...)
+ TODO: check
+CVE-2024-40542 (my-springsecurity-plus before v2024.07.03 was discovered to
contain a ...)
+ TODO: check
+CVE-2024-40541 (my-springsecurity-plus before v2024.07.03 was discovered to
contain a ...)
+ TODO: check
+CVE-2024-40540 (my-springsecurity-plus before v2024.07.03 was discovered to
contain a ...)
+ TODO: check
+CVE-2024-40539 (my-springsecurity-plus before v2024.07.03 was discovered to
contain a ...)
+ TODO: check
+CVE-2024-40522 (There is a remote code execution vulnerability in SeaCMS 12.9.
The vul ...)
+ TODO: check
+CVE-2024-40521 (SeaCMS 12.9 has a remote code execution vulnerability. The
vulnerabili ...)
+ TODO: check
+CVE-2024-40520 (SeaCMS 12.9 has a remote code execution vulnerability. The
vulnerabili ...)
+ TODO: check
+CVE-2024-40519 (SeaCMS 12.9 has a remote code execution vulnerability. The
vulnerabili ...)
+ TODO: check
+CVE-2024-40518 (SeaCMS 12.9 has a remote code execution vulnerability. The
vulnerabili ...)
+ TODO: check
+CVE-2024-40110 (Sourcecodester Poultry Farm Management System v1.0 contains an
Unauthe ...)
+ TODO: check
+CVE-2024-39917 (xrdp is an open source RDP server. xrdp versions prior to
0.10.0 have ...)
+ TODO: check
+CVE-2024-39916 (FOG is a free open-source cloning/imaging/rescue
suite/inventory manag ...)
+ TODO: check
+CVE-2024-39914 (FOG is a cloning/imaging/rescue suite/inventory management
system. Pri ...)
+ TODO: check
+CVE-2024-39909 (KubeClarity is a tool for detection and management of Software
Bill Of ...)
+ TODO: check
+CVE-2024-39903 (Solara is a pure Python, React-style framework for scaling
Jupyter and ...)
+ TODO: check
+CVE-2024-39340 (Securepoint UTM before 12.6.5 mishandles OTP codes.)
+ TODO: check
+CVE-2024-38736 (Unrestricted Upload of File with Dangerous Type vulnerability
in Realt ...)
+ TODO: check
+CVE-2024-38735 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-38734 (Unrestricted Upload of File with Dangerous Type vulnerability
in Sprea ...)
+ TODO: check
+CVE-2024-38717 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-38716 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-38715 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-38709 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-38706 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-38704 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-38700 (Improper Neutralization of
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 56860f1f by security tracker role at 2024-07-12T08:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,43 @@ +CVE-2024-6677 (Privilege escalation in uberAgent) + TODO: check +CVE-2024-6625 (The WP Total Branding \u2013 Complete branding solution for WordPress ...) + TODO: check +CVE-2024-6588 (The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vu ...) + TODO: check +CVE-2024-6555 (The WP Popups \u2013 WordPress Popup builder plugin for WordPress is v ...) + TODO: check +CVE-2024-6468 (Vault and Vault Enterprise did not properly handle requests originatin ...) + TODO: check +CVE-2024-6396 (A vulnerability in the `_backup_run` function in aimhubio/aim version ...) + TODO: check +CVE-2024-6392 (The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress ...) + TODO: check +CVE-2024-6024 (The ContentLock WordPress plugin through 1.0.3 does not have CSRF chec ...) + TODO: check +CVE-2024-6023 (The ContentLock WordPress plugin through 1.0.3 does not have CSRF chec ...) + TODO: check +CVE-2024-6022 (The ContentLock WordPress plugin through 1.0.3 does not have CSRF chec ...) + TODO: check +CVE-2024-5811 (The Simple Video Directory WordPress plugin before 1.4.4 does not sani ...) + TODO: check +CVE-2024-5626 (The Inline Related Posts WordPress plugin before 3.7.0 does not saniti ...) + TODO: check +CVE-2024-4753 (The WP Secure Maintenance WordPress plugin before 1.7 does not sanitis ...) + TODO: check +CVE-2024-3112 (The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does n ...) + TODO: check +CVE-2024-36435 (An issue was discovered on Supermicro BMC firmware in select X11, X12, ...) + TODO: check +CVE-2024-2696 (The socialdriver-framework WordPress plugin before 2024.04.30 does not ...) + TODO: check +CVE-2024-2640 (The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and es ...) + TODO: check +CVE-2024-2430 (The Website Content in Page or Post WordPress plugin before 2024.04.09 ...) + TODO: check +CVE-2024-1375 (The Event post plugin for WordPress is vulnerable to unauthorized bulk ...) + TODO: check +CVE-2024-0974 (The Social Media Widget WordPress plugin before 4.0.9 does not sanitis ...) + TODO: check CVE-2024-6681 (A vulnerability, which was classified as critical, has been found in w ...) TODO: check CVE-2024-6680 (A vulnerability classified as critical was found in witmy my-springsec ...) @@ -345,7 +385,7 @@ CVE-2023-33859 (IBM Security QRadar EDR 3.12 could disclose sensitive informatio NOT-FOR-US: IBM CVE-2024-6550 (The Gravity Forms: Multiple Form Instances plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin -CVE-2024-6433 (Relative Path Traversal in GitHub repository stitionai/devika prior to ...) +CVE-2024-6433 (The application zips all the files in the folder specified by the user ...) NOT-FOR-US: stitionai/devika CVE-2024-6422 (An unauthenticated remote attacker can manipulate the device via Telne ...) NOT-FOR-US: Pepperl+Fuchs SE @@ -1358,7 +1398,7 @@ CVE-2024-5793 (The Houzez Theme - Functionality plugin for WordPress is vulnerab CVE-2024-5569 (A Denial of Service (DoS) vulnerability exists in the jaraco/zipp libr ...) - python-zipp 3.19.2-1 NOTE: https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd (v3.19.1) -CVE-2024-5549 (Origin Validation Error in GitHub repository stitionai/devika prior to ...) +CVE-2024-5549 (A CORS misconfiguration in the stitionai/devika repository allows atta ...) NOT-FOR-US: stitionai/devika CVE-2024-5488 (The SEOPress WordPress plugin before 7.9 does not properly protect so ...) NOT-FOR-US: WordPress plugin @@ -1571,7 +1611,7 @@ CVE-2023-34435 (A firmware update vulnerability exists in the boa formUpload fun NOT-FOR-US: Realtek rtl819x Jungle SDK CVE-2024-6539 (A vulnerability classified as problematic has been found in heyewei Sp ...) NOT-FOR-US: heyewei SpringBootCMS -CVE-2024-5711 (Cross-site Scripting (XSS) - Stored in GitHub repository stitionai/dev ...) +CVE-2024-5711 (A stored Cross-Site Scripting (XSS) vulnerability exists in the stitio ...) NOT-FOR-US: stitionai/devika CVE-2024-39723 (IBM FlashSystem 5300 USB ports may be usable even if the port has been ...) NOT-FOR-US: IBM @@ -1933,9 +1973,9 @@ CVE-2024-6126 (A flaw was found in the cockpit package. This flaw allows an auth NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2290859 CVE-2024-6052 (Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and ...) - check-mk -CVE-2024-5887
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
be06487e by security tracker role at 2024-07-11T20:12:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,107 @@
+CVE-2024-6681 (A vulnerability, which was classified as critical, has been
found in w ...)
+ TODO: check
+CVE-2024-6680 (A vulnerability classified as critical was found in witmy
my-springsec ...)
+ TODO: check
+CVE-2024-6679 (A vulnerability classified as critical has been found in witmy
my-spri ...)
+ TODO: check
+CVE-2024-6643
+ REJECTED
+CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes
users to ...)
+ TODO: check
+CVE-2024-6528 (CWE-79: Improper Neutralization of Input During Web Page
Generation (' ...)
+ TODO: check
+CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that
could e ...)
+ TODO: check
+CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes
users to ...)
+ TODO: check
+CVE-2024-6407 (CWE-200: Information Exposure vulnerability exists that could
cause di ...)
+ TODO: check
+CVE-2024-6035 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
gaizhenbia ...)
+ TODO: check
+CVE-2024-5681 (CWE-20: Improper Input Validation vulnerability exists that
could caus ...)
+ TODO: check
+CVE-2024-5680 (CWE-129: Improper Validation of Array Index vulnerability
exists that ...)
+ TODO: check
+CVE-2024-5679 (CWE-787: Out-of-Bounds Write vulnerability exists that could
cause loc ...)
+ TODO: check
+CVE-2024-39905 (Red is a fully modular Discord bot. Due to a bug in Red's Core
API, 3r ...)
+ TODO: check
+CVE-2024-39904 (VNote is a note-taking platform. Prior to 3.18.1, a code
execution vul ...)
+ TODO: check
+CVE-2024-39553 (An Exposure of Resource to Wrong Sphere vulnerability in the
sampling ...)
+ TODO: check
+CVE-2024-39552 (An Improper Handling of Exceptional Conditions vulnerability
in the ro ...)
+ TODO: check
+CVE-2024-39551 (An Uncontrolled Resource Consumption vulnerability in the
H.323 ALG (A ...)
+ TODO: check
+CVE-2024-39550 (A Missing Release of Memory after Effective Lifetime
vulnerability in ...)
+ TODO: check
+CVE-2024-39549 (A Missing Release of Memory after Effective Lifetime
vulnerability in ...)
+ TODO: check
+CVE-2024-39548 (An Uncontrolled Resource Consumption vulnerability in the
aftmand proc ...)
+ TODO: check
+CVE-2024-39546 (A Missing Authorization vulnerability in the Socket Intercept
(SI) com ...)
+ TODO: check
+CVE-2024-39545 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2024-39543 (A Buffer Copy without Checking Size of Inputvulnerability in
the routi ...)
+ TODO: check
+CVE-2024-39542 (An Improper Validation of Syntactic Correctness of Input
vulnerability ...)
+ TODO: check
+CVE-2024-39541 (An Improper Handling of Exceptional Conditions vulnerability
in the Ro ...)
+ TODO: check
+CVE-2024-39540 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2024-39539 (A Missing Release of Memory after Effective Lifetime
vulnerability in ...)
+ TODO: check
+CVE-2024-39538 (A Buffer Copy without Checking Size of Input vulnerability in
the PFE ...)
+ TODO: check
+CVE-2024-39537 (An Improper Restriction of Communication Channel to Intended
Endpoints ...)
+ TODO: check
+CVE-2024-39536 (A Missing Release of Memory after Effective Lifetime
vulnerability in ...)
+ TODO: check
+CVE-2024-39535 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2024-39533 (An Unimplemented or Unsupported Feature in the UI
vulnerability in Jun ...)
+ TODO: check
+CVE-2024-39532 (AnInsertion of Sensitive Information into Log File
vulnerability in Ju ...)
+ TODO: check
+CVE-2024-39531 (An Improper Handling of Values vulnerability in the Packet
Forwarding ...)
+ TODO: check
+CVE-2024-39530 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2024-39529 (A Use of Externally-Controlled Format String vulnerability in
the Pack ...)
+ TODO: check
+CVE-2024-39528 (A Use After Free vulnerability in the Routing Protocol Daemon
(rpd) of ...)
+ TODO: check
+CVE-2024-39524 (An Improper Neutralization of Special Elements vulnerability
in Junipe ...)
+ TODO: check
+CVE-2024-39523 (An Improper Neutralization of Special Elements vulnerability
in Junipe ...)
+ TODO: check
+CVE-2024-39522 (An Improper Neutralization of Special Elements vulnerability
in Junipe ...)
+ TODO: check
+CVE-2024-39521 (An Improper Neutralization of Special Elements
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b43ad738 by security tracker role at 2024-07-11T08:11:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,14 +1,122 @@
+CVE-2024-6676 (A vulnerability has been found in witmy my-springsecurity-plus
up to 2 ...)
+ TODO: check
+CVE-2024- (The WP ERP plugin for WordPress is vulnerable to SQL Injection
via the ...)
+ TODO: check
+CVE-2024-6664
+ REJECTED
+CVE-2024-6663
+ REJECTED
+CVE-2024-6653 (A vulnerability was found in code-projects Simple Task List
1.0. It ha ...)
+ TODO: check
+CVE-2024-6652 (A vulnerability was found in itsourcecode Gym Management System
1.0. I ...)
+ TODO: check
+CVE-2024-6650 (A vulnerability was found in SourceCodester Employee and
Visitor Gate ...)
+ TODO: check
+CVE-2024-6624 (The JSON API User plugin for WordPress is vulnerable to
privilege esca ...)
+ TODO: check
+CVE-2024-6554 (The Branda \u2013 White Label WordPress, Custom Login Page
Customizer ...)
+ TODO: check
+CVE-2024-6447 (The FULL \u2013 Cliente plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2024-6397 (The InstaWP Connect \u2013 1-click WP Staging & Migration
plugin for W ...)
+ TODO: check
+CVE-2024-6286 (Local Privilege escalation allows a low-privileged user to gain
SYSTEM ...)
+ TODO: check
+CVE-2024-6256 (The Feeds for YouTube (YouTube video, channel, and gallery
plugin) plu ...)
+ TODO: check
+CVE-2024-6236 (Denial of Service inNetScaler Console (formerly NetScaler
ADM), NetS ...)
+ TODO: check
+CVE-2024-6210 (The Duplicator plugin for WordPress is vulnerable to
information expos ...)
+ TODO: check
+CVE-2024-6151 (Local Privilege escalation allows a low-privileged user to gain
SYSTEM ...)
+ TODO: check
+CVE-2024-6150 (A non-admin user can cause short-term disruption in Target VM
availabi ...)
+ TODO: check
+CVE-2024-6149 (Redirection of users to a vulnerable URL inCitrix Workspace app
for HT ...)
+ TODO: check
+CVE-2024-6148 (Bypass of GACS Policy Configuration settings in Citrix
Workspace app f ...)
+ TODO: check
+CVE-2024-6138 (The Secure Copy Content Protection and Content Locking
WordPress plugi ...)
+ TODO: check
+CVE-2024-6037 (A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410
allows ...)
+ TODO: check
+CVE-2024-6036 (A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410
allows ...)
+ TODO: check
+CVE-2024-6026 (The Slider by 10Web WordPress plugin before 1.2.56 does not
sanitise ...)
+ TODO: check
+CVE-2024-6025 (The Quiz and Survey Master (QSM) WordPress plugin before 9.0.5
does n ...)
+ TODO: check
+CVE-2024-5444 (The Bible Text WordPress plugin through 0.2 does not validate
and esca ...)
+ TODO: check
+CVE-2024-4655 (The Ultimate Blocks WordPress plugin before 3.1.9 does not
validate a ...)
+ TODO: check
+CVE-2024-40618 (Whale browser before 3.26.244.21 allows an attacker to execute
malicio ...)
+ TODO: check
+CVE-2024-39565 (An Improper Neutralization of Data within XPath Expressions
('XPath In ...)
+ TODO: check
+CVE-2024-39562 (A Missing Release of Resource after Effective Lifetime
vulnerability t ...)
+ TODO: check
+CVE-2024-39561 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2024-39560 (An Improper Handling of Exceptional Conditions vulnerability
in the ro ...)
+ TODO: check
+CVE-2024-39559 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2024-39558 (An Unchecked Return Value vulnerability in the Routing
Protocol Daemon ...)
+ TODO: check
+CVE-2024-39557 (An Uncontrolled Resource Consumption vulnerability in the
Layer 2 Ad ...)
+ TODO: check
+CVE-2024-39556 (A Stack-Based Buffer Overflow vulnerability in Juniper
Networks Junos ...)
+ TODO: check
+CVE-2024-39555 (An Improper Handling of Exceptional Conditions vulnerability
in the Ro ...)
+ TODO: check
+CVE-2024-39554 (A Concurrent Execution using Shared Resource with Improper
Synchroniza ...)
+ TODO: check
+CVE-2024-39518 (A Heap-based Buffer Overflow vulnerability in the telemetry
sensor pro ...)
+ TODO: check
+CVE-2024-39517 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2024-39514 (An Improper Check or Handling of Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2024-39513 (An Improper Input Validation vulnerability in the Packet
Forwarding En ...)
+ TODO: check
+CVE-2024-39512 (An Improper Physical Access Control vulnerability in the
console port ...)
+ TODO: check
+CVE-2024-39511 (An Improper Input Validation
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 35c4e614 by security tracker role at 2024-07-10T20:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,113 @@ +CVE-2024-6649 (A vulnerability has been found in SourceCodester Employee and Visitor ...) + TODO: check +CVE-2024-6647 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) + TODO: check +CVE-2024-6646 (A vulnerability was found in Netgear WN604 up to 20240710. It has been ...) + TODO: check +CVE-2024-6645 (A vulnerability was found in WuKongOpenSource Wukong_nocode up to 2023 ...) + TODO: check +CVE-2024-6644 (A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been c ...) + TODO: check +CVE-2024-6642 + REJECTED +CVE-2024-6630 + REJECTED +CVE-2024-6556 (The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plug ...) + TODO: check +CVE-2024-6235 (Sensitive information disclosureinNetScaler Console) + TODO: check +CVE-2024-5913 (An improper input validation vulnerability in Palo Alto Networks PAN-O ...) + TODO: check +CVE-2024-5912 (An improper file signature check in Palo Alto Networks Cortex XDR agen ...) + TODO: check +CVE-2024-5911 (An arbitrary file upload vulnerability in Palo Alto Networks Panorama ...) + TODO: check +CVE-2024-5910 (Missing authentication for a critical function in Palo Alto Networks E ...) + TODO: check +CVE-2024-5492 (Open redirect vulnerability allows a remote unauthenticated attacker t ...) + TODO: check +CVE-2024-5491 (Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler) + TODO: check +CVE-2024-5217 (ServiceNow has addressed an input validation vulnerability that was id ...) + TODO: check +CVE-2024-5178 (ServiceNow has addressed a sensitive file read vulnerability that was ...) + TODO: check +CVE-2024-4879 (ServiceNow has addressed an input validation vulnerability that was id ...) + TODO: check +CVE-2024-40417 (A vulnerability was found in Tenda AX1806 1.0.0.1. Affected by this is ...) + TODO: check +CVE-2024-40412 (Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceLi ...) + TODO: check +CVE-2024-40336 (idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'I ...) + TODO: check +CVE-2024-40334 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-40333 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-40332 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-40331 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-40329 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-40328 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-3799 (Insecure handling of POST header parameter bodyincluded in requests be ...) + TODO: check +CVE-2024-3798 (Insecure handling of GET header parameter fileincluded in requests bei ...) + TODO: check +CVE-2024-3325 (Vulnerability in Jaspersoft JasperReport Servers.This issue affects Ja ...) + TODO: check +CVE-2024-39693 (Next.js is a React framework. A Denial of Service (DoS) condition was ...) + TODO: check +CVE-2024-38354 (CodiMD allows realtime collaborative markdown notes on all platforms. ...) + TODO: check +CVE-2024-38353 (CodiMD allows realtime collaborative markdown notes on all platforms. ...) + TODO: check +CVE-2024-37770 (14Finger v1.1 was discovered to contain a remote command execution (RC ...) + TODO: check +CVE-2024-37504 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-37498 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-37310 (EVerest is an EV charging software stack. An integer overflow in the " ...) + TODO: check +CVE-2024-37270 (Insertion of Sensitive Information into Log File vulnerability in Trus ...) + TODO: check +CVE-2024-37205 (Insertion of Sensitive Information into Log File vulnerability in SERV ...) + TODO: check +CVE-2024-37149 (GLPI is an open-source asset and IT management software package that p ...) + TODO: check +CVE-2024-37148 (GLPI is an open-source asset and IT management software package that p ...) + TODO: check +CVE-2024-37147 (GLPI is an open-source asset and IT management software package that p ...) + TODO: check +CVE-2024-37115 (Exposure of Sensitive Information to an Unauthorized
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6bbc9a94 by security tracker role at 2024-07-10T08:11:43+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,26 +1,210 @@ -CVE-2024-39493 [crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak] +CVE-2024-6550 (The Gravity Forms: Multiple Form Instances plugin for WordPress is vul ...) + TODO: check +CVE-2024-6433 (Relative Path Traversal in GitHub repository stitionai/devika prior to ...) + TODO: check +CVE-2024-6422 (An unauthenticated remote attacker can manipulate the device via Telne ...) + TODO: check +CVE-2024-6421 (An unauthenticated remote attacker can read out sensitive device infor ...) + TODO: check +CVE-2024-6411 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...) + TODO: check +CVE-2024-6410 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...) + TODO: check +CVE-2024-5792 (The Houzez CRM plugin for WordPress is vulnerable to time-based SQL In ...) + TODO: check +CVE-2024-5677 (The Featured Image Generator plugin for WordPress is vulnerable to una ...) + TODO: check +CVE-2024-5664 (The MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by So ...) + TODO: check +CVE-2024-4866 (The UltraAddons \u2013 Elementor Addons (Header Footer Builder, Custom ...) + TODO: check +CVE-2024-39927 (Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. I ...) + TODO: check +CVE-2024-39901 (OpenSearch Observability is collection of plugins and applications tha ...) + TODO: check +CVE-2024-39900 (OpenSearch Dashboards Reports allows \u2018Report Owner\u2019 export a ...) + TODO: check +CVE-2024-39886 (TONE store App version 3.4.2 and earlier contains an issue with unprot ...) + TODO: check +CVE-2024-39883 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of ...) + TODO: check +CVE-2024-39882 (Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied ...) + TODO: check +CVE-2024-39881 (Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied ...) + TODO: check +CVE-2024-39880 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of ...) + TODO: check +CVE-2024-39614 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...) + TODO: check +CVE-2024-39330 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...) + TODO: check +CVE-2024-39329 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...) + TODO: check +CVE-2024-39181 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered ...) + TODO: check +CVE-2024-39072 (AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 is vulnera ...) + TODO: check +CVE-2024-39071 (Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_eve ...) + TODO: check +CVE-2024-39069 (An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows ...) + TODO: check +CVE-2024-39031 (In Silverpeas Core <= 6.3.5, inside of mes agendas a user can create a ...) + TODO: check +CVE-2024-38963 (Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS) via the ...) + TODO: check +CVE-2024-38959 (Cross Site Scripting vulnerability in Creativeitem Academy LMS Learnin ...) + TODO: check +CVE-2024-38875 (An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0 ...) + TODO: check +CVE-2024-38301 (Dell Alienware Command Center, version 5.7.3.0 and prior, contains an ...) + TODO: check +CVE-2024-37865 (An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allo ...) + TODO: check +CVE-2024-37829 (An issue in Outline <= v0.76.1 allows attackers to execute a session h ...) + TODO: check +CVE-2024-36676 (Incorrect access control in BookStack before v24.05.1 allows attackers ...) + TODO: check +CVE-2024-36453 (Cross-site scripting vulnerability exists in session_login.cgi of Webm ...) + TODO: check +CVE-2024-36452 (Cross-site request forgery vulnerability exists in ajaxterm module of ...) + TODO: check +CVE-2024-36451 (Improper handling of insufficient permissions or privileges vulnerabil ...) + TODO: check +CVE-2024-36450 (Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin ver ...) + TODO: check +CVE-2024-35154 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote auth ...) + TODO: check +CVE-2024-34726 (In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code e ...) + TODO: check +CVE-2024-34725 (In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arb ...) + TODO: check +CVE-2024-34724 (In
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f10fbba9 by security tracker role at 2024-07-09T20:12:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,64 +1,734 @@ -CVE-2024-6615 +CVE-2024-6598 (A denial-of-service attack is possible through the execution functiona ...) + TODO: check +CVE-2024-6527 (SQL Injection vulnerability in parameter "w" in file "druk.php" in Meg ...) + TODO: check +CVE-2024-6391 (The oik plugin for WordPress is vulnerable to Stored Cross-Site Script ...) + TODO: check +CVE-2024-6237 (A flaw was found in the 389 Directory Server. This flaw allows an unau ...) + TODO: check +CVE-2024-6222 (In Docker Desktop before v4.29.0, an attacker who has gained access to ...) + TODO: check +CVE-2024-6168 (The Just Custom Fields plugin for WordPress is vulnerable to Cross-Sit ...) + TODO: check +CVE-2024-6167 (The Just Custom Fields plugin for WordPress is vulnerable to unauthori ...) + TODO: check +CVE-2024-6069 (The Registration Forms \u2013 User Registration Forms, Invitation-Base ...) + TODO: check +CVE-2024-5993 (The Cliengo \u2013 Chatbot plugin for WordPress is vulnerable to unaut ...) + TODO: check +CVE-2024-5992 (The Cliengo \u2013 Chatbot plugin for WordPress is vulnerable to unaut ...) + TODO: check +CVE-2024-5946 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vul ...) + TODO: check +CVE-2024-5937 (The Simple Alert Boxes plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-5856 (The Comment Images Reloaded plugin for WordPress is vulnerable to unau ...) + TODO: check +CVE-2024-5810 (The WP2Speed Faster \u2013 Optimize PageSpeed Insights Score 90-100 pl ...) + TODO: check +CVE-2024-5704 (The XPlainer \u2013 WooCommerce Product FAQ [WooCommerce Accordion FAQ ...) + TODO: check +CVE-2024-5669 (The XPlainer \u2013 WooCommerce Product FAQ [WooCommerce Accordion FAQ ...) + TODO: check +CVE-2024-5652 (In Docker Desktop on Windows before v4.31.0allows a user in the docker ...) + TODO: check +CVE-2024-5648 (The LearnDash LMS \u2013 Reports plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5634 (Longse modelLBH30FE200W cameras, as well as products based on this dev ...) + TODO: check +CVE-2024-5633 (Longse modelLBH30FE200W cameras, as well as products based on this dev ...) + TODO: check +CVE-2024-5632 (Longse NVR (Network Video Recorder) modelNVR3608PGE2W, as well as prod ...) + TODO: check +CVE-2024-5631 (Longse NVR (Network Video Recorder) modelNVR3608PGE2W, as well as prod ...) + TODO: check +CVE-2024-5600 (The SCSS Happy Compiler \u2013 Compile SCSS to CSS & Automatic Enqueue ...) + TODO: check +CVE-2024-5479 (The Easy Pixels plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-5457 (The Panda Video plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-5456 (The Panda Video plugin for WordPress is vulnerable to Local File Inclu ...) + TODO: check +CVE-2024-4868 (The Extensions for Elementor plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-4862 (The WPBITS Addons For Elementor Page Builder plugin for WordPress is v ...) + TODO: check +CVE-2024-4102 (The Pricing Table plugin for WordPress is vulnerable to unauthorized a ...) + TODO: check +CVE-2024-4100 (The Pricing Table plugin for WordPress is vulnerable to Cross-Site Req ...) + TODO: check +CVE-2024-40750 (Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 dev ...) + TODO: check +CVE-2024-40742 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40741 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40740 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40739 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40738 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40737 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40736 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40735 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40734 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40733 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 252eefd7 by security tracker role at 2024-07-09T08:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,121 @@ +CVE-2024-6365 (The Product Table by WBW plugin for WordPress is vulnerable to Remote ...) + TODO: check +CVE-2024-6334 (The Easy Table of Contents WordPress plugin before 2.0.67.1 does not s ...) + TODO: check +CVE-2024-6321 (The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site R ...) + TODO: check +CVE-2024-6320 (The ScrollTo Top plugin for WordPress is vulnerable to Cross-Site Requ ...) + TODO: check +CVE-2024-6317 (The Generate PDF using Contact Form 7 plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-6316 (The Generate PDF using Contact Form 7 plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-6314 (The IQ Testimonials plugin for WordPress is vulnerable to arbitrary fi ...) + TODO: check +CVE-2024-6313 (The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary fi ...) + TODO: check +CVE-2024-6310 (The Advanced AJAX Page Loader plugin for WordPress is vulnerable to Cr ...) + TODO: check +CVE-2024-6309 (The Attachment File Icons (AF Icons) plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-6180 (The EventON plugin for WordPress is vulnerable to unauthorized modific ...) + TODO: check +CVE-2024-6171 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-6170 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-6169 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-6166 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-6161 (The Default Thumbnail Plus plugin for WordPress is vulnerable to arbit ...) + TODO: check +CVE-2024-6123 (The Bit Form plugin for WordPress is vulnerable to arbitrary file uplo ...) + TODO: check +CVE-2024-5974 (A buffer overflow in WatchGuard Fireware OS could may allow an authent ...) + TODO: check +CVE-2024-5971 (A vulnerability was found in Undertow, where the chunked response hang ...) + TODO: check +CVE-2024-5881 (The Webico Slider Flatsome Addons plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-5855 (The Media Hygiene: Remove or Delete Unused Images and More! plugin for ...) + TODO: check +CVE-2024-5802 (The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sa ...) + TODO: check +CVE-2024-5793 (The Houzez Theme - Functionality plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5569 (A Denial of Service (DoS) vulnerability exists in the jaraco/zipp libr ...) + TODO: check +CVE-2024-5549 (Origin Validation Error in GitHub repository stitionai/devika prior to ...) + TODO: check +CVE-2024-5488 (The SEOPress WordPress plugin before 7.9 does not properly protect so ...) + TODO: check +CVE-2024-5441 (The Modern Events Calendar plugin for WordPress is vulnerable to arbit ...) + TODO: check +CVE-2024-4944 (A local privilege escalation vlnerability in the WatchGuard Mobile VPN ...) + TODO: check +CVE-2024-4667 (The Blog, Posts and Category Filter for Elementor plugin for WordPress ...) + TODO: check +CVE-2024-3653 (A vulnerability was found in Undertow. This issue requires enabling th ...) + TODO: check +CVE-2024-3410 (The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise ...) + TODO: check +CVE-2024-39600 (Under certain conditions, the memory of SAP GUI for Windows contains t ...) + TODO: check +CVE-2024-39599 (Due to a Protection Mechanism Failure in SAP NetWeaver Application Ser ...) + TODO: check +CVE-2024-39598 (SAP CRM (WebClient UI Framework) allows an authenticated attacker to e ...) + TODO: check +CVE-2024-39597 (In SAP Commerce, a user can misuse the forgotten password functionalit ...) + TODO: check +CVE-2024-39596 (Due to missing authorization checks, SAP Enable Now allows an author t ...) + TODO: check +CVE-2024-39595 (SAP Business Warehouse - Business Planning and Simulation application ...) + TODO: check +CVE-2024-39594 (SAP Business Warehouse - Business Planning and Simulation application ...) + TODO: check +CVE-2024-39593 (SAP Landscape Management allows an authenticated user to read confiden ...) + TODO: check +CVE-2024-39592 (Elements of PDCE does not perform necessary authorization checks for a ...) + TODO: check +CVE-2024-38372 (Undici is an HTTP/1.1 client, written from scratch for Node.js. Depend ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
abb6491b by security tracker role at 2024-07-08T20:12:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,101 @@
+CVE-2024-6580 (The /n software IPWorks SSH library SFTPServer component can be
induce ...)
+ TODO: check
+CVE-2024-6564 (Buffer overflow in "rcar_dev_init" due to using due to using
untruste ...)
+ TODO: check
+CVE-2024-6563 (Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') ...)
+ TODO: check
+CVE-2024-6227 (A vulnerability in aimhubio/aim version 3.19.3 allows an
attacker to c ...)
+ TODO: check
+CVE-2024-6163 (Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 <
2.2.0p31, < ...)
+ TODO: check
+CVE-2024-4882 (The user may be redirected to an arbitrary site in Sitefinity
15.1.832 ...)
+ TODO: check
+CVE-2024-4341 (Improper Privilege Management vulnerability in Ekstrem Bir
Bilgisayar ...)
+ TODO: check
+CVE-2024-39896 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2024-39895 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2024-39743 (IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a
user to ...)
+ TODO: check
+CVE-2024-39742 (IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a
user to ...)
+ TODO: check
+CVE-2024-39701 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2024-39699 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2024-39695 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
+ TODO: check
+CVE-2024-39677 (NHibernate is an object-relational mapper for the .NET
framework. A SQ ...)
+ TODO: check
+CVE-2024-39312 (Botan is a C++ cryptography library. X.509 certificates can
identify e ...)
+ TODO: check
+CVE-2024-39308 (RailsAdmin is a Rails engine that provides an interface for
managing d ...)
+ TODO: check
+CVE-2024-39203 (A cross-site scripting (XSS) vulnerability in the Backend
Theme Manage ...)
+ TODO: check
+CVE-2024-39202 (D-Link DIR-823X firmware - 240126 was discovered to contain a
remote c ...)
+ TODO: check
+CVE-2024-37999 (A vulnerability has been identified in Medicalis Workflow
Orchestrator ...)
+ TODO: check
+CVE-2024-34702 (Botan is a C++ cryptography library. X.509 certificates can
identify e ...)
+ TODO: check
+CVE-2024-31504 (Buffer Overflow vulnerability in SILA Embedded Solutions GmbH
freemodb ...)
+ TODO: check
+CVE-2024-27903 (OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier
could be lo ...)
+ TODO: check
+CVE-2024-27459 (The interactive service in OpenVPN 2.6.9 and earlier allows an
attacke ...)
+ TODO: check
+CVE-2024-25639 (Khoj is an application that creates personal AI agents. The
Khoj Obsid ...)
+ TODO: check
+CVE-2024-24974 (The interactive service in OpenVPN 2.6.9 and earlier allows
the OpenVP ...)
+ TODO: check
+CVE-2024-23562 (A security vulnerability in HCL Domino could allow disclosure
of sensi ...)
+ TODO: check
+CVE-2024-21778 (A heap-based buffer overflow vulnerability exists in the
configuration ...)
+ TODO: check
+CVE-2024-1305 (tap-windows6 driver version 9.26 and earlier does not properly
check ...)
+ TODO: check
+CVE-2023-50383 (Three os command injection vulnerabilities exist in the boa
formWsc fu ...)
+ TODO: check
+CVE-2023-50382 (Three os command injection vulnerabilities exist in the boa
formWsc fu ...)
+ TODO: check
+CVE-2023-50381 (Three os command injection vulnerabilities exist in the boa
formWsc fu ...)
+ TODO: check
+CVE-2023-50330 (A stack-based buffer overflow vulnerability exists in the boa
getInfo ...)
+ TODO: check
+CVE-2023-50244 (Two stack-based buffer overflow vulnerabilities exist in the
boa formI ...)
+ TODO: check
+CVE-2023-50243 (Two stack-based buffer overflow vulnerabilities exist in the
boa formI ...)
+ TODO: check
+CVE-2023-50240 (Two stack-based buffer overflow vulnerabilities exist in the
boa set_R ...)
+ TODO: check
+CVE-2023-50239 (Two stack-based buffer overflow vulnerabilities exist in the
boa set_R ...)
+ TODO: check
+CVE-2023-49867 (A stack-based buffer overflow vulnerability exists in the boa
formWsc ...)
+ TODO: check
+CVE-2023-49595 (A stack-based buffer overflow vulnerability exists in the boa
rollback ...)
+ TODO: check
+CVE-2023-49593 (Leftover debug code exists in the boa formSysCmd functionality
of Leve ...)
+ TODO: check
+CVE-2023-49073 (A stack-based buffer overflow vulnerability exists in the boa
formFilt ...)
+
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 57087686 by security tracker role at 2024-07-08T08:11:40+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2024-6539 (A vulnerability classified as problematic has been found in heyewei Sp ...) + TODO: check +CVE-2024-5711 (Cross-site Scripting (XSS) - Stored in GitHub repository stitionai/dev ...) + TODO: check +CVE-2024-39723 (IBM FlashSystem 5300 USB ports may be usable even if the port has been ...) + TODO: check +CVE-2024-38330 (IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user ...) + TODO: check +CVE-2024-37528 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...) + TODO: check +CVE-2024-37389 (Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 suppor ...) + TODO: check +CVE-2024-34603 (Improper access control in Samsung Message prior to SMR Jul-2024 Relea ...) + TODO: check +CVE-2024-34602 (Use of implicit intent for sensitive communication in Samsung Messages ...) + TODO: check +CVE-2024-31897 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...) + TODO: check CVE-2024-6229 (A stored cross-site scripting (XSS) vulnerability exists in the 'Uploa ...) TODO: check CVE-2024-40614 (EGroupware before 23.1.20240624 mishandles an ORDER BY clause.) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57087686c5b0b326cb6fef87abc945f5aa180afc -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57087686c5b0b326cb6fef87abc945f5aa180afc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0e637032 by security tracker role at 2024-07-07T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,7 @@
+CVE-2024-6229 (A stored cross-site scripting (XSS) vulnerability exists in the
'Uploa ...)
+ TODO: check
+CVE-2024-40614 (EGroupware before 23.1.20240624 mishandles an ORDER BY clause.)
+ TODO: check
CVE-2024-40605 (An issue was discovered in the Foreground skin for MediaWiki
through 1 ...)
NOT-FOR-US: Foreground skin for MediaWiki
CVE-2024-40604 (An issue was discovered in the Nimbus skin for MediaWiki
through 1.42. ...)
@@ -27200,7 +27204,7 @@ CVE-2023-52144 (Improper Limitation of a Pathname to a
Restricted Directory ('Pa
NOT-FOR-US: WordPress plugin
CVE-2024-3508 (A flaw was found in Bombastic, which allows authenticated users
to upl ...)
NOT-FOR-US: Bombastic's use of bzip2
-CVE-2024-3651 [potential DoS via resource consumption via specially crafted
inputs to idna.encode()]
+CVE-2024-3651 (A vulnerability was identified in the kjd/idna library,
specifically w ...)
{DLA-3811-1}
- python-idna 3.6-2.1 (bug #1069127)
[bookworm] - python-idna 3.3-1+deb12u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e637032c4cb9ecd269e58c326012549f868adb2
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e637032c4cb9ecd269e58c326012549f868adb2
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 90451491 by security tracker role at 2024-07-07T08:11:37+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,23 @@ +CVE-2024-40605 (An issue was discovered in the Foreground skin for MediaWiki through 1 ...) + TODO: check +CVE-2024-40604 (An issue was discovered in the Nimbus skin for MediaWiki through 1.42. ...) + TODO: check +CVE-2024-40603 (An issue was discovered in the ArticleRatings extension for MediaWiki ...) + TODO: check +CVE-2024-40602 (An issue was discovered in the Tempo skin for MediaWiki through 1.42.1 ...) + TODO: check +CVE-2024-40601 (An issue was discovered in the MediaWikiChat extension for MediaWiki t ...) + TODO: check +CVE-2024-40600 (An issue was discovered in the Metrolook skin for MediaWiki through 1. ...) + TODO: check +CVE-2024-40599 (An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42 ...) + TODO: check +CVE-2024-40598 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) + TODO: check +CVE-2024-40597 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) + TODO: check +CVE-2024-40596 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) + TODO: check CVE-2024-6095 (A vulnerability in the /models/apply endpoint of mudler/localai versio ...) NOT-FOR-US: mudler/localai CVE-2024-5616 (A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/Loc ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90451491fc1d09ceca92aca2857a8ec3900eb079 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90451491fc1d09ceca92aca2857a8ec3900eb079 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5c7a64c0 by security tracker role at 2024-07-06T20:12:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,4 +1,28 @@
-CVE-2024-39486 [drm/drm_file: Fix pid refcounting race]
+CVE-2024-6095 (A vulnerability in the /models/apply endpoint of mudler/localai
versio ...)
+ TODO: check
+CVE-2024-5616 (A Cross-Site Request Forgery (CSRF) vulnerability exists in
mudler/Loc ...)
+ TODO: check
+CVE-2024-37554 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-37553 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-37547 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-37546 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-37542 (Missing Authorization vulnerability in WpDevArt Responsive
Image Galle ...)
+ TODO: check
+CVE-2024-37541 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-37539 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-37260 (Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby
Foxiz.T ...)
+ TODO: check
+CVE-2024-37234 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in K ...)
+ TODO: check
+CVE-2024-37208 (Server-Side Request Forgery (SSRF) vulnerability in Robert
Macchi WP S ...)
+ TODO: check
+CVE-2024-39486 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux
[bookworm] - linux (Vulnerable code not present)
[bullseye] - linux (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c7a64c0c01fc6f2b21215e7bb43629ff7b5cdc9
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c7a64c0c01fc6f2b21215e7bb43629ff7b5cdc9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5a746a0f by security tracker role at 2024-07-06T08:11:45+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,9 @@
+CVE-2024-40594 (The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of
the san ...)
+ TODO: check
+CVE-2024-39182 (An information disclosure vulnerability in ISPmanager v6.98.0
allows a ...)
+ TODO: check
+CVE-2024-33862 (A buffer-management vulnerability in OPC Foundation
OPCFoundation.NetS ...)
+ TODO: check
CVE-2024-6501
- network-manager
[bookworm] - network-manager (Minor issue)
@@ -1454,9 +1460,11 @@ CVE-2023-38370 (IBM Security Access Manager Docker
10.0.0.0 through 10.0.7.1, un
CVE-2023-38368 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1
could dis ...)
NOT-FOR-US: IBM
CVE-2024-37371 (In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can
cause inva ...)
+ {DSA-5726-1}
- krb5 1.21.3-1
NOTE:
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
(krb5-1.21.3-final)
CVE-2024-37370 (In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can
modify the ...)
+ {DSA-5726-1}
- krb5 1.21.3-1
NOTE:
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
(krb5-1.21.3-final)
CVE-2024-5535 (Issue summary: Calling the OpenSSL API function
SSL_select_next_proto ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a746a0fd0e53e8c70ca4d55f075d93c1e2c7d3d
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a746a0fd0e53e8c70ca4d55f075d93c1e2c7d3d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f16e0e9e by security tracker role at 2024-07-05T20:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,91 @@ +CVE-2024-6526 (A vulnerability classified as problematic has been found in CodeIgnite ...) + TODO: check +CVE-2024-6525 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DA ...) + TODO: check +CVE-2024-6524 (A vulnerability was found in ShopXO up to 6.1.0. It has been declared ...) + TODO: check +CVE-2024-6523 (A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been c ...) + TODO: check +CVE-2024-6505 (A flaw was found in the virtio-net device in QEMU. When enabling the R ...) + TODO: check +CVE-2024-6298 (Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Li ...) + TODO: check +CVE-2024-6209 (Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <= ...) + TODO: check +CVE-2024-5753 (vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some f ...) + TODO: check +CVE-2024-39864 (The CloudStack integration API service allows running its unauthentica ...) + TODO: check +CVE-2024-39696 (Evmos is a decentralized Ethereum Virtual Machine chain on the Cosmos ...) + TODO: check +CVE-2024-39691 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging ...) + TODO: check +CVE-2024-39689 (Certifi is a curated collection of Root Certificates for validating th ...) + TODO: check +CVE-2024-39687 (Fedify is a TypeScript library for building federated server apps powe ...) + TODO: check +CVE-2024-39321 (Traefik is an HTTP reverse proxy and load balancer. Versions prior to ...) + TODO: check +CVE-2024-39210 (Best House Rental Management System v1.0 was discovered to contain an ...) + TODO: check +CVE-2024-39178 (MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary ...) + TODO: check +CVE-2024-39174 (A cross-site scripting (XSS) vulnerability in the Publish Article func ...) + TODO: check +CVE-2024-39150 (vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a c ...) + TODO: check +CVE-2024-39028 (An issue was discovered in SeaCMS <=12.9 which allows remote attackers ...) + TODO: check +CVE-2024-39027 (SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vuln ...) + TODO: check +CVE-2024-39023 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-39022 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-39021 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-39020 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-39019 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-38346 (The CloudStack cluster service runs on unauthenticated port (default 9 ...) + TODO: check +CVE-2024-37903 (Mastodon is a self-hosted, federated microblogging platform. Starting ...) + TODO: check +CVE-2024-37769 (Insecure permissions in 14Finger v1.1 allow attackers to escalate priv ...) + TODO: check +CVE-2024-37768 (14Finger v1.1 was discovered to contain an arbitrary user deletion vul ...) + TODO: check +CVE-2024-37767 (Insecure permissions in the component /api/admin/user of 14Finger v1.1 ...) + TODO: check +CVE-2024-34361 (Pi-hole is a DNS sinkhole that protects devices from unwanted content ...) + TODO: check +CVE-2024-29319 (Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Serve ...) + TODO: check +CVE-2024-29318 (Volmarg Personal Management System 1.4.64 is vulnerable to stored cros ...) + TODO: check +CVE-2024-27717 (Cross Site Request Forgery vulnerability in Eskooly Free Online School ...) + TODO: check +CVE-2024-27716 (Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and be ...) + TODO: check +CVE-2024-27715 (An issue in Eskooly Free Online School management Software v.3.0 and b ...) + TODO: check +CVE-2024-27713 (An issue in Eskooly Free Online School management Software v.3.0 and b ...) + TODO: check +CVE-2024-27712 (An issue in Eskooly Free Online School management Software v.3.0 and b ...) + TODO: check +CVE-2024-27711 (An issue in Eskooly Free Online School management Software v.3.0 and b ...) + TODO: check +CVE-2024-27710 (An issue in Eskooly Free Online School management Software v.3.0 and b ...) + TODO: check +CVE-2024-27709 (SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remo ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
62396743 by security tracker role at 2024-07-05T08:11:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,41 @@
+CVE-2024-39943 (rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux,
UNIX, an ...)
+ TODO: check
+CVE-2024-39937 (supOS 5.0 allows api/image/download?fileName=../ directory
traversal f ...)
+ TODO: check
+CVE-2024-39936 (An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x
before 6.2. ...)
+ TODO: check
+CVE-2024-39935 (jc21 NGINX Proxy Manager before 2.11.3 allows
backend/internal/certifi ...)
+ TODO: check
+CVE-2024-39485 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ TODO: check
+CVE-2024-39484 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ TODO: check
+CVE-2024-39483 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
+ TODO: check
+CVE-2024-39482 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ TODO: check
+CVE-2024-39481 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ TODO: check
+CVE-2024-39480 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
+ TODO: check
+CVE-2024-39479 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-39478 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
+ TODO: check
+CVE-2024-39477 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ TODO: check
+CVE-2024-39476 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ TODO: check
+CVE-2024-39475 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
+ TODO: check
+CVE-2024-39474 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ TODO: check
+CVE-2024-39473 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
+ TODO: check
+CVE-2024-39472 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
+ TODO: check
+CVE-2024-34481 (drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via
comments, cap ...)
+ TODO: check
CVE-2024-6513
REJECTED
CVE-2024-6511 (A vulnerability classified as problematic was found in
y_project RuoYi ...)
@@ -458,7 +496,7 @@ CVE-2023-51776 (Improper privilege management in Jungo
WinDriver before 12.1.0 a
NOT-FOR-US: Jungo WinDriver
CVE-2023-39324
REJECTED
-CVE-2024-32498 [OSSA-2024-001: Arbitrary file access through custom QCOW2
external data]
+CVE-2024-32498 (An issue was discovered in OpenStack Cinder through 24.0.0,
Glance bef ...)
- cinder (bug #1074763)
- glance 2:28.0.1-3+deb12u1 (bug #1074761)
- nova (bug #1074762)
@@ -2906,12 +2944,14 @@ CVE-2022-48738 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux 5.10.103-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0 (5.17-rc3)
-CVE-2022-48737 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
+CVE-2022-48737
+ REJECTED
- linux 5.16.10-1
[bullseye] - linux 5.10.103-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e (5.17-rc3)
-CVE-2022-48736 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
+CVE-2022-48736
+ REJECTED
- linux 5.16.10-1
[bullseye] - linux 5.10.103-1
[buster] - linux 4.19.232-1
@@ -8343,7 +8383,7 @@ CVE-2024-3200 (The wpForo Forum plugin for WordPress is
vulnerable to SQL Inject
NOT-FOR-US: WordPress plugin
CVE-2024-35636 (Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare
Uploadca ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-36041 [ksmserver: Unauthorized users can access session manager]
+CVE-2024-36041 (KSmserver in KDE Plasma Workspace (aka plasma-workspace)
before 5.27.1 ...)
{DSA-5723-1 DLA-3827-1}
- plasma-workspace 4:5.27.11.1-1
NOTE: https://kde.org/info/security/advisory-20240531-1.txt
@@ -47631,7 +47671,7 @@ CVE-2024-0987 (A vulnerability classified as critical
has been found in Sichuan
NOT-FOR-US: Sichuan Yougou Technology KuERP
CVE-2024-0986 (A vulnerability was found in Issabel PBX 4.0.0. It has been
rated as c ...)
NOT-FOR-US: Issabel PBX
-CVE-2023-52340 [ipv6: remove max_size check inline with ipv4]
+CVE-2023-52340 (The IPv6 implementation in the Linux kernel before 6.3 has a
net/ipv6/ ...)
{DLA-3841-1 DLA-3840-1}
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
96c7606c by security tracker role at 2024-07-04T20:12:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,55 @@
+CVE-2024-6513
+ REJECTED
+CVE-2024-6511 (A vulnerability classified as problematic was found in
y_project RuoYi ...)
+ TODO: check
+CVE-2024-6507 (Command injection when ingesting a remote Kaggle dataset due to
a lack ...)
+ TODO: check
+CVE-2024-6506 (Information exposure vulnerability in the MRW plugin, in
its5.4.3 vers ...)
+ TODO: check
+CVE-2024-6434 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-6319 (The IMGspider plugin for WordPress is vulnerable to arbitrary
file upl ...)
+ TODO: check
+CVE-2024-6318 (The IMGspider plugin for WordPress is vulnerable to arbitrary
file upl ...)
+ TODO: check
+CVE-2024-5943 (The Nested Pages plugin for WordPress is vulnerable to
Cross-Site Requ ...)
+ TODO: check
+CVE-2024-3904 (Incorrect Default Permissions vulnerability in Smart Device
Communicat ...)
+ TODO: check
+CVE-2024-39934 (Robotmk before 2.0.1 allows a local user to escalate
privileges (e.g., ...)
+ TODO: check
+CVE-2024-39933 (Gogs through 0.13.0 allows argument injection during the
tagging of a ...)
+ TODO: check
+CVE-2024-39932 (Gogs through 0.13.0 allows argument injection during the
previewing of ...)
+ TODO: check
+CVE-2024-39931 (Gogs through 0.13.0 allows deletion of internal files.)
+ TODO: check
+CVE-2024-39930 (The built-in SSH server of Gogs through 0.13.0 allows argument
injecti ...)
+ TODO: check
+CVE-2024-39929 (Exim through 4.97.1 misparses a multiline RFC 2231 header
filename, an ...)
+ TODO: check
+CVE-2024-39211 (Kaiten 57.128.8 allows remote attackers to enumerate user
accounts via ...)
+ TODO: check
+CVE-2024-39165 (QR/demoapp/qr_image.php in Asial JpGraph Professional through
4.2.6-pr ...)
+ TODO: check
+CVE-2024-37476 (Cross Site Scripting (XSS) vulnerability in Automattic
Newspack Campai ...)
+ TODO: check
+CVE-2024-37474 (Cross Site Scripting (XSS) vulnerability in Automattic
Newspack Ads al ...)
+ TODO: check
+CVE-2024-37472 (Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice
allows R ...)
+ TODO: check
+CVE-2024-37471 (Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice
Core all ...)
+ TODO: check
+CVE-2024-32754 (Under certain circumstances, when the controller is in factory
reset m ...)
+ TODO: check
+CVE-2024-22277 (VMware Cloud Director Availability contains an HTML injection
vulnerab ...)
+ TODO: check
+CVE-2024-1574 (Use of Externally-Controlled Input to Select Classes or Code
('Unsafe ...)
+ TODO: check
+CVE-2024-1573 (Improper Authentication vulnerability in the mobile monitoring
feature ...)
+ TODO: check
+CVE-2024-1182 (Uncontrolled Search Path Element vulnerability in ICONICS
GENESIS64 al ...)
+ TODO: check
CVE-2024-6464
REJECTED
CVE-2024-6463
@@ -320,7 +372,8 @@ CVE-2024-34586 (Improper access control in
KnoxCustomManagerService prior to SMR
NOT-FOR-US: Samsung
CVE-2024-34585 (Improper access control in launchApp of SystemUI prior to SMR
Jul-2024 ...)
NOT-FOR-US: Samsung
-CVE-2024-34584 (Improper privilege management in SumeNNService prior to SMR
Jul-2024 R ...)
+CVE-2024-34584
+ REJECTED
NOT-FOR-US: Samsung
CVE-2024-34583 (Improper access control in system property prior to SMR
Jul-2024 Relea ...)
NOT-FOR-US: Samsung
@@ -679,7 +732,7 @@ CVE-2024-0153 (Improper Restriction of Operations within
the Bounds of a Memory
TODO: check
CVE-2023-43554 (Memory corruption while processing IOCTL handler in FastRPC.)
NOT-FOR-US: Qualcomm
-CVE-2024-39884
+CVE-2024-39884 (A regression in the core of Apache HTTP Server 2.4.60 ignores
some use ...)
- apache2 2.4.61-1
[bookworm] - apache2 (Vulnerable code not present)
[bullseye] - apache2 (Vulnerable code not present)
@@ -71258,7 +71311,7 @@ CVE-2023-5063 (The Widget Responsive for Youtube plugin
for WordPress is vulnera
NOT-FOR-US: WordPress plugin
CVE-2023-5062 (The WordPress Charts plugin for WordPress is vulnerable to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-4088 (Incorrect Default Permissions vulnerability due to incomplete
fix to a ...)
+CVE-2023-4088 (Incorrect Default Permissions vulnerability in Mitsubishi
Electric Cor ...)
NOT-FOR-US: Mitsubishi
CVE-2023-43621 (An issue was discovered in Croc through 9.6.5. The shared
secret, loca ...)
- croc (bug #1017956)
View it on GitLab:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ed488fa4 by security tracker role at 2024-07-04T08:11:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,29 @@
+CVE-2024-6464
+ REJECTED
+CVE-2024-6463
+ REJECTED
+CVE-2024-6461
+ REJECTED
+CVE-2024-6383 (The bson_string_append function in MongoDB C Driver may be
vulnerable ...)
+ TODO: check
+CVE-2024-6284 (In https://github.com/google/nftables IP addresses were
encoded in th ...)
+ TODO: check
+CVE-2024-5641 (The One Click Order Re-Order plugin for WordPress is vulnerable
to una ...)
+ TODO: check
+CVE-2024-3639 (The Elementor Addons by Livemesh plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-3638 (The Elementor Addons by Livemesh plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-38471 (Multiple TP-LINK products allow a network-adjacent attacker
with an ad ...)
+ TODO: check
+CVE-2024-38345 (A cross-site request forgery vulnerability exists in Sola
Testimonials ...)
+ TODO: check
+CVE-2024-38344 (A cross-site request forgery vulnerability exists in WP Tweet
Walls ve ...)
+ TODO: check
+CVE-2024-2926 (The Elementor Addons by Livemesh plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-2385 (The Elementor Addons by Livemesh plugin for WordPress is
vulnerable to ...)
+ TODO: check
CVE-2024-6488
REJECTED
CVE-2024-6471 (A vulnerability classified as critical has been found in
SourceCodeste ...)
@@ -113,6 +139,7 @@ CVE-2023-52168 (The NtfsHandler.cpp NTFS handler in 7-Zip
before 24.01 (for 7zz)
NOTE: Since p7zip/16.02+transitional.1 src:p7zip is only a empty source
package
NOTE: depending on 7zip. Mark this version as fixed version.
CVE-2024-39844 (In ZNC before 1.9.1, remote code execution can occur in modtcl
via a K ...)
+ {DSA-5725-1}
- znc (bug #1075729)
NOTE: Fixed by:
https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e
(znc-1.9.1)
CVE-2024-6453 (A vulnerability was found in itsourcecode Farm Management
System 1.0. ...)
@@ -235,7 +262,7 @@ CVE-2024-38857 (Improper neutralization of input in Checkmk
before versions 2.3.
- check-mk
CVE-2024-38537 (Fides is an open-source privacy engineering platform.
`fides.js`, a cl ...)
NOT-FOR-US: Fides
-CVE-2024-38519 (`yt-dlp` is a command-line audio/video downloader. Prior to
version 20 ...)
+CVE-2024-38519 (`yt-dlp` and `youtube-dl` are command-line audio/video
downloaders. Pr ...)
- yt-dlp 2024.07.01-1 (unimportant)
NOTE:
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j
NOTE:
https://github.com/yt-dlp/yt-dlp/commit/5ce582448ececb8d9c30c8c31f58330090ced03a
(2024.07.01)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed488fa40d1962e5506ff2dc867c2cf73369cad4
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed488fa40d1962e5506ff2dc867c2cf73369cad4
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f4f28bc4 by security tracker role at 2024-07-03T20:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,80 @@ -CVE-2024-39844 +CVE-2024-6488 + REJECTED +CVE-2024-6471 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-6470 (A vulnerability was found in playSMS 1.4.3. It has been rated as probl ...) + TODO: check +CVE-2024-6469 (A vulnerability was found in playSMS 1.4.3. It has been declared as pr ...) + TODO: check +CVE-2024-6428 (Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2, 9.5.x <= 9. ...) + TODO: check +CVE-2024-6427 (Uncontrolled Resource Consumption vulnerability in MESbook20221021.03 ...) + TODO: check +CVE-2024-6426 (Information exposure vulnerability in MESbook 20221021.03 version, the ...) + TODO: check +CVE-2024-6126 (A flaw was found in the cockpit package. This flaw allows an authentic ...) + TODO: check +CVE-2024-6052 (Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and ...) + TODO: check +CVE-2024-5887 (Cross-Site Request Forgery (CSRF) in stitionai/devika) + TODO: check +CVE-2024-5821 (Improper Access Control in stitionai/devika) + TODO: check +CVE-2024-5672 (A high privileged remote attacker canexecute arbitrary system commands ...) + TODO: check +CVE-2024-3332 (A malicious BLE device can send a specific order of packet sequence to ...) + TODO: check +CVE-2024-39830 (Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and ...) + TODO: check +CVE-2024-39807 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0fail to properly sanitize ...) + TODO: check +CVE-2024-39683 (ZITADEL is an open-source identity infrastructure tool. ZITADEL provid ...) + TODO: check +CVE-2024-39361 (Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= ...) + TODO: check +CVE-2024-39353 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the Remo ...) + TODO: check +CVE-2024-39248 (A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows atta ...) + TODO: check +CVE-2024-39223 (An authentication bypass in the SSH service of gost v2.11.5 allows att ...) + TODO: check +CVE-2024-39220 (BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, ...) + TODO: check +CVE-2024-37726 (Insecure Permissions vulnerability in Micro-Star International Co., Lt ...) + TODO: check +CVE-2024-37157 (Discourse is an open-source discussion platform. Prior to version 3.2. ...) + TODO: check +CVE-2024-36257 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0,when using shared channel ...) + TODO: check +CVE-2024-36122 (Discourse is an open-source discussion platform. Prior to version 3.2. ...) + TODO: check +CVE-2024-36113 (Discourse is an open-source discussion platform. Prior to version 3.2. ...) + TODO: check +CVE-2024-35234 (Discourse is an open-source discussion platform. Prior to version 3.2. ...) + TODO: check +CVE-2024-35227 (Discourse is an open-source discussion platform. Prior to version 3.2. ...) + TODO: check +CVE-2024-34750 (Improper Handling of Exceptional Conditions, Uncontrolled Resource Con ...) + TODO: check +CVE-2024-32937 (An os command injection vulnerability exists in the CWMP SelfDefinedTi ...) + TODO: check +CVE-2024-31223 (Fides is an open-source privacy engineering platform, and `SERVER_SIDE ...) + TODO: check +CVE-2024-29511 (Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, ha ...) + TODO: check +CVE-2024-29509 (Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFP ...) + TODO: check +CVE-2024-29508 (Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure ...) + TODO: check +CVE-2024-29507 (Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer ...) + TODO: check +CVE-2024-29506 (Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow i ...) + TODO: check +CVE-2023-52169 (The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) conta ...) + TODO: check +CVE-2023-52168 (The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) conta ...) + TODO: check +CVE-2024-39844 (In ZNC before 1.9.1, remote code execution can occur in modtcl via a K ...) - znc NOTE: Fixed by: https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e (znc-1.9.1) CVE-2024-6453 (A vulnerability was found in itsourcecode Farm Management System 1.0. ...) @@ -17752,7 +17828,7 @@ CVE-2023-6682 (An issue has been discovered in GitLab CE/EE affecting all versio - gitlab
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d704235b by security tracker role at 2024-07-03T08:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,47 @@
+CVE-2024-6453 (A vulnerability was found in itsourcecode Farm Management
System 1.0. ...)
+ TODO: check
+CVE-2024-6340 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-6263 (The WP Lightbox 2 plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2024-4708 (mySCADA myPRO uses a hard-coded password which could allow an
attack ...)
+ TODO: check
+CVE-2024-4543 (The Snippet Shortcodes plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
+CVE-2024-4482 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page
Templa ...)
+ TODO: check
+CVE-2024-39920 (The TCP protocol in RFC 9293 has a timing side channel that
makes it e ...)
+ TODO: check
+CVE-2024-39326 (SkillTree is a micro-learning gamification platform. Prior to
version ...)
+ TODO: check
+CVE-2024-39325 (aimeos/ai-controller-frontend is the Aimeos frontend
controller. Prio ...)
+ TODO: check
+CVE-2024-39324 (aimeos/ai-admin-graphql is the Aimeos GraphQL API admin
interface. Sta ...)
+ TODO: check
+CVE-2024-39322 (aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for
administ ...)
+ TODO: check
+CVE-2024-38453 (The Avalara for Salesforce CPQ app before 7.0 for Salesforce
allows at ...)
+ TODO: check
+CVE-2024-37082 (Security check loophole in HAProxy release (in combination
with routin ...)
+ TODO: check
+CVE-2024-32673 (Improper Validation of Array Index vulnerability in Samsung
Open Sourc ...)
+ TODO: check
+CVE-2024-2376 (The WPQA Builder WordPress plugin before 6.1.1 does not have
CSRF chec ...)
+ TODO: check
+CVE-2024-2375 (The WPQA Builder WordPress plugin before 6.1.1 does not
sanitise and e ...)
+ TODO: check
+CVE-2024-2235 (The Himer WordPress theme before 2.1.1 does not have CSRF
checks in so ...)
+ TODO: check
+CVE-2024-2234 (The Himer WordPress theme before 2.1.1 does not sanitise and
escape so ...)
+ TODO: check
+CVE-2024-2233 (The Himer WordPress theme before 2.1.1 does not have CSRF
checks in so ...)
+ TODO: check
+CVE-2024-2231 (The allows any authenticated user to join a private group due
to a mi ...)
+ TODO: check
+CVE-2024-2040 (The Himer WordPress theme before 2.1.1 does not have CSRF
checks in so ...)
+ TODO: check
+CVE-2024-24791 (The net/http HTTP/1.1 client mishandled the case where a
server respon ...)
+ TODO: check
CVE-2024-6452 (A vulnerability classified as critical was found in linlinjava
litemal ...)
TODO: check
CVE-2024-6441 (A vulnerability was found in ORIPA up to 1.72. It has been
declared as ...)
@@ -501,7 +545,7 @@ CVE-2024-36387 (Serving WebSocket protocol upgrades over a
HTTP/2 connection cou
- apache2 2.4.60-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-36387
NOTE:
https://github.com/apache/httpd/commit/c69a51bff8157e403121f8436d85dde21ad28bd2
-CVE-2024-6387 (A signal handler race condition was found in OpenSSH's server
(sshd), ...)
+CVE-2024-6387 (A security regression (CVE-2006-5051) was discovered in
OpenSSH's serv ...)
{DSA-5724-1}
- openssh 1:9.7p1-7
[bullseye] - openssh (Vulnerable code introduced later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d704235bcb3ecab9836d6cb2c119b61090ceee6a
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d704235bcb3ecab9836d6cb2c119b61090ceee6a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3fb3389b by security tracker role at 2024-07-02T20:12:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,183 @@ +CVE-2024-6452 (A vulnerability classified as critical was found in linlinjava litemal ...) + TODO: check +CVE-2024-6441 (A vulnerability was found in ORIPA up to 1.72. It has been declared as ...) + TODO: check +CVE-2024-6440 (A vulnerability was found in SourceCodester Home Owners Collection Man ...) + TODO: check +CVE-2024-6439 (A vulnerability was found in SourceCodester Home Owners Collection Man ...) + TODO: check +CVE-2024-6438 (A vulnerability has been found in Hitout Carsale 1.0 and classified as ...) + TODO: check +CVE-2024-6382 (Incorrect handling of certain string inputs may result in MongoDB Rust ...) + TODO: check +CVE-2024-6381 (The bson_strfreev function in the MongoDB C driver library may be susc ...) + TODO: check +CVE-2024-6341 + REJECTED +CVE-2024-6264 (The Post Meta Data Manager plugin for WordPress is vulnerable to Store ...) + TODO: check +CVE-2024-6099 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-6088 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-6012 (The Cost Calculator Builder plugin for WordPress is vulnerable to unau ...) + TODO: check +CVE-2024-6011 (The Cost Calculator Builder plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2024-5866 (Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The ...) + TODO: check +CVE-2024-5865 (Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The ...) + TODO: check +CVE-2024-5260 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) + TODO: check +CVE-2024-4897 (parisneo/lollms-webui, in its latest version, is vulnerable to remote ...) + TODO: check +CVE-2024-4836 (Web services managed by Edito CMS (Content Management System) in versi ...) + TODO: check +CVE-2024-4467 (A flaw was found in the QEMU disk image utility (qemu-img) 'info' comm ...) + TODO: check +CVE-2024-4268 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPres ...) + TODO: check +CVE-2024-3826 (In versions of Akana in versions prior to and including 2022.1.3 valid ...) + TODO: check +CVE-2024-39894 (OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks aga ...) + TODO: check +CVE-2024-39891 (In the Twilio Authy API, accessed by Authy Android before 25.1.0 and A ...) + TODO: check +CVE-2024-39323 (aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Sta ...) + TODO: check +CVE-2024-39316 (Rack is a modular Ruby web server interface. Starting in version 3.1.0 ...) + TODO: check +CVE-2024-39315 (Pomerium is an identity and context-aware access proxy. Prior to versi ...) + TODO: check +CVE-2024-39206 (An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 all ...) + TODO: check +CVE-2024-39143 (A stored cross-site scripting (XSS) vulnerability exists in ResidenceC ...) + TODO: check +CVE-2024-39119 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-38857 (Improper neutralization of input in Checkmk before versions 2.3.0p8, 2 ...) + TODO: check +CVE-2024-38537 (Fides is an open-source privacy engineering platform. `fides.js`, a cl ...) + TODO: check +CVE-2024-38519 (`yt-dlp` is a command-line audio/video downloader. Prior to version 20 ...) + TODO: check +CVE-2024-37185 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...) + TODO: check +CVE-2024-37077 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...) + TODO: check +CVE-2024-37030 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...) + TODO: check +CVE-2024-36404 (GeoTools is an open source Java library that provides tools for geospa ...) + TODO: check +CVE-2024-36278 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...) + TODO: check +CVE-2024-36260 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...) + TODO: check +CVE-2024-36243 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...) + TODO: check +CVE-2024-34601 (Improper verification of intent by broadcast receiver vulnerability in ...) + TODO: check +CVE-2024-34600 (Improper verification of intent by broadcast receiver vulnerability in ...) + TODO: check +CVE-2024-34599 (Improper input validation in Tips prior to version 6.2.9.4
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1faa5f9c by security tracker role at 2024-07-02T08:11:50+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,111 @@ +CVE-2024-6172 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) + TODO: check +CVE-2024-5938 (The Boot Store theme for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-5767 (The sitetweet WordPress plugin through 0.2 does not have CSRF check in ...) + TODO: check +CVE-2024-5606 (The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vul ...) + TODO: check +CVE-2024-5545 (The Motors \u2013 Car Dealer, Classifieds & Listing plugin for WordPre ...) + TODO: check +CVE-2024-5544 (The Media Library Assistant plugin for WordPress is vulnerable to Refl ...) + TODO: check +CVE-2024-5504 (The Rife Elementor Extensions & Templates plugin for WordPress is vuln ...) + TODO: check +CVE-2024-5419 (The Void Contact Form 7 Widget For Elementor Page Builder plugin for W ...) + TODO: check +CVE-2024-5349 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) + TODO: check +CVE-2024-5322 (The N-central server is vulnerable to session rebinding of already aut ...) + TODO: check +CVE-2024-5219 (The Easy Google Maps plugin for WordPress is vulnerable to Stored Cros ...) + TODO: check +CVE-2024-4679 (Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible ...) + TODO: check +CVE-2024-4627 (The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise a ...) + TODO: check +CVE-2024-3999 (The EazyDocs WordPress plugin before 2.5.0 does not sanitise and esca ...) + TODO: check +CVE-2024-3513 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPres ...) + TODO: check +CVE-2024-39314 (toy-blog is a headless content management system implementation. Start ...) + TODO: check +CVE-2024-39313 (toy-blog is a headless content management system implementation. Start ...) + TODO: check +CVE-2024-39310 (The Basil recipe theme for WordPress is vulnerable to Persistent Cross ...) + TODO: check +CVE-2024-39309 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2024-39305 (Envoy is a cloud-native, open source edge and service proxy. Prior to ...) + TODO: check +CVE-2024-38368 (trunk.cocoapods.org is the authentication server for the CoacoaPods de ...) + TODO: check +CVE-2024-38367 (trunk.cocoapods.org is the authentication server for the CoacoaPods de ...) + TODO: check +CVE-2024-38366 (trunk.cocoapods.org is the authentication server for the CoacoaPods de ...) + TODO: check +CVE-2024-37765 (Machform up to version 19 is affected by an authenticated Blind SQL in ...) + TODO: check +CVE-2024-37764 (MachForm up to version 19 is affected by an authenticated stored cross ...) + TODO: check +CVE-2024-37763 (MachForm up to version 19 is affected by an unauthenticated stored cro ...) + TODO: check +CVE-2024-37762 (MachForm up to version 21 is affected by an authenticated unrestricted ...) + TODO: check +CVE-2024-37479 (Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit ...) + TODO: check +CVE-2024-37134 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an impr ...) + TODO: check +CVE-2024-37133 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an impr ...) + TODO: check +CVE-2024-37132 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an inco ...) + TODO: check +CVE-2024-37126 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an impr ...) + TODO: check +CVE-2024-32854 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an impr ...) + TODO: check +CVE-2024-32853 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an exec ...) + TODO: check +CVE-2024-32852 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of ...) + TODO: check +CVE-2024-32230 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size- ...) + TODO: check +CVE-2024-32229 (FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandsh ...) + TODO: check +CVE-2024-32228 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavc ...) + TODO: check +CVE-2024-2819 (Incorrect Default Permissions, Improper Preservation of Permissions vu ...) + TODO: check +CVE-2024-28200 (The N-central server is vulnerable to an authentication bypass of the ...) + TODO: check +CVE-2024-23737 (Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ee21cac6 by security tracker role at 2024-07-01T20:12:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,29 +1,196 @@ -CVE-2024-39573 +CVE-2024-6425 (Incorrect Provision of Specified Functionality vulnerability in MESboo ...) + TODO: check +CVE-2024-6424 (External server-side request vulnerability in MESbook 20221021.03 vers ...) + TODO: check +CVE-2024-6376 (MongoDB Compass may be susceptible to code injection due to insufficie ...) + TODO: check +CVE-2024-6375 (A command for refining a collection shard key is missing an authorizat ...) + TODO: check +CVE-2024-6050 (Improper Neutralization of Input During Web Page Generation vulnerabil ...) + TODO: check +CVE-2024-4007 (Default credential in install package in ABB ASPECT; NEXUS Series; MAT ...) + TODO: check +CVE-2024-39879 (In JetBrains TeamCity before 2024.03.3 application token could be expo ...) + TODO: check +CVE-2024-39878 (In JetBrains TeamCity before 2024.03.3 private key could be exposed vi ...) + TODO: check +CVE-2024-39853 (adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype p ...) + TODO: check +CVE-2024-39430 (In faceid servive, there is a possible out of bounds write due to a mi ...) + TODO: check +CVE-2024-39429 (In faceid servive, there is a possible out of bounds write due to a mi ...) + TODO: check +CVE-2024-39428 (In trusty service, there is a possible out of bounds write due to a mi ...) + TODO: check +CVE-2024-39427 (In trusty service, there is a possible out of bounds write due to a mi ...) + TODO: check +CVE-2024-39303 (Weblate is a web based localization tool. Prior to version 5.6.2, Webl ...) + TODO: check +CVE-2024-39251 (An issue in the component ControlCenter.sys/ControlCenter64.sys of Thu ...) + TODO: check +CVE-2024-39249 (Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expressio ...) + TODO: check +CVE-2024-39236 (Gradio v4.36.1 was discovered to contain a code injection vulnerabilit ...) + TODO: check +CVE-2024-39018 (harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a pr ...) + TODO: check +CVE-2024-39017 (agreejs shared v0.0.1 was discovered to contain a prototype pollution ...) + TODO: check +CVE-2024-39016 (che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pol ...) + TODO: check +CVE-2024-39015 (cafebazaar hod v0.4.14 was discovered to contain a prototype pollution ...) + TODO: check +CVE-2024-39014 (ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pol ...) + TODO: check +CVE-2024-39013 (2o3t-utility v0.1.2 was discovered to contain a prototype pollution vi ...) + TODO: check +CVE-2024-39008 (robinweser fast-loops v1.1.3 was discovered to contain a prototype pol ...) + TODO: check +CVE-2024-39003 (amoyjs amoy common v1.0.10 was discovered to contain a prototype pollu ...) + TODO: check +CVE-2024-39002 (rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pol ...) + TODO: check +CVE-2024-39001 (ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollu ...) + TODO: check +CVE-2024-39000 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype ...) + TODO: check +CVE-2024-38999 (jrburke requirejs v2.3.6 was discovered to contain a prototype polluti ...) + TODO: check +CVE-2024-38998 (jrburke requirejs v2.3.6 was discovered to contain a prototype polluti ...) + TODO: check +CVE-2024-38997 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype ...) + TODO: check +CVE-2024-38996 (ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discover ...) + TODO: check +CVE-2024-38994 (amoyjs amoy common v1.0.10 was discovered to contain a prototype pollu ...) + TODO: check +CVE-2024-38993 (rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pol ...) + TODO: check +CVE-2024-38992 (airvertco frappejs v0.0.11 was discovered to contain a prototype pollu ...) + TODO: check +CVE-2024-38991 (akbr patch-into v1.0.1 was discovered to contain a prototype pollution ...) + TODO: check +CVE-2024-38990 (Tada5hi sp-common v0.5.4 was discovered to contain a prototype polluti ...) + TODO: check +CVE-2024-38987 (aofl cli-lib v3.14.0 was discovered to contain a prototype pollution v ...) + TODO: check +CVE-2024-38953 (phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in t ...) + TODO: check +CVE-2024-38513 (Fiber is an Express-inspired web framework written in Go A vulnerabili ...) + TODO: check +CVE-2024-37298 (gorilla/schema converts structs to and from form values.
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bd533afd by security tracker role at 2024-07-01T08:12:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,35 @@
+CVE-2024-6419 (A vulnerability classified as critical was found in
SourceCodester Med ...)
+ TODO: check
+CVE-2024-6418 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2024-6417 (A vulnerability was found in SourceCodester Simple Online
Bidding Syst ...)
+ TODO: check
+CVE-2024-6416 (A vulnerability was found in SeaCMS 12.9. It has been declared
as crit ...)
+ TODO: check
+CVE-2024-6130 (The Form Maker by 10Web WordPress plugin before 1.15.26 does
not sani ...)
+ TODO: check
+CVE-2024-4934 (The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2
does n ...)
+ TODO: check
+CVE-2024-3123 (CHANGING Mobile One Time Password's uploading function in a
hidden pag ...)
+ TODO: check
+CVE-2024-3122 (CHANGING Mobile One Time Password does not properly filter
parameters ...)
+ TODO: check
+CVE-2024-38480 ("Piccoma" App for Android and iOS versions prior to 6.20.0
uses a hard ...)
+ TODO: check
+CVE-2024-34703 (Botan is a C++ cryptography library. X.509 certificates can
identify e ...)
+ TODO: check
+CVE-2024-20081 (In gnss service, there is a possible out of bounds write due
to improp ...)
+ TODO: check
+CVE-2024-20080 (In gnss service, there is a possible escalation of privilege
due to im ...)
+ TODO: check
+CVE-2024-20079 (In gnss service, there is a possible out of bounds write due
to improp ...)
+ TODO: check
+CVE-2024-20078 (In venc, there is a possible out of bounds write due to type
confusion ...)
+ TODO: check
+CVE-2024-20077 (In Modem, there is a possible system crash due to incorrect
error hand ...)
+ TODO: check
+CVE-2024-20076 (In Modem, there is a possible system crash due to incorrect
error hand ...)
+ TODO: check
CVE-2024-5062 (A reflected Cross-Site Scripting (XSS) vulnerability was
identified in ...)
NOT-FOR-US: zenml
CVE-2024-35119 (IBM InfoSphere Information Server 11.7 could allow a remote
attacker t ...)
@@ -25662,6 +25694,7 @@ CVE-2024-1456 (An S3 bucket takeover vulnerability was
identified in the h2oai/h
CVE-2024-1183 (An SSRF (Server-Side Request Forgery) vulnerability exists in
the grad ...)
NOT-FOR-US: Gradio
CVE-2024-1135 (Gunicorn fails to properly validate Transfer-Encoding headers,
leading ...)
+ {DLA-3851-1}
- gunicorn 22.0.0-1 (bug #1069126)
[bookworm] - gunicorn (Minor issue)
[bullseye] - gunicorn (Minor issue)
@@ -43440,7 +43473,7 @@ CVE-2023-49721 (An insecure default to allow UEFI Shell
in EDK2 was left enabled
NOTE: https://www.openwall.com/lists/oss-security/2024/02/14/4
NOTE: https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139
CVE-2023-48733 (An insecure default to allow UEFI Shell in EDK2 was left
enabled in Ub ...)
- {DSA-5624-1}
+ {DSA-5624-1 DLA-3852-1}
- edk2 2023.11-7
NOTE: https://www.openwall.com/lists/oss-security/2024/02/14/4
NOTE: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137
@@ -286141,6 +286174,7 @@ CVE-2020-25831
CVE-2020-25830 (An issue was discovered in MantisBT before 2.24.3. Improper
escaping o ...)
- mantis
CVE-2020-25829 (An issue has been found in PowerDNS Recursor before 4.1.18,
4.2.x befo ...)
+ {DLA-3855-1}
- pdns-recursor 4.3.5-1 (bug #972159)
[buster] - pdns-recursor (Minor issue)
NOTE:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html
@@ -313183,6 +313217,7 @@ CVE-2020-14198 (Bitcoin Core 0.20.0 allows remote
denial of service.)
CVE-2020-14197
RESERVED
CVE-2020-14196 (In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2
and 4.1 ...)
+ {DLA-3855-1}
- pdns-recursor 4.3.2-1 (low; bug #964103)
[buster] - pdns-recursor (Minor issue, fix along in next
DSA)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/01/1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd533afda8c5c23ea4a9c07bfcb64445448ead8a
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd533afda8c5c23ea4a9c07bfcb64445448ead8a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
73b9c503 by security tracker role at 2024-06-30T20:12:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,29 @@
+CVE-2024-5062 (A reflected Cross-Site Scripting (XSS) vulnerability was
identified in ...)
+ TODO: check
+CVE-2024-35119 (IBM InfoSphere Information Server 11.7 could allow a remote
attacker t ...)
+ TODO: check
+CVE-2024-31902 (IBM InfoSphere Information Server 11.7 is vulnerable to
cross-site req ...)
+ TODO: check
+CVE-2024-31898 (IBM InfoSphere Information Server 11.7 could allow an
authenticated us ...)
+ TODO: check
+CVE-2024-28798 (IBM InfoSphere Information Server 11.7 is vulnerable to stored
cross-s ...)
+ TODO: check
+CVE-2024-28797 (IBM InfoSphere Information Server 11.7 is vulnerable stored to
cross-s ...)
+ TODO: check
+CVE-2024-28795 (IBM InfoSphere Information Server 11.7 is vulnerable to
cross-site scr ...)
+ TODO: check
+CVE-2024-28794 (IBM InfoSphere Information Server 11.7 is vulnerable to
cross-site scr ...)
+ TODO: check
+CVE-2023-50964 (IBM InfoSphere Information Server 11.7 is vulnerable to
cross-site scr ...)
+ TODO: check
+CVE-2023-50954 (IBM InfoSphere Information Server 11.7 returns sensitive
information i ...)
+ TODO: check
+CVE-2023-50953 (IBM InfoSphere Information Server 11.7 could allow a remote
attacker t ...)
+ TODO: check
+CVE-2023-50952 (IBM InfoSphere Information Server 11.7 is vulnerable to
server-side re ...)
+ TODO: check
+CVE-2023-35022 (IBM InfoSphere Information Server 11.7 could allow a local
user to upd ...)
+ TODO: check
CVE-2024-6415 (A vulnerability classified as problematic was found in Ingenico
Estate ...)
NOT-FOR-US: ngenico Estate Manager
CVE-2024-6414 (A vulnerability classified as problematic has been found in
Parsec Aut ...)
@@ -3503,17 +3529,17 @@ CVE-2024-38448 (htags in GNU Global through 6.6.12
allows code execution in situ
NOTE:
https://lists.gnu.org/archive/html/bug-global/2024-05/msg9.html
CVE-2024-38443 (C/sorting/binary_insertion_sort.c in The Algorithms - C
through e5dad3 ...)
NOT-FOR-US: The Algorithms - C
-CVE-2024-38441 (Netatalk 3.2.0 has an off-by-one error and resultant
heap-based buffer ...)
+CVE-2024-38441 (Netatalk before 3.2.1 has an off-by-one error and resultant
heap-based ...)
- netatalk (bug #1074475)
NOTE: https://github.com/Netatalk/netatalk/issues/1098
NOTE: https://netatalk.io/security/CVE-2024-38441
NOTE:
https://github.com/Netatalk/netatalk/commit/77b5d99007cfef4d73d76fd6f0c26584891608e5
(netatalk-3-2-1)
-CVE-2024-38440 (Netatalk 3.2.0 has an off-by-one error, and resultant
heap-based buffe ...)
+CVE-2024-38440 (Netatalk before 3.2.1 has an off-by-one error, and resultant
heap-base ...)
- netatalk (bug #1074474)
NOTE: https://github.com/Netatalk/netatalk/issues/1097
NOTE: https://netatalk.io/security/CVE-2024-38440
NOTE:
https://github.com/Netatalk/netatalk/commit/77b5d99007cfef4d73d76fd6f0c26584891608e5
(netatalk-3-2-1)
-CVE-2024-38439 (Netatalk 3.2.0 has an off-by-one error and resultant
heap-based buffer ...)
+CVE-2024-38439 (Netatalk before 3.2.1 has an off-by-one error and resultant
heap-based ...)
- netatalk (bug #1074473)
NOTE: https://github.com/Netatalk/netatalk/issues/1096
NOTE: https://netatalk.io/security/CVE-2024-38439
@@ -22515,7 +22541,7 @@ CVE-2024-27282 (An issue was discovered in Ruby 3.x
through 3.3.0. If attacker-s
NOTE:
https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
NOTE:
https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a
CVE-2024-33602 (nscd: netgroup cache assumes NSS callback uses in-buffer
strings The ...)
- {DSA-5678-1}
+ {DSA-5678-1 DLA-3850-1}
- glibc 2.37-19
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31680
NOTE:
https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fwei...@redhat.com/
@@ -22523,7 +22549,7 @@ CVE-2024-33602 (nscd: netgroup cache assumes NSS
callback uses in-buffer strings
NOTE:
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008
NOTE: Fixed by:
https://sourceware.org/git?p=glibc.git;a=commit;h=c04a21e050d64a1193a6daab872bca2528bda44b
CVE-2024-33601 (nscd: netgroup cache may terminate daemon on memory allocation
failure ...)
- {DSA-5678-1}
+ {DSA-5678-1 DLA-3850-1}
- glibc 2.37-19
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31679
NOTE:
https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fwei...@redhat.com/
@@ -22531,7 +22557,7 @@ CVE-2024-33601 (nscd:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 11e7bb32 by security tracker role at 2024-06-30T08:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2024-6415 (A vulnerability classified as problematic was found in Ingenico Estate ...) + TODO: check +CVE-2024-6414 (A vulnerability classified as problematic has been found in Parsec Aut ...) + TODO: check +CVE-2024-5926 (Path Traversal: '\..\filename' in GitHub repository stitionai/devika p ...) + TODO: check +CVE-2024-39848 (Internet2 Grouper before 5.6 allows authentication bypass when LDAP au ...) + TODO: check +CVE-2024-39846 (NewPass before 1.2.0 stores passwords (rather than password hashes) di ...) + TODO: check CVE-2024-5819 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) NOT-FOR-US: WordPress plugin CVE-2024-39840 (Factorio before 1.1.101 allows a crafted server to execute arbitrary c ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11e7bb329e63a51520435cc49e502d26ad24e317 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11e7bb329e63a51520435cc49e502d26ad24e317 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c0b1e43 by security tracker role at 2024-06-29T20:11:49+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2024-5819 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) + TODO: check +CVE-2024-39840 (Factorio before 1.1.101 allows a crafted server to execute arbitrary c ...) + TODO: check +CVE-2024-2386 (The WordPress Plugin for Google Maps \u2013 WP MAPS plugin for WordPre ...) + TODO: check +CVE-2024-25943 (iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50. ...) + TODO: check +CVE-2023-4017 (The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scr ...) + TODO: check CVE-2024-6405 (The Floating Social Buttons plugin for WordPress is vulnerable to Cros ...) NOT-FOR-US: WordPress plugin CVE-2024-6363 (The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Si ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c0b1e438a14e458872ee4481bb7ebbb9b636038 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c0b1e438a14e458872ee4481bb7ebbb9b636038 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b9d74556 by security tracker role at 2024-06-29T08:12:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,37 @@
+CVE-2024-6405 (The Floating Social Buttons plugin for WordPress is vulnerable
to Cros ...)
+ TODO: check
+CVE-2024-6363 (The Stock Ticker plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2024-6265 (The UsersWP \u2013 Front-end login form, User Registration,
User Profi ...)
+ TODO: check
+CVE-2024-5942 (The Page and Post Clone plugin for WordPress is vulnerable to
Insecure ...)
+ TODO: check
+CVE-2024-5889 (The Events Manager \u2013 Calendar, Bookings, Tickets, and
more! plugi ...)
+ TODO: check
+CVE-2024-5790 (The Happy Addons for Elementor plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2024-5666 (The Extensions for Elementor plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
+CVE-2024-5598 (The Advanced File Manager plugin for WordPress is vulnerable to
Sensit ...)
+ TODO: check
+CVE-2024-5192 (The Funnel Builder for WordPress by FunnelKit \u2013 Customize
WooComm ...)
+ TODO: check
+CVE-2024-39828 (R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in
a modifi ...)
+ TODO: check
+CVE-2024-39307 (Kavita is a cross platform reading server. Opening an ebook
with malic ...)
+ TODO: check
+CVE-2024-39302 (BigBlueButton is an open-source virtual classroom designed to
help tea ...)
+ TODO: check
+CVE-2024-38533 (ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs
to scal ...)
+ TODO: check
+CVE-2024-38532 (The NXP Data Co-Processor (DCP) is a built-in hardware module
for spec ...)
+ TODO: check
+CVE-2024-38525 (dd-trace-cpp is the Datadog distributed tracing for C++. When
the libr ...)
+ TODO: check
+CVE-2024-38518 (BigBlueButton is an open-source virtual classroom designed to
help tea ...)
+ TODO: check
+CVE-2019-25211 (parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0
mishandle ...)
+ TODO: check
CVE-2024-6403 (A vulnerability, which was classified as critical, has been
found in T ...)
NOT-FOR-US: Tenda
CVE-2024-6402 (A vulnerability classified as critical was found in Tenda A301
15.13.0 ...)
@@ -313,7 +347,7 @@ CVE-2024-38523 (Hush Line is a free and open-source,
anonymous-tip-line-as-a-ser
NOT-FOR-US: Hush Line
CVE-2024-38515
REJECTED
-CVE-2024-35260 (Microsoft Dataverse Remote Code Execution Vulnerability)
+CVE-2024-35260 (An authenticated attacker can exploit an Untrusted Search Path
vulnera ...)
NOT-FOR-US: Microsoft
CVE-2024-35153 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to
cross-si ...)
NOT-FOR-US: IBM
@@ -358,10 +392,10 @@ CVE-2023-38370 (IBM Security Access Manager Docker
10.0.0.0 through 10.0.7.1, un
NOT-FOR-US: IBM
CVE-2023-38368 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1
could dis ...)
NOT-FOR-US: IBM
-CVE-2024-37371
+CVE-2024-37371 (In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can
cause inva ...)
- krb5 1.21.3-1
NOTE:
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
(krb5-1.21.3-final)
-CVE-2024-37370
+CVE-2024-37370 (In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can
modify the ...)
- krb5 1.21.3-1
NOTE:
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
(krb5-1.21.3-final)
CVE-2024-5535 (Issue summary: Calling the OpenSSL API function
SSL_select_next_proto ...)
@@ -1256,7 +1290,7 @@ CVE-2024-6268 (A vulnerability, which was classified as
critical, has been found
CVE-2024-4841 (A Path Traversal vulnerability exists in the
parisneo/lollms-webui, sp ...)
NOT-FOR-US: parisneo/lollms-webui
CVE-2024-39331 (In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el
expands a % ...)
- {DSA-5719-1 DSA-5718-1}
+ {DSA-5719-1 DSA-5718-1 DLA-3849-1 DLA-3848-1}
- emacs 1:29.4+1-1 (bug #1074137)
- org-mode 9.7.5+dfsg-1 (bug #1074136)
[bookworm] - org-mode (Produces only a dependency binary
package)
@@ -21503,7 +21537,7 @@ CVE-2023-38002 (IBM Storage Scale 5.1.0.0 through
5.1.9.2 could allow an authent
CVE-2023-36268 (An issue in The Document Foundation Libreoffice v.7.4.7 allows
a remot ...)
- libreoffice (unimportant)
NOTE: Resource overload in desktop app, no security impact
-CVE-2024-29040
+CVE-2024-29040 (This repository hosts source code implementing the Trusted
Computing G ...)
- tpm2-tss 4.1.0-1 (bug #1070140)
[bookworm] - tpm2-tss (Minor issue)
[bullseye] - tpm2-tss (Minor issue)
View it on GitLab:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e1d22b1c by security tracker role at 2024-06-28T20:12:57+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,81 @@ +CVE-2024-6403 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-6402 (A vulnerability classified as critical was found in Tenda A301 15.13.0 ...) + TODO: check +CVE-2024-5972 + REJECTED +CVE-2024-5925 (The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-5922 (The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-5827 (Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration ...) + TODO: check +CVE-2024-5737 (Script afGdStream.php inAdmirorFrames Joomla! extension doesn\u2019t s ...) + TODO: check +CVE-2024-5736 (Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joom ...) + TODO: check +CVE-2024-5735 (Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension ...) + TODO: check +CVE-2024-5712 (Cross-Site Request Forgery (CSRF) in stitionai/devika) + TODO: check +CVE-2024-5662 (The Ultimate Post Kit Addons For Elementor \u2013 (Post Grid, Post Car ...) + TODO: check +CVE-2024-5424 (The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTub ...) + TODO: check +CVE-2024-3995 (In Helix ALM versions prior to 2024.2.0, a local command injection was ...) + TODO: check +CVE-2024-3816 (Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a ...) + TODO: check +CVE-2024-3801 (Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to R ...) + TODO: check +CVE-2024-3800 (Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to R ...) + TODO: check +CVE-2024-39704 (Soft Circle French-Bread Melty Blood: Actress Again: Current Code thro ...) + TODO: check +CVE-2024-38531 (Nix is a package manager for Linux and other Unix systems that makes p ...) + TODO: check +CVE-2024-38528 (nptd-rs is a tool for synchronizing your computer's clock, implementin ...) + TODO: check +CVE-2024-38522 (Hush Line is a free and open-source, anonymous-tip-line-as-a-service f ...) + TODO: check +CVE-2024-38521 (Hush Line is a free and open-source, anonymous-tip-line-as-a-service f ...) + TODO: check +CVE-2024-38514 (NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side ...) + TODO: check +CVE-2024-38374 (The CycloneDX core module provides a model representation of the SBOM ...) + TODO: check +CVE-2024-38371 (authentik is an open-source Identity Provider. Access restrictions ass ...) + TODO: check +CVE-2024-38322 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent us ...) + TODO: check +CVE-2024-37905 (authentik is an open-source Identity Provider that emphasizes flexibil ...) + TODO: check +CVE-2024-37741 (OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile ...) + TODO: check +CVE-2024-35156 (IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sens ...) + TODO: check +CVE-2024-35155 (IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote ...) + TODO: check +CVE-2024-35139 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could all ...) + TODO: check +CVE-2024-35137 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could all ...) + TODO: check +CVE-2024-35116 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to ...) + TODO: check +CVE-2024-31919 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain confi ...) + TODO: check +CVE-2024-31912 (IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalat ...) + TODO: check +CVE-2024-27629 (An issue in dc2niix before v.1.0.20240202 allows a local attacker to e ...) + TODO: check +CVE-2024-27628 (Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to e ...) + TODO: check +CVE-2024-25053 (IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 1 ...) + TODO: check +CVE-2024-25041 (IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 1 ...) + TODO: check +CVE-2024-25031 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an ...) + TODO: check CVE-2024-6296 (The Stackable \u2013 Page Builder Gutenberg Blocks plugin for WordPres ...) NOT-FOR-US: WordPress plugin CVE-2024-6288 (The Conversios \u2013 Google Analytics 4 (GA4), Meta Pixel & more Via ...) @@ -17985,10 +18063,12 @@ CVE-2024-34511 CVE-2024-34510 (Gradio before 4.20 allows credential
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9a9218f0 by security tracker role at 2024-06-28T08:11:45+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,95 @@
+CVE-2024-6296 (The Stackable \u2013 Page Builder Gutenberg Blocks plugin for
WordPres ...)
+ TODO: check
+CVE-2024-6288 (The Conversios \u2013 Google Analytics 4 (GA4), Meta Pixel &
more Via ...)
+ TODO: check
+CVE-2024-6071 (PTC Creo Elements/Direct License Server exposes a web interface
which ...)
+ TODO: check
+CVE-2024-5864 (The Easy Affiliate Links plugin for WordPress is vulnerable to
unautho ...)
+ TODO: check
+CVE-2024-5863 (The Easy Image Collage plugin for WordPress is vulnerable to
unauthori ...)
+ TODO: check
+CVE-2024-5796 (The Infinite theme for WordPress is vulnerable to Stored
Cross-Site Sc ...)
+ TODO: check
+CVE-2024-5788 (The Silesia theme for WordPress is vulnerable to Stored
Cross-Site Scr ...)
+ TODO: check
+CVE-2024-5730 (The Pagerank tools WordPress plugin through 1.1.5 does not
sanitise an ...)
+ TODO: check
+CVE-2024-5729 (The Simple AL Slider WordPress plugin through 1.2.10 does not
sanitise ...)
+ TODO: check
+CVE-2024-5728 (The Animated AL List WordPress plugin through 1.0.6 does not
sanitise ...)
+ TODO: check
+CVE-2024-5727 (The Widget4Call WordPress plugin through 1.0.7 does not
sanitise and e ...)
+ TODO: check
+CVE-2024-5642 (CPython 3.9 and earlier doesn't disallow configuring an empty
list ("[ ...)
+ TODO: check
+CVE-2024-5570 (The Simple Photoswipe WordPress plugin through 0.1 does not
have autho ...)
+ TODO: check
+CVE-2024-4395 (The XPC service within the audit functionality of Jamf
Compliance Edit ...)
+ TODO: check
+CVE-2024-39708 (An issue was discovered in the Agent in Delinea Privilege
Manager (for ...)
+ TODO: check
+CVE-2024-39705 (NLTK through 3.8.1 allows remote code execution if untrusted
packages ...)
+ TODO: check
+CVE-2024-39352 (A vulnerability regarding incorrect authorization is found in
the firm ...)
+ TODO: check
+CVE-2024-39351 (A vulnerability regarding improper neutralization of special
elements ...)
+ TODO: check
+CVE-2024-39350 (A vulnerability regarding authentication bypass by spoofing is
found i ...)
+ TODO: check
+CVE-2024-39349 (A vulnerability regarding buffer copy without checking size of
input ( ...)
+ TODO: check
+CVE-2024-39348 (Download of code without integrity check vulnerability in
AirPrint fun ...)
+ TODO: check
+CVE-2024-39347 (Incorrect default permissions vulnerability in firewall
functionality ...)
+ TODO: check
+CVE-2024-39209 (luci-app-sms-tool v1.9-6 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2024-39134 (A Stack Buffer Overflow vulnerability in zziplibv 0.13.77
allows attac ...)
+ TODO: check
+CVE-2024-39132 (A NULL Pointer Dereference vulnerability in DumpTS
v0.1.0-nightly allo ...)
+ TODO: check
+CVE-2024-37282 (It was identified that under certain specific preconditions,
an API ke ...)
+ TODO: check
+CVE-2024-37137 (Dell Key Trust Platform, v3.0.6 and prior, contains Use of a
Cryptogra ...)
+ TODO: check
+CVE-2024-36755 (D-Link DIR-1950 up to v1.11B03 does not validate SSL
certificates when ...)
+ TODO: check
+CVE-2024-36075 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys
Unify thr ...)
+ TODO: check
+CVE-2024-36074 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys
Unify thr ...)
+ TODO: check
+CVE-2024-36073 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys
Unify thr ...)
+ TODO: check
+CVE-2024-36072 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys
Unify thr ...)
+ TODO: check
+CVE-2024-36059 (Directory Traversal vulnerability in Kalkitech ASE ASE61850
IEDSmart u ...)
+ TODO: check
+CVE-2024-30135 (HCL DRYiCE AEX is potentially impacted by disclosure of
sensitive info ...)
+ TODO: check
+CVE-2024-30111 (HCL DRYiCE AEX product is impacted by Missing Root Detection
vulnerabi ...)
+ TODO: check
+CVE-2024-30110 (HCL DRYiCE AEX product is impacted by lack of input validation
vulnera ...)
+ TODO: check
+CVE-2024-30109 (HCL DRYiCE AEX is impacted by a lack of clickjacking
protection in the ...)
+ TODO: check
+CVE-2024-2973 (An Authentication Bypass Using an Alternate Path or Channel
vulnerabil ...)
+ TODO: check
+CVE-2024-2795 (The SEO SIMPLE PACK plugin for WordPress is vulnerable to
Information ...)
+ TODO: check
+CVE-2024-22276 (VMware Cloud Director Object Storage Extension contains an
Insertion o ...)
+ TODO: check
+CVE-2024-22272 (VMware Cloud Director contains an Improper Privilege
Management vulner ...)
+
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 088fde68 by security tracker role at 2024-06-27T20:12:32+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,10 +1,162 @@ +CVE-2024-6388 (Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, be ...) + TODO: check +CVE-2024-6374 (A vulnerability was found in lahirudanushka School Management System 1 ...) + TODO: check +CVE-2024-6373 (A vulnerability has been found in itsourcecode Online Food Ordering Sy ...) + TODO: check +CVE-2024-6372 (A vulnerability, which was classified as critical, was found in itsour ...) + TODO: check +CVE-2024-6371 (A vulnerability, which was classified as critical, has been found in i ...) + TODO: check +CVE-2024-6370 (A vulnerability classified as problematic was found in LabVantage LIMS ...) + TODO: check +CVE-2024-6369 (A vulnerability classified as problematic has been found in LabVantage ...) + TODO: check +CVE-2024-6368 (A vulnerability was found in LabVantage LIMS 2017. It has been rated a ...) + TODO: check +CVE-2024-6367 (A vulnerability was found in LabVantage LIMS 2017. It has been declare ...) + TODO: check +CVE-2024-6262 (The Portfolio Gallery \u2013 Image Gallery Plugin plugin for WordPress ...) + TODO: check +CVE-2024-6250 (An absolute path traversal vulnerability exists in parisneo/lollms-web ...) + TODO: check +CVE-2024-6139 (A path traversal vulnerability exists in the XTTS server of the parisn ...) + TODO: check +CVE-2024-6127 (BC Security Empire before 5.9.3 is vulnerable to a path traversal issu ...) + TODO: check +CVE-2024-6090 (A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt ve ...) + TODO: check +CVE-2024-6086 (In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardle ...) + TODO: check +CVE-2024-6085 (A path traversal vulnerability exists in the XTTS server included in t ...) + TODO: check +CVE-2024-6038 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...) + TODO: check +CVE-2024-5980 (A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-l ...) + TODO: check +CVE-2024-5979 (In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` ...) + TODO: check +CVE-2024-5936 (An open redirect vulnerability exists in imartinez/privategpt version ...) + TODO: check +CVE-2024-5935 (A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of ...) + TODO: check +CVE-2024-5933 (A Cross-site Scripting (XSS) vulnerability exists in the chat function ...) + TODO: check +CVE-2024-5885 (stangirard/quivr version 0.0.236 contains a Server-Side Request Forger ...) + TODO: check +CVE-2024-5826 (In the latest version of vanna-ai/vanna, the `vanna.ask` function is v ...) + TODO: check +CVE-2024-5824 (A path traversal vulnerability in the `/set_personality_config` endpoi ...) + TODO: check +CVE-2024-5822 (A Server-Side Request Forgery (SSRF) vulnerability exists in the uploa ...) + TODO: check +CVE-2024-5820 (Missing Authorization in stitionai/devika) + TODO: check +CVE-2024-5755 (In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email v ...) + TODO: check +CVE-2024-5751 (BerriAI/litellm version v1.35.8 contains a vulnerability where an atta ...) + TODO: check +CVE-2024-5714 (In lunary-ai/lunary version 1.2.4, an improper access control vulnerab ...) + TODO: check +CVE-2024-5710 (berriai/litellm version 1.34.34 is vulnerable to improper access contr ...) + TODO: check +CVE-2024-5548 (Path Traversal in GitHub repository stitionai/devika prior to -.) + TODO: check +CVE-2024-5547 (Relative Path Traversal in GitHub repository stitionai/devika prior to ...) + TODO: check +CVE-2024-5334 (External Control of File Name or Path in GitHub repository stitionai/d ...) + TODO: check +CVE-2024-4983 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...) + TODO: check +CVE-2024-4578 (This Advisory describes an issue that impacts Arista Wireless Access P ...) + TODO: check +CVE-2024-3331 (Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server E ...) + TODO: check +CVE-2024-3330 (Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, ...) + TODO: check +CVE-2024-3043 (An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can ...) + TODO: check +CVE-2024-3017 (In a Silicon Labsmulti-protocol gateway, a corrupt pointer to buffer ...) + TODO: check +CVE-2024-39669 (In the Console in Soffid IAM before 3.5.39, necessary checks were not ...) + TODO: check +CVE-2024-39376 (TELSAT marKoni FM Transmitters are
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 536d20c0 by security tracker role at 2024-06-27T08:11:59+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,75 @@ +CVE-2024-6355 (A vulnerability was found in Genexis Tilgin Fiber Home Gateway HG1522 ...) + TODO: check +CVE-2024-6323 (Improper authorization in global search in GitLab EE affecting all ver ...) + TODO: check +CVE-2024-6283 (The DethemeKit For Elementor plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-6054 (The Auto Featured Image plugin for WordPress is vulnerable to arbitrar ...) + TODO: check +CVE-2024-5655 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-5601 (The Create by Mediavine plugin for WordPress is vulnerable to Stored C ...) + TODO: check +CVE-2024-5430 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-5289 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) + TODO: check +CVE-2024-4901 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-4704 (The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect ...) + TODO: check +CVE-2024-4664 (The WP Chat App WordPress plugin before 3.6.5 does not sanitise and es ...) + TODO: check +CVE-2024-4570 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-4569 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-4557 (Multiple Denial of Service (DoS) conditions has been discovered in Git ...) + TODO: check +CVE-2024-4011 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-3959 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-3115 (An issue was discovered in GitLab EE affecting all versions starting f ...) + TODO: check +CVE-2024-3111 (The Interactive Content WordPress plugin before 1.15.8 does not valid ...) + TODO: check +CVE-2024-37734 (An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privile ...) + TODO: check +CVE-2024-37571 (Buffer Overflow vulnerability in SAS Broker 9.2 build 1495 allows atta ...) + TODO: check +CVE-2024-37248 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37247 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-36829 (Incorrect access control in Teldat M1 v11.00.05.50.01 allows attackers ...) + TODO: check +CVE-2024-2191 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-28984 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 10 ...) + TODO: check +CVE-2024-28983 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 10 ...) + TODO: check +CVE-2024-28982 (Hitachi Vantara Pentaho Business Analytics Server versions before 10.1 ...) + TODO: check +CVE-2024-23767 (An issue was discovered on HMS Anybus X-Gateway AB7832-F firmware vers ...) + TODO: check +CVE-2024-23766 (An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. Th ...) + TODO: check +CVE-2024-23765 (An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. Th ...) + TODO: check +CVE-2024-22232 (A specially crafted url can be created which leads to a directory trav ...) + TODO: check +CVE-2024-22231 (Syndic cache directory creation is vulnerable to a directory traversal ...) + TODO: check +CVE-2024-1839 (Intrado 911 Emergency Gateway login form is vulnerable to an unauthent ...) + TODO: check +CVE-2024-1816 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-1493 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-1330 (The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent ...) + TODO: check CVE-2024- [RUSTSEC-2024-0345] - rust-sequoia-openpgp (bug #1074352) [bookworm] - rust-sequoia-openpgp (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/536d20c0af9cd144aafa5dfe9e7728cb3d40c36c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/536d20c0af9cd144aafa5dfe9e7728cb3d40c36c You're receiving this email because of your account on
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5e55cfd5 by security tracker role at 2024-06-26T20:12:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,55 @@
+CVE-2024-6354 (Improper access control in PAM dashboard in Devolutions Remote
Desktop ...)
+ TODO: check
+CVE-2024-6349
+ REJECTED
+CVE-2024-6344 (A vulnerability, which was classified as problematic, was found
in ZKT ...)
+ TODO: check
+CVE-2024-4604 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in M ...)
+ TODO: check
+CVE-2024-4228 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-39460 (Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and
earlier p ...)
+ TODO: check
+CVE-2024-39459 (In rare cases Jenkins Plain Credentials Plugin
182.v468b_97b_9dcb_8 an ...)
+ TODO: check
+CVE-2024-39458 (When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier
fails to c ...)
+ TODO: check
+CVE-2024-39243 (An issue discovered in skycaiji 2.8 allows attackers to run
arbitrary ...)
+ TODO: check
+CVE-2024-39242 (A cross-site scripting (XSS) vulnerability in skycaiji v2.8
allows att ...)
+ TODO: check
+CVE-2024-39241 (Cross Site Scripting (XSS) vulnerability in skycaiji 2.8
allows attack ...)
+ TODO: check
+CVE-2024-38950 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows
attacker ...)
+ TODO: check
+CVE-2024-38949 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows
attacker ...)
+ TODO: check
+CVE-2024-38527 (ZenUML is JavaScript-based diagramming tool that requires no
server, u ...)
+ TODO: check
+CVE-2024-38520 (SoftEtherVPN is a an open-source cross-platform multi-protocol
VPN Pro ...)
+ TODO: check
+CVE-2024-38375 (@fastly/js-compute is a JavaScript SDK and runtime for
building Fastly ...)
+ TODO: check
+CVE-2024-38272 (There exists a vulnerability in Quickshare/Nearby where an
attacker ca ...)
+ TODO: check
+CVE-2024-38271 (There exists a vulnerability in Quickshare/Nearby where an
attacker ca ...)
+ TODO: check
+CVE-2024-37252 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-37098 (Server-Side Request Forgery (SSRF) vulnerability in Blossom
Themes Blo ...)
+ TODO: check
+CVE-2024-35545 (MAP-OS v4.45.0 and earlier was discovered to contain a
cross-site scri ...)
+ TODO: check
+CVE-2024-33329 (A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x
allows att ...)
+ TODO: check
+CVE-2024-33328 (A cross-site scripting (XSS) vulnerability in the component
main.jsp o ...)
+ TODO: check
+CVE-2024-33327 (A cross-site scripting (XSS) vulnerability in the component
UrlAccessi ...)
+ TODO: check
+CVE-2024-33326 (A cross-site scripting (XSS) vulnerability in the component
XsltResult ...)
+ TODO: check
+CVE-2024-25637 (October is a self-hosted CMS platform based on the Laravel PHP
Framewo ...)
+ TODO: check
CVE-2024-6060 (An information disclosure vulnerability in Phloc Webscopes
7.0.0 allow ...)
NOT-FOR-US: Phloc Webscopes
CVE-2024-5573 (The Easy Table of Contents WordPress plugin before 2.0.66 does
not san ...)
@@ -60,7 +112,7 @@ CVE-2024-37855 (An issue in Nepstech Wifi Router xpon
(terminal) NTPL-Xpon1GFEVN
NOT-FOR-US: Nepstech Wifi Router
CVE-2024-37843 (Craft CMS up to v3.7.31 was discovered to contain a SQL
injection vuln ...)
NOT-FOR-US: Craft CMS
-CVE-2024-37742 (An issue in Safe Exam Browser for Windows before 3.6 allows an
attacke ...)
+CVE-2024-37742 (Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on
Windows. ...)
NOT-FOR-US: Safe Exam Browser
CVE-2024-37141 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS
7.10.1. ...)
NOT-FOR-US: Dell
@@ -6622,7 +6674,7 @@ CVE-2024-5171 (Integer overflow in libaom internal
functionimg_alloc_helper can
NOTE:
https://aomedia.googlesource.com/aom/+/19d9966572a410804349e1a8ee2017fed49a6dab
NOTE:
https://aomedia.googlesource.com/aom/+/8156fb76d88845d716867d20333fd27001be47a8
CVE-2024-5197 (There exists interger overflows in libvpx in versions prior to
1.14.1. ...)
- {DLA-3830-1}
+ {DSA-5722-1 DLA-3830-1}
- libvpx 1.14.1-1
NOTE: https://issues.chromium.org/issues/332382766
NOTE:
https://github.com/webmproject/libvpx/commit/c5640e3300690705c336966e2a8bb346a388c829
@@ -14824,6 +14876,7 @@ CVE-2024-32636 (A vulnerability has been identified in
Parasolid V35.1 (All vers
CVE-2024-32635 (A vulnerability has been identified in Parasolid V35.1 (All
versions < ...)
NOT-FOR-US: Siemens
CVE-2024-32465 (Git is a revision control system. The Git project recommends
to
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eef40b59 by security tracker role at 2024-06-26T08:11:55+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,121 @@ +CVE-2024-6060 (An information disclosure vulnerability in Phloc Webscopes 7.0.0 allow ...) + TODO: check +CVE-2024-5573 (The Easy Table of Contents WordPress plugin before 2.0.66 does not san ...) + TODO: check +CVE-2024-5473 (The Simple Photoswipe WordPress plugin through 0.1 does not sanitise a ...) + TODO: check +CVE-2024-5460 (A vulnerability in the default configuration of the Simple Network Ma ...) + TODO: check +CVE-2024-5332 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-5215 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) + TODO: check +CVE-2024-5199 (The Spotify Play Button WordPress plugin through 1.0 does not validate ...) + TODO: check +CVE-2024-5181 (A command injection vulnerability exists in the mudler/localai version ...) + TODO: check +CVE-2024-5173 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) + TODO: check +CVE-2024-5169 (The Video Widget WordPress plugin through 1.2.3 does not sanitise and ...) + TODO: check +CVE-2024-5071 (The Bookster WordPress plugin through 1.1.0 allows adding sensitive p ...) + TODO: check +CVE-2024-5019 (In WhatsUp Gold versions released before 2023.1.3, an unauthenticated ...) + TODO: check +CVE-2024-5018 (In WhatsUp Gold versions released before 2023.1.3, an unauthenticated ...) + TODO: check +CVE-2024-5017 (In WhatsUp Gold versions released before 2023.1.3, a path traversal vu ...) + TODO: check +CVE-2024-5016 (In WhatsUp Gold versions released before 2023.1.3, Distributed Edition ...) + TODO: check +CVE-2024-5015 (In WhatsUp Gold versions released before 2023.1.3,an authenticated SSR ...) + TODO: check +CVE-2024-5014 (In WhatsUp Gold versions released before 2023.1.3, a Server Side Reque ...) + TODO: check +CVE-2024-5013 (In WhatsUp Gold versions released before 2023.1.3,an unauthenticated D ...) + TODO: check +CVE-2024-5012 (In WhatsUp Gold versions released before 2023.1.3, there is amissing a ...) + TODO: check +CVE-2024-4959 (The Frontend Checklist WordPress plugin through 2.3.2 does not sanitis ...) + TODO: check +CVE-2024-4957 (The Frontend Checklist WordPress plugin through 2.3.2 does not sanitis ...) + TODO: check +CVE-2024-4869 (The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPre ...) + TODO: check +CVE-2024-4758 (The Muslim Prayer Time BD WordPress plugin through 2.4 does not have C ...) + TODO: check +CVE-2024-4106 (A vulnerability has been found in FAST/TOOLS and CI Server. The affect ...) + TODO: check +CVE-2024-4105 (A vulnerability has been found in FAST/TOOLS and CI Server. The affect ...) + TODO: check +CVE-2024-3633 (The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitis ...) + TODO: check +CVE-2024-38526 (pdoc provides API Documentation for Python Projects. Documentation gen ...) + TODO: check +CVE-2024-38516 (ai-client-html is an Aimeos e-commerce HTML client component. Debug in ...) + TODO: check +CVE-2024-38364 (DSpace is an open source software is a turnkey repository application ...) + TODO: check +CVE-2024-37855 (An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hard ...) + TODO: check +CVE-2024-37843 (Craft CMS up to v3.7.31 was discovered to contain a SQL injection vuln ...) + TODO: check +CVE-2024-37742 (An issue in Safe Exam Browser for Windows before 3.6 allows an attacke ...) + TODO: check +CVE-2024-37141 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...) + TODO: check +CVE-2024-37140 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...) + TODO: check +CVE-2024-37139 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...) + TODO: check +CVE-2024-37138 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...) + TODO: check +CVE-2024-36802 + REJECTED +CVE-2024-35527 (An arbitrary file upload vulnerability in /fileupload/upload.cfm in Da ...) + TODO: check +CVE-2024-35526 (An issue in Daemon PTY Limited FarCry Core framework before 7.2.14 all ...) + TODO: check +CVE-2024-34581 (The W3C XML Signature Syntax and Processing (XMLDsig) specification, s ...) + TODO: check +CVE-2024-34580 (Apache XML Security for C++ through 2.0.4 implements the XML Signature ...) + TODO: check +CVE-2024-34400 (An issue was discovered in VirtoSoftware Virto Kanban Board
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 09fb2f83 by security tracker role at 2024-06-25T20:12:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = The diff for this file was not included because it is too large. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09fb2f833240101f9c97ed9c0fa56d782f9ec7f3 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09fb2f833240101f9c97ed9c0fa56d782f9ec7f3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ba15c604 by security tracker role at 2024-06-25T08:12:39+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,16 +1,138 @@ -CVE-2024-6293 +CVE-2024-6297 (Several plugins for WordPress hosted on WordPress.org have been compro ...) + TODO: check +CVE-2024-6295 (udn News Android APP stores the unencrypted user session in the local ...) + TODO: check +CVE-2024-6294 (udn News Android APP stores the user session in logcat file when user ...) + TODO: check +CVE-2024-5431 (The WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and ...) + TODO: check +CVE-2024-4759 (The Mime Types Extended WordPress plugin through 0.11 does not sanitis ...) + TODO: check +CVE-2024-4757 (The Logo Manager For Enamad WordPress plugin through 0.7.0 does not ha ...) + TODO: check +CVE-2024-4197 (An unrestrictedfile upload vulnerability in Avaya IP Officewas discove ...) + TODO: check +CVE-2024-4196 (An improper input validation vulnerability was discovered in Avaya IP ...) + TODO: check +CVE-2024-3249 (The Zita Elementor Site Library plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-38903 (H3C Magic R230 V100R002's udpserver opens port 9034, allowing attacker ...) + TODO: check +CVE-2024-38902 (H3C Magic R230 V100R002 was discovered to contain a hardcoded password ...) + TODO: check +CVE-2024-38897 (WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive ...) + TODO: check +CVE-2024-38896 (WAVLINK WN551K1 found a command injection vulnerability through the st ...) + TODO: check +CVE-2024-38895 (WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive r ...) + TODO: check +CVE-2024-38894 (WAVLINK WN551K1 found a command injection vulnerability through the IP ...) + TODO: check +CVE-2024-38892 (An issue in Wavlink WN551K1 allows a remote attacker to obtain sensiti ...) + TODO: check +CVE-2024-37759 (DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring E ...) + TODO: check +CVE-2024-37007 (A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL th ...) + TODO: check +CVE-2024-37006 (A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll throu ...) + TODO: check +CVE-2024-37005 (A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL th ...) + TODO: check +CVE-2024-37004 (A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll thro ...) + TODO: check +CVE-2024-37003 (A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dl ...) + TODO: check +CVE-2024-37002 (A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthroug ...) + TODO: check +CVE-2024-37001 ([A maliciously crafted 3DM file, when parsed in opennurbs.dll through ...) + TODO: check +CVE-2024-37000 (A maliciously crafted X_B file, when parsed in pskernel.DLL through Au ...) + TODO: check +CVE-2024-36999 (A maliciously crafted 3DM file, when parsed in opennurbs.dll through A ...) + TODO: check +CVE-2024-36683 (SQL injection vulnerability in the module "Products Alert" (productsal ...) + TODO: check +CVE-2024-36682 (In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promok ...) + TODO: check +CVE-2024-36681 (SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7 ...) + TODO: check +CVE-2024-34992 (SQL Injection vulnerability in the module "Help Desk - Customer Suppor ...) + TODO: check +CVE-2024-34991 (In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique ...) + TODO: check +CVE-2024-34988 (SQL injection vulnerability in the module "Complete for Create a Quote ...) + TODO: check +CVE-2024-33898 (Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorre ...) + TODO: check +CVE-2024-32855 (Dell Client Platform BIOS contains an Out-of-bounds Write vulnerabilit ...) + TODO: check +CVE-2024-23159 (A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll t ...) + TODO: check +CVE-2024-23158 (A maliciously crafted IGES file, when parsed in ASMImport229A.dll thro ...) + TODO: check +CVE-2024-23157 (A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL. ...) + TODO: check +CVE-2024-23156 (A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMke ...) + TODO: check +CVE-2024-23155 (A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll ...) + TODO: check +CVE-2024-23154 (A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll throug ...) + TODO: check +CVE-2024-23153 (A maliciously crafted MODEL file, when parsed in libodx.dll
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4692c63d by security tracker role at 2024-06-24T20:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,69 +1,149 @@
-CVE-2024-39292 [um: Add winch to winch_handlers before registering winch IRQ]
+CVE-2024-6287 (Incorrect Calculation vulnerability in Renesas
arm-trusted-firmware al ...)
+ TODO: check
+CVE-2024-6285 (Integer Underflow (Wrap or Wraparound) vulnerability in Renesas
arm-tr ...)
+ TODO: check
+CVE-2024-6160 (SQL Injection vulnerability in MegaBIP software allows attacker
to dis ...)
+ TODO: check
+CVE-2024-6104 (go-retryablehttp prior to 0.7.7 did not sanitize urls when
writing the ...)
+ TODO: check
+CVE-2024-5862 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
+ TODO: check
+CVE-2024-5683 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2024-4839 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the
'Serve ...)
+ TODO: check
+CVE-2024-4754 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-4748 (The CRUDDIY project is vulnerable to shell command injection
via sendi ...)
+ TODO: check
+CVE-2024-3264 (Use of a Broken or Risky Cryptographic Algorithm vulnerability
in Mia ...)
+ TODO: check
+CVE-2024-38373 (FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS.
FreeRTOS ...)
+ TODO: check
+CVE-2024-38369 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2024-37825 (An issue in EnvisionWare Computer Access & Reservation Control
SelfChe ...)
+ TODO: check
+CVE-2024-37732 (Cross Site Scripting vulnerability in Anchor CMS v.0.12.7
allows a rem ...)
+ TODO: check
+CVE-2024-37681 (An issue the background management system of Shanxi Internet
Chuangxia ...)
+ TODO: check
+CVE-2024-37680 (Hangzhou Meisoft Information Technology Co., Ltd. FineSoft
<=8.0 is af ...)
+ TODO: check
+CVE-2024-37679 (Cross Site Scripting vulnerability in Hangzhou Meisoft
Information Tec ...)
+ TODO: check
+CVE-2024-37678 (Cross Site Scripting vulnerability in Hangzhou Meisoft
Information Tec ...)
+ TODO: check
+CVE-2024-37677 (An issue in Shenzhen Weitillage Industrial Co., Ltd the access
managem ...)
+ TODO: check
+CVE-2024-37233 (Improper Authentication vulnerability in Play.Ht allows
Accessing Func ...)
+ TODO: check
+CVE-2024-37231 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-37228 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2024-37111 (Missing Authorization vulnerability in Membership Software
WishList Me ...)
+ TODO: check
+CVE-2024-37109 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2024-37107 (Improper Privilege Management vulnerability in Membership
Software Wis ...)
+ TODO: check
+CVE-2024-37092 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-37091 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
+CVE-2024-37089 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-36497 (The decrypted configuration file contains the password in
cleartext w ...)
+ TODO: check
+CVE-2024-36496 (The configuration file is encrypted with a static key derived
from a ...)
+ TODO: check
+CVE-2024-36495 (The application Faronics WINSelect (Standard +
Enterprise)saves its co ...)
+ TODO: check
+CVE-2024-36038 (Zoho ManageEngine ITOM products versions from128234 to 128248
are affe ...)
+ TODO: check
+CVE-2024-34313 (An issue in VPL Jail System up to v4.0.2 allows attackers to
execute a ...)
+ TODO: check
+CVE-2024-34312 (Virtual Programming Lab for Moodle up to v4.2.3 was discovered
to cont ...)
+ TODO: check
+CVE-2024-33881 (An issue was discovered in VirtoSoftware Virto Bulk File
Download 5.5. ...)
+ TODO: check
+CVE-2024-33880 (An issue was discovered in VirtoSoftware Virto Bulk File
Download 5.5. ...)
+ TODO: check
+CVE-2024-33879 (An issue was discovered in VirtoSoftware Virto Bulk File
Download 5.5. ...)
+ TODO: check
+CVE-2024-33687 (Insufficient verification of data authenticity issue exists in
NJ Seri ...)
+ TODO: check
+CVE-2024-33278 (Buffer Overflow vulnerability in ASUS router RT-AX88U with
firmware ve ...)
+ TODO: check
+CVE-2023-49793 (CodeChecker is an analyzer tooling, defect database and viewer
extensi ...)
+ TODO: check
+CVE-2024-39292
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 98d6f9df by security tracker role at 2024-06-24T08:12:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,46 @@ +CVE-2024-6280 (A vulnerability was found in SourceCodester Simple Online Bidding Syst ...) + TODO: check +CVE-2024-6279 (A vulnerability was found in lahirudanushka School Management System 1 ...) + TODO: check +CVE-2024-6278 (A vulnerability has been found in lahirudanushka School Management Sys ...) + TODO: check +CVE-2024-6277 (A vulnerability, which was classified as critical, was found in lahiru ...) + TODO: check +CVE-2024-6276 (A vulnerability, which was classified as critical, has been found in l ...) + TODO: check +CVE-2024-6275 (A vulnerability classified as critical was found in lahirudanushka Sch ...) + TODO: check +CVE-2024-6274 (A vulnerability classified as critical has been found in lahirudanushk ...) + TODO: check +CVE-2024-6273 (A vulnerability was found in SourceCodester Clinic Queuing System 1.0. ...) + TODO: check +CVE-2024-4900 (The SEOPress WordPress plugin before 7.8 does not validate and escape ...) + TODO: check +CVE-2024-4899 (The SEOPress WordPress plugin before 7.8 does not sanitise and escape ...) + TODO: check +CVE-2024-4499 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS s ...) + TODO: check +CVE-2024-4460 (A denial of service (DoS) vulnerability exists in zenml-io/zenml versi ...) + TODO: check +CVE-2024-3121 (A remote code execution vulnerability exists in the create_conda_env f ...) + TODO: check +CVE-2024-39337 (Click Studios Passwordstate Core before 9.8 build 9858 allows Authenti ...) + TODO: check +CVE-2024-39334 (MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a ...) + TODO: check +CVE-2024-24554 (Bludit uses predictable methods in combination with the MD5 hashing al ...) + TODO: check +CVE-2024-24553 (Bludit uses the SHA-1 hashing algorithm to compute password hashes. Th ...) + TODO: check +CVE-2024-24552 (A session fixation vulnerability in Bludit allows an attacker to bypas ...) + TODO: check +CVE-2024-24551 (A security vulnerability has been identified in Bludit, allowing authe ...) + TODO: check +CVE-2024-24550 (A security vulnerability has been identified in Bludit, allowing attac ...) + TODO: check CVE-2024-29868 NOT-FOR-US: Apache StreamPipes -CVE-2024-27136 +CVE-2024-27136 (XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the atta ...) - jspwiki CVE-2024-28882 - openvpn @@ -16,7 +56,7 @@ CVE-2024-6268 (A vulnerability, which was classified as critical, has been found NOT-FOR-US: lahirudanushka School Management System CVE-2024-4841 (A Path Traversal vulnerability exists in the parisneo/lollms-webui, sp ...) NOT-FOR-US: parisneo/lollms-webui -CVE-2024-39331 [org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code] +CVE-2024-39331 (In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a % ...) - emacs (bug #1074137) - org-mode (bug #1074136) [bookworm] - org-mode (Produces only a dependency binary package) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d6f9df74414a5a4f8790e47cf77ec5c2ad884f -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d6f9df74414a5a4f8790e47cf77ec5c2ad884f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e17d3c97 by security tracker role at 2024-06-23T20:12:03+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2024-6269 (A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as ...) + TODO: check +CVE-2024-6268 (A vulnerability, which was classified as critical, has been found in l ...) + TODO: check +CVE-2024-4841 (A Path Traversal vulnerability exists in the parisneo/lollms-webui, sp ...) + TODO: check CVE-2024- [org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code] - emacs (bug #1074137) - org-mode (bug #1074136) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e17d3c97a24189fbc87bbb98ec8e9b286caa16ef -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e17d3c97a24189fbc87bbb98ec8e9b286caa16ef You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ed94ee7d by security tracker role at 2024-06-23T08:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-6267 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2024-6266 (A vulnerability classified as critical has been found in Pear Admin Bo ...) + TODO: check CVE-2024-6253 (A vulnerability was found in itsourcecode Online Food Ordering System ...) NOT-FOR-US: itsourcecode Online Food Ordering System CVE-2024-6252 (A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed94ee7d98ed6bd6da2e061639bd7965671a8ef4 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed94ee7d98ed6bd6da2e061639bd7965671a8ef4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d20bbf4 by security tracker role at 2024-06-22T20:11:56+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,15 @@ +CVE-2024-6253 (A vulnerability was found in itsourcecode Online Food Ordering System ...) + TODO: check +CVE-2024-6252 (A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classi ...) + TODO: check +CVE-2024-6251 (A vulnerability, which was classified as problematic, was found in pla ...) + TODO: check +CVE-2024-5443 (CVE-2024-4320 describes a vulnerability in the parisneo/lollms softwar ...) + TODO: check +CVE-2024-38379 (Apache Allura's neighborhood settings are vulnerable to a stored XSS a ...) + TODO: check +CVE-2024-38319 (IBM Security SOAR 51.0.2.0 could allow an authenticated user to execut ...) + TODO: check CVE-2024-6120 (The Sparkle Demo Importer plugin for WordPress is vulnerable to unauth ...) NOT-FOR-US: WordPress plugin CVE-2024-5966 (The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d20bbf4a3aec6bfca0eb4296d987e7323780b7c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d20bbf4a3aec6bfca0eb4296d987e7323780b7c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aa0c1d80 by security tracker role at 2024-06-22T08:11:45+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,47 @@ +CVE-2024-6120 (The Sparkle Demo Importer plugin for WordPress is vulnerable to unauth ...) + TODO: check +CVE-2024-5966 (The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-5965 (The Mosaic theme for WordPress is vulnerable to Stored Cross-Site Scri ...) + TODO: check +CVE-2024-5791 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...) + TODO: check +CVE-2024-5596 (The ARMember Premium plugin for WordPress is vulnerable to Cross-Site ...) + TODO: check +CVE-2024-5346 (The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Sc ...) + TODO: check +CVE-2024-4940 (An open redirect vulnerability exists in the gradio-app/gradio, affect ...) + TODO: check +CVE-2024-4874 (The Bricks Builder plugin for WordPress is vulnerable to Insecure Dire ...) + TODO: check +CVE-2024-4313 (The Table Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-3593 (The UberMenu plugin for WordPress is vulnerable to Cross-Site Request ...) + TODO: check +CVE-2024-37694 (ArcGIS Enterprise Server 10.8.0 allows a remote attacker to obtain sen ...) + TODO: check +CVE-2024-37654 (An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01B ...) + TODO: check +CVE-2024-36532 (Insecure permissions in kruise v1.6.2 allows attackers to access sensi ...) + TODO: check +CVE-2024-34989 (In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from ...) + TODO: check +CVE-2024-34452 (CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document.) + TODO: check +CVE-2024-2484 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...) + TODO: check +CVE-2024-21519 (This affects versions of the package opencart/opencart from 4.0.0.0. A ...) + TODO: check +CVE-2024-21518 (This affects versions of the package opencart/opencart from 4.0.0.0. A ...) + TODO: check +CVE-2024-21517 (This affects versions of the package opencart/opencart from 4.0.0.0. A ...) + TODO: check +CVE-2024-21516 (This affects versions of the package opencart/opencart from 4.0.0.0. A ...) + TODO: check +CVE-2024-21515 (This affects versions of the package opencart/opencart from 4.0.0.0. A ...) + TODO: check +CVE-2024-21514 (This affects versions of the package opencart/opencart from 0.0.0. An ...) + TODO: check CVE-2024-6241 (A vulnerability was found in Pear Admin Boot up to 2.0.2 and classifie ...) NOT-FOR-US: Pear Admin Boot CVE-2024-6240 (Improper privilege management vulnerability in Parallels Desktop Softw ...) @@ -133776,8 +133820,8 @@ CVE-2022-42976 RESERVED CVE-2022-42975 (socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin w ...) NOT-FOR-US: Phoenix -CVE-2022-42974 - RESERVED +CVE-2022-42974 (In Kostal PIKO 1.5-1 MP plus HMI OEM p 1.0.1, the web application for ...) + TODO: check CVE-2022-42973 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...) NOT-FOR-US: Schneider CVE-2022-42972 (A CWE-732: Incorrect Permission Assignment for Critical Resource vulne ...) @@ -571208,8 +571252,8 @@ CVE-2014-8770 (Unrestricted file upload vulnerability in magmi/web/magmi.php in NOT-FOR-US: Magento CVE-2012-6665 (Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 ...) NOT-FOR-US: phpMoneyBooks -CVE-2012-6664 - RESERVED +CVE-2012-6664 (Multiple directory traversal vulnerabilities in the TFTP Server in Dis ...) + TODO: check CVE-2012-6663 (General Electric D20ME devices are not properly configured and reveal ...) NOT-FOR-US: General Electric D20ME devices CVE-2014-8988 (MantisBT before 1.2.18 allows remote authenticated users to bypass the ...) @@ -579271,8 +579315,8 @@ CVE-2014-5474 RESERVED CVE-2014-5473 RESERVED -CVE-2014-5470 - RESERVED +CVE-2014-5470 (Actual Analyzer through 2014-08-29 allows code execution via shell met ...) + TODO: check CVE-2014-5469 RESERVED CVE-2014-5468 (A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa0c1d80221c16e899f4690f87c6e522a0dd5b4f -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa0c1d80221c16e899f4690f87c6e522a0dd5b4f You're receiving this email because of your
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ddb87ab8 by security tracker role at 2024-06-21T20:12:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,169 +1,263 @@
-CVE-2024-39277 [dma-mapping: benchmark: handle NUMA_NO_NODE correctly]
+CVE-2024-6241 (A vulnerability was found in Pear Admin Boot up to 2.0.2 and
classifie ...)
+ TODO: check
+CVE-2024-6240 (Improper privilege management vulnerability in Parallels
Desktop Softw ...)
+ TODO: check
+CVE-2024-6239 (A flaw was found in the Poppler's Pdfinfo utility. This issue
occurs w ...)
+ TODO: check
+CVE-2024-6027 (The Themify \u2013 WooCommerce Product Filter plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-5859 (The Online Booking & Scheduling Calendar for WordPress by vcita
plugin ...)
+ TODO: check
+CVE-2024-5059 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-5058 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-3036 (Improper Input Validation vulnerability in ABB 800xA Base. An
attacker ...)
+ TODO: check
+CVE-2024-37790
+ REJECTED
+CVE-2024-37675 (Cross Site Scripting vulnerability in Tessi Docubase Document
Manageme ...)
+ TODO: check
+CVE-2024-37673 (Cross Site Scripting vulnerability in Tessi Docubase Document
Manageme ...)
+ TODO: check
+CVE-2024-37672 (Cross Site Scripting vulnerability in Tessi Docubase Document
Manageme ...)
+ TODO: check
+CVE-2024-37671 (Cross Site Scripting vulnerability in Tessi Docubase Document
Manageme ...)
+ TODO: check
+CVE-2024-37230 (Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme
Book Lan ...)
+ TODO: check
+CVE-2024-37227 (Cross Site Request Forgery (CSRF) vulnerability in Tribulant
Newslette ...)
+ TODO: check
+CVE-2024-37212 (Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo
Ali2Woo Lit ...)
+ TODO: check
+CVE-2024-37198 (Cross-Site Request Forgery (CSRF) vulnerability in blazethemes
Digital ...)
+ TODO: check
+CVE-2024-37118 (Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl
Uncanny ...)
+ TODO: check
+CVE-2024-35781 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35779 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35778 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35776 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-35774 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35772 (Cross-Site Request Forgery (CSRF) vulnerability in
presscustomizr Huem ...)
+ TODO: check
+CVE-2024-35771 (Cross-Site Request Forgery (CSRF) vulnerability in
presscustomizr Cust ...)
+ TODO: check
+CVE-2024-35770 (Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss
Vimeograp ...)
+ TODO: check
+CVE-2024-35769 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35768 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35767 (Unrestricted Upload of File with Dangerous Type vulnerability
in Bogda ...)
+ TODO: check
+CVE-2024-35766 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35764 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35763 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35762 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35761 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35760 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35759 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35758 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35757 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35537 (TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS
v5.0.0 wa ...)
+ TODO: check
+CVE-2024-31890 (IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity
Utilities for ...)
+ TODO: check
+CVE-2023-51375 (Missing Authorization vulnerability in WPDeveloper
EmbedPress.This iss ...)
+
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7bb77fdf by security tracker role at 2024-06-21T08:11:47+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,109 @@ +CVE-2024-6225 (The Booking for Appointments and Events Calendar \u2013 Amelia plugin ...) + TODO: check +CVE-2024-6218 (A vulnerability, which was classified as critical, has been found in i ...) + TODO: check +CVE-2024-6217 (A vulnerability classified as critical was found in SourceCodester Foo ...) + TODO: check +CVE-2024-6216 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-6215 (A vulnerability was found in SourceCodester Food Ordering Management S ...) + TODO: check +CVE-2024-6214 (A vulnerability was found in SourceCodester Food Ordering Management S ...) + TODO: check +CVE-2024-6213 (A vulnerability was found in SourceCodester Food Ordering Management S ...) + TODO: check +CVE-2024-6212 (A vulnerability was found in SourceCodester Simple Student Attendance ...) + TODO: check +CVE-2024-6154 (Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege ...) + TODO: check +CVE-2024-6153 (Parallels Desktop Updater Protection Mechanism Failure Software Downgr ...) + TODO: check +CVE-2024-6147 (Poly Plantronics Hub Link Following Local Privilege Escalation Vulnera ...) + TODO: check +CVE-2024-5945 (The WP SVG Images plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-5756 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) + TODO: check +CVE-2024-5746 (A Server-Side Request Forgery vulnerability was identified in GitHub E ...) + TODO: check +CVE-2024-5639 (The User Profile Picture plugin for WordPress is vulnerable to Insecur ...) + TODO: check +CVE-2024-5503 (The WP Blog Post Layouts plugin for WordPress is vulnerable to Local F ...) + TODO: check +CVE-2024-5455 (The Plus Addons for Elementor Page Builder plugin for WordPress is vul ...) + TODO: check +CVE-2024-5448 (The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordP ...) + TODO: check +CVE-2024-5447 (The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordP ...) + TODO: check +CVE-2024-5344 (The The Plus Addons for Elementor Page Builder plugin for WordPress is ...) + TODO: check +CVE-2024-5191 (The Branda \u2013 White Label WordPress, Custom Login Page Customizer ...) + TODO: check +CVE-2024-4970 (The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and ...) + TODO: check +CVE-2024-4969 (The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4755 (The Google CSE WordPress plugin through 1.0.7 does not sanitise and es ...) + TODO: check +CVE-2024-4616 (The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and ...) + TODO: check +CVE-2024-4477 (The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and ...) + TODO: check +CVE-2024-4475 (The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF che ...) + TODO: check +CVE-2024-4474 (The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF che ...) + TODO: check +CVE-2024-4384 (The CSSable Countdown WordPress plugin through 1.5 does not sanitise a ...) + TODO: check +CVE-2024-4382 (The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF c ...) + TODO: check +CVE-2024-4381 (The CB (legacy) WordPress plugin through 0.9.4.18 does not sanitise an ...) + TODO: check +CVE-2024-4377 (The DOP Shortcodes WordPress plugin through 1.2 does not validate and ...) + TODO: check +CVE-2024-3961 (The ConvertKit \u2013 Email Newsletter, Email Marketing, Subscribers a ...) + TODO: check +CVE-2024-3610 (The WP Child Theme Generator plugin for WordPress is vulnerable to una ...) + TODO: check +CVE-2024-38874 (An issue was discovered in the events2 (aka Events 2) extension before ...) + TODO: check +CVE-2024-38873 (An issue was discovered in the friendlycaptcha_official (aka Integrati ...) + TODO: check +CVE-2024-38361 (Spicedb is an Open Source, Google Zanzibar-inspired permissions databa ...) + TODO: check +CVE-2024-38359 (The Lightning Network Daemon (lnd) - is a complete implementation of a ...) + TODO: check +CVE-2024-38093 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + TODO: check +CVE-2024-38082 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + TODO: check +CVE-2024-37899 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check +CVE-2024-37183 (Plain text credentials and
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 79387d27 by security tracker role at 2024-06-20T20:12:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,310 +1,408 @@ -CVE-2023-52883 [drm/amdgpu: Fix possible null pointer dereference] +CVE-2024-6196 (A vulnerability was found in itsourcecode Banking Management System 1. ...) + TODO: check +CVE-2024-6195 (A vulnerability has been found in itsourcecode Tailoring Management Sy ...) + TODO: check +CVE-2024-6194 (A vulnerability, which was classified as critical, was found in itsour ...) + TODO: check +CVE-2024-6193 (A vulnerability, which was classified as critical, has been found in i ...) + TODO: check +CVE-2024-6192 (A vulnerability classified as critical was found in itsourcecode Loan ...) + TODO: check +CVE-2024-6191 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-6190 (A vulnerability was found in itsourcecode Farm Management System 1.0. ...) + TODO: check +CVE-2024-6189 (A vulnerability was found in Tenda A301 15.13.08.12. It has been class ...) + TODO: check +CVE-2024-6188 (A vulnerability was found in Parsec Automation TrackSYS 11.x.x and cla ...) + TODO: check +CVE-2024-6187 (A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as ...) + TODO: check +CVE-2024-6186 (A vulnerability, which was classified as critical, was found in Ruijie ...) + TODO: check +CVE-2024-6185 (A vulnerability, which was classified as critical, has been found in R ...) + TODO: check +CVE-2024-6184 (A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. ...) + TODO: check +CVE-2024-6183 (A vulnerability classified as problematic has been found in EZ-Suite E ...) + TODO: check +CVE-2024-6182 (A vulnerability was found in LabVantage LIMS 2017. It has been rated a ...) + TODO: check +CVE-2024-6181 (A vulnerability was found in LabVantage LIMS 2017. It has been declare ...) + TODO: check +CVE-2024-6162 (A vulnerability was found in Undertow. URL-encoded request path inform ...) + TODO: check +CVE-2024-5886 + REJECTED +CVE-2024-5156 (The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Sc ...) + TODO: check +CVE-2024-5036 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) + TODO: check +CVE-2024-37897 (SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S ...) + TODO: check +CVE-2024-37818 (Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery ...) + TODO: check +CVE-2024-37699 (An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Inj ...) + TODO: check +CVE-2024-37676 (An issue in htop-dev htop v.2.20 allows a local attacker to cause an o ...) + TODO: check +CVE-2024-37674 (Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote ...) + TODO: check +CVE-2024-37626 (A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 fir ...) + TODO: check +CVE-2024-37532 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity ...) + TODO: check +CVE-2024-37352 (There is a cross-site scripting vulnerability in the management UI of ...) + TODO: check +CVE-2024-37351 (There is a cross-site scripting vulnerability in the management UI of ...) + TODO: check +CVE-2024-37350 (There is a cross-site scripting vulnerability in the policy management ...) + TODO: check +CVE-2024-37349 (There is a cross-site scripting vulnerability in the management UI of ...) + TODO: check +CVE-2024-37348 (There is a cross-site scripting vulnerability in the management UI of ...) + TODO: check +CVE-2024-37347 (There is a cross-site scripting vulnerability in the pool configuratio ...) + TODO: check +CVE-2024-37346 (There is an insufficient input validation vulnerability in the Warehou ...) + TODO: check +CVE-2024-37345 (There is a cross-site scripting vulnerability in the Secure Access adm ...) + TODO: check +CVE-2024-37344 (There is a cross-site scripting vulnerability in the Policy management ...) + TODO: check +CVE-2024-37343 (There is a cross-site scripting vulnerability in the Secure Access adm ...) + TODO: check +CVE-2024-37222 (Cross Site Scripting (XSS) vulnerability in Averta Master Slider allow ...) + TODO: check +CVE-2024-34693 (Improper Input Validation vulnerability in Apache Superset, allows for ...) + TODO: check +CVE-2024-5 (SQL Injection vulnerability in H3C SeaSQL DWS v.2.0 allows a remote at ...) + TODO: check +CVE-2024-29013 (Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1ae81d36 by security tracker role at 2024-06-20T08:12:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,4 +1,74 @@
-CVE-2024-38619 [usb-storage: alauda: Check whether the media is initialized]
+CVE-2024-6179 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-6178 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-6177 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-6176 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
+ TODO: check
+CVE-2024-6113 (A vulnerability was found in itsourcecode Monbela Tourist Inn
Online R ...)
+ TODO: check
+CVE-2024-5686 (The WPZOOM Addons for Elementor (Templates, Widgets) plugin for
WordPr ...)
+ TODO: check
+CVE-2024-5605 (The Media Library Assistant plugin for WordPress is vulnerable
to time ...)
+ TODO: check
+CVE-2024-5522 (The HTML5 Video Player WordPress plugin before 2.5.27 does not
saniti ...)
+ TODO: check
+CVE-2024-5475 (The Responsive video embed WordPress plugin before 0.5.1 does
not vali ...)
+ TODO: check
+CVE-2024-5432 (The Lifeline Donation plugin for WordPress is vulnerable to
authentica ...)
+ TODO: check
+CVE-2024-5213 (In mintplex-labs/anything-llm versions up to and including
1.5.3, an i ...)
+ TODO: check
+CVE-2024-5182 (A path traversal vulnerability exists in mudler/localai version
2.14.0 ...)
+ TODO: check
+CVE-2024-4742 (The Youzify \u2013 BuddyPress Community, User Profile, Social
Network ...)
+ TODO: check
+CVE-2024-4626 (The JetWidgets For Elementor plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
+CVE-2024-4565 (The Advanced Custom Fields (ACF) WordPress plugin before 6.3,
Advanced ...)
+ TODO: check
+CVE-2024-4390 (The Slider and Carousel slider by Depicter plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2024-4098 (The Shariff Wrapper plugin for WordPress is vulnerable to Local
File I ...)
+ TODO: check
+CVE-2024-3627 (The Wheel of Life: Coaching and Assessment Tool for Life Coach
plugin ...)
+ TODO: check
+CVE-2024-3605 (The WP Hotel Booking plugin for WordPress is vulnerable to SQL
Injecti ...)
+ TODO: check
+CVE-2024-3602 (The Pop ups, Exit intent popups, email popups, banners, bars,
countdow ...)
+ TODO: check
+CVE-2024-3597 (The Export WP Page to Static HTML/CSS plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-3562 (The Custom Field Suite plugin for WordPress is vulnerable to
PHP Code ...)
+ TODO: check
+CVE-2024-3561 (The Custom Field Suite plugin for WordPress is vulnerable to
SQL Injec ...)
+ TODO: check
+CVE-2024-3558 (The Custom Field Suite plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-38620 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
+ TODO: check
+CVE-2024-36684 (In the module "Custom links" (pk_customlinks) <= 2.3 from
Promokit.eu ...)
+ TODO: check
+CVE-2024-36680 (In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu
for Pre ...)
+ TODO: check
+CVE-2024-36679 (In the module "Module Live Chat Pro (All in One Messaging)"
(livechatp ...)
+ TODO: check
+CVE-2024-36678 (In the module "Theme settings" (pk_themesettings) <= 1.8.8
from Promok ...)
+ TODO: check
+CVE-2024-36677 (In the module "Login as customer PRO" (loginascustomerpro)
<1.2.7 from ...)
+ TODO: check
+CVE-2024-34994 (In the module "Channable" (channable) up to version 3.2.1 from
Channab ...)
+ TODO: check
+CVE-2024-34990 (In the module "Help Desk - Customer Support Management System"
(helpde ...)
+ TODO: check
+CVE-2024-33836 (In the module "JA Marketplace" (jamarketplace) up to version
9.0.1 fro ...)
+ TODO: check
+CVE-2024-1168 (The SEOPress \u2013 On-site SEO plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2023-3204 (The Materialis theme for WordPress is vulnerable to limited
arbitrary ...)
+ TODO: check
+CVE-2024-38619 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux
NOTE:
https://git.kernel.org/linus/16637fea001ab3c8df528a8995b3211906165a30 (6.10-rc4)
CVE-2024- [RUSTSEC-2024-0344]
@@ -817,22 +887,22 @@ CVE-2024-21685 (This High severity Information Disclosure
vulnerability was intr
NOT-FOR-US: Atlassian
CVE-2023-47726 (IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM
Cloud Pa ...)
NOT-FOR-US: IBM
-CVE-2024-6103
+CVE-2024-6103 (Use after free in Dawn in Google Chrome prior to 126.0.6478.114
allowe ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c3c47b23 by security tracker role at 2024-06-19T20:12:34+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,548 +1,662 @@ -CVE-2021-47616 [RDMA: Fix use-after-free in rxe_queue_cleanup] +CVE-2024-5676 (The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to ...) + TODO: check +CVE-2024-4632 (The WooCommerce Checkout & Funnel Builder by CartFlows \u2013 Create H ...) + TODO: check +CVE-2024-38358 (Wasmer is a web assembly (wasm) Runtime supporting WASIX, WASI and Ems ...) + TODO: check +CVE-2024-38357 (TinyMCE is an open source rich text editor. A cross-site scripting (XS ...) + TODO: check +CVE-2024-38356 (TinyMCE is an open source rich text editor. A cross-site scripting (XS ...) + TODO: check +CVE-2024-38355 (Socket.IO is an open source, real-time, bidirectional, event-based, co ...) + TODO: check +CVE-2024-38352 + REJECTED +CVE-2024-38329 (IBM Storage Protect for Virtual Environments: Data Protection for VMwa ...) + TODO: check +CVE-2024-36117 (Reposilite is an open source, lightweight and easy-to-use repository m ...) + TODO: check +CVE-2024-36116 (Reposilite is an open source, lightweight and easy-to-use repository m ...) + TODO: check +CVE-2024-36115 (Reposilite is an open source, lightweight and easy-to-use repository m ...) + TODO: check +CVE-2024-35780 (Deserialization of Untrusted Data vulnerability in Live Composer Team ...) + TODO: check +CVE-2024-35765 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34993 (In the module "Bulk Export products to Google Merchant-Google Shopping ...) + TODO: check +CVE-2024-3 (Missing Authorization vulnerability in ThemePunch OHG Slider Revolutio ...) + TODO: check +CVE-2024-34443 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-32030 (Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka U ...) + TODO: check +CVE-2024-22263 (Spring Cloud Data Flow is a microservices-based Streaming and Batch da ...) + TODO: check +CVE-2024-0383 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2023-6495 (The YARPP \u2013 Yet Another Related Posts Plugin plugin for WordPress ...) + TODO: check +CVE-2023-50900 (Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slide ...) + TODO: check +CVE-2023-48761 (Missing Authorization vulnerability in Crocoblock JetElements For Elem ...) + TODO: check +CVE-2023-48760 (Missing Authorization vulnerability in Crocoblock JetElements For Elem ...) + TODO: check +CVE-2023-48759 (Missing Authorization vulnerability in Crocoblock JetElements For Elem ...) + TODO: check +CVE-2023-47788 (Missing Authorization vulnerability in Automattic Jetpack.This issue a ...) + TODO: check +CVE-2023-47783 (Missing Authorization vulnerability in Thrive Themes Thrive Theme Buil ...) + TODO: check +CVE-2023-47771 (Missing Authorization vulnerability in ThemePunch OHG Essential Grid.T ...) + TODO: check +CVE-2023-47770 (Missing Authorization vulnerability in Muffin Group Betheme.This issue ...) + TODO: check +CVE-2023-47681 (Missing Authorization vulnerability in QuadLayers WooCommerce Checkout ...) + TODO: check +CVE-2023-46148 (Missing Authorization vulnerability in Themify Themify Ultra.This issu ...) + TODO: check +CVE-2023-46146 (Missing Authorization vulnerability in Themify Themify Ultra.This issu ...) + TODO: check +CVE-2023-45658 (Missing Authorization vulnerability in POSIMYTH Nexter.This issue affe ...) + TODO: check +CVE-2023-44151 (Missing Authorization vulnerability in Brainstorm Force Pre-Publish Ch ...) + TODO: check +CVE-2023-44148 (Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edi ...) + TODO: check +CVE-2023-41805 (Missing Authorization vulnerability in Brainstorm Force Premium Starte ...) + TODO: check +CVE-2023-40608 (Missing Authorization vulnerability in Paid Memberships Pro Paid Membe ...) + TODO: check +CVE-2023-40004 (Missing Authorization vulnerability in ServMask All-in-One WP Migratio ...) + TODO: check +CVE-2023-39998 (Missing Authorization vulnerability in Muffingroup Betheme.This issue ...) + TODO: check +CVE-2023-39993 (Missing Authorization vulnerability in Wpmet Elements kit Elementor ad ...) + TODO: check +CVE-2023-39990 (Missing Authorization vulnerability in Paid Memberships Pro.This issue ...) + TODO: check +CVE-2023-39922 (Missing Authorization vulnerability in ThemeFusion Avada.This issue af ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 984c4d8a by security tracker role at 2024-06-19T08:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,79 @@ +CVE-2024-6146 (Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overf ...) + TODO: check +CVE-2024-6145 (Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerab ...) + TODO: check +CVE-2024-6144 (Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remo ...) + TODO: check +CVE-2024-6143 (Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Exec ...) + TODO: check +CVE-2024-6142 (Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Exe ...) + TODO: check +CVE-2024-6132 (The Pexels: Free Stock Photos plugin for WordPress is vulnerable to ar ...) + TODO: check +CVE-2024-6129 (A vulnerability, which was classified as problematic, was found in spa ...) + TODO: check +CVE-2024-6128 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-6125 (The Login with phone number plugin for WordPress is vulnerable to unau ...) + TODO: check +CVE-2024-5970 (The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-5853 (The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress ...) + TODO: check +CVE-2024-5768 (The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-5724 (The Photo Video Gallery Master plugin for WordPress is vulnerable to P ...) + TODO: check +CVE-2024-5649 (The Universal Slider plugin for WordPress is vulnerable to PHP Object ...) + TODO: check +CVE-2024-5574 (The WP Magazine Modules Lite plugin for WordPress is vulnerable to Loc ...) + TODO: check +CVE-2024-5343 (The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for Word ...) + TODO: check +CVE-2024-5208 (An uncontrolled resource consumption vulnerability exists in the `uplo ...) + TODO: check +CVE-2024-5021 (The WordPress Picture / Portfolio / Media Gallery plugin for WordPress ...) + TODO: check +CVE-2024-4873 (The Replace Image plugin for WordPress is vulnerable to Insecure Direc ...) + TODO: check +CVE-2024-4787 (The Cost Calculator Builder PRO for WordPress is vulnerable to arbitra ...) + TODO: check +CVE-2024-4663 (The OSM Map Widget for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4623 (The Blogmentor \u2013 Blog Layouts for Elementor plugin for WordPress ...) + TODO: check +CVE-2024-4541 (The Custom Product List Table plugin for WordPress is vulnerable to Cr ...) + TODO: check +CVE-2024-4450 (The AliExpress Dropshipping with AliNext Lite plugin for WordPress is ...) + TODO: check +CVE-2024-3984 (The EmbedSocial \u2013 Social Media Feeds, Reviews and Galleries plugi ...) + TODO: check +CVE-2024-3894 (The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for Word ...) + TODO: check +CVE-2024-3229 (The Salon booking system plugin for WordPress is vulnerable to arbitra ...) + TODO: check +CVE-2024-37881 (SiteGuard WP Plugin provides a functionality to customize the path to ...) + TODO: check +CVE-2024-37387 (Use of potentially dangerous function issue exists in Ricoh Streamline ...) + TODO: check +CVE-2024-37124 (Use of potentially dangerous function issue exists in Ricoh Streamline ...) + TODO: check +CVE-2024-36978 (In the Linux kernel, the following vulnerability has been resolved: n ...) + TODO: check +CVE-2024-36480 (Use of hard-coded credentials issue exists in Ricoh Streamline NX PC C ...) + TODO: check +CVE-2024-36252 (Improper restriction of communication channel to intended endpoints is ...) + TODO: check +CVE-2024-35298 (Improper authorization in handler for custom URL scheme issue in 'ZOZO ...) + TODO: check +CVE-2024-2381 (The AliExpress Dropshipping with AliNext Lite plugin for WordPress is ...) + TODO: check +CVE-2024-1407 (The Paid Memberships Pro \u2013 Content Restriction, User Registration ...) + TODO: check +CVE-2024-0789 (The WP Maintenance plugin for WordPress is vulnerable to IP Address Sp ...) + TODO: check +CVE-2023-6692 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPres ...) + TODO: check CVE-2024-6116 (A vulnerability, which was classified as critical, has been found in i ...) NOT-FOR-US: itsourcecode Simple Online Hotel Reservation System CVE-2024-6115 (A vulnerability classified as critical was found in itsourcecode Simpl ...) @@ -2229,11 +2305,13 @@ CVE-2024-36302 (An origin validation vulnerability in the Trend
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cfed6309 by security tracker role at 2024-06-18T20:12:42+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,73 @@ +CVE-2024-6116 (A vulnerability, which was classified as critical, has been found in i ...) + TODO: check +CVE-2024-6115 (A vulnerability classified as critical was found in itsourcecode Simpl ...) + TODO: check +CVE-2024-6114 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-6112 (A vulnerability classified as critical was found in itsourcecode Pool ...) + TODO: check +CVE-2024-6111 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-6110 (A vulnerability was found in itsourcecode Magbanua Beach Resort Online ...) + TODO: check +CVE-2024-6109 (A vulnerability was found in itsourcecode Tailoring Management System ...) + TODO: check +CVE-2024-6108 (A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03 ...) + TODO: check +CVE-2024-5967 (A vulnerability was found in Keycloak. The LDAP testing endpoint allow ...) + TODO: check +CVE-2024-5953 (A denial of service vulnerability was found in the 389-ds-base LDAP se ...) + TODO: check +CVE-2024-5899 (When Bazel Plugin in intellij imports a project (either using "import ...) + TODO: check +CVE-2024-5750 + REJECTED +CVE-2024-5275 (A hard-coded password in the FileCatalyst TransferAgent can be found w ...) + TODO: check +CVE-2024-38507 (In JetBrains Hub before 2024.2.34646 stored XSS via project descriptio ...) + TODO: check +CVE-2024-38506 (In JetBrains YouTrack before 2024.2.34646 user without appropriate per ...) + TODO: check +CVE-2024-38505 (In JetBrains YouTrack before 2024.2.34646 user access token was sent t ...) + TODO: check +CVE-2024-38504 (In JetBrains YouTrack before 2024.2.34646 the Guest User Account was e ...) + TODO: check +CVE-2024-38351 (Pocketbase is an open source web backend written in go. In affected ve ...) + TODO: check +CVE-2024-38348 (CodeProjects Health Care hospital Management System v1.0 was discovere ...) + TODO: check +CVE-2024-38347 (CodeProjects Health Care hospital Management System v1.0 was discovere ...) + TODO: check +CVE-2024-38277 (A unique key should be generated for a user's QR login key and their a ...) + TODO: check +CVE-2024-38276 (Incorrect CSRF token checks resulted in multiple CSRF risks.) + TODO: check +CVE-2024-38275 (The cURL wrapper in Moodle retained the original request headers when ...) + TODO: check +CVE-2024-38274 (Insufficient escaping of calendar event titles resulted in a stored XS ...) + TODO: check +CVE-2024-38273 (Insufficient capability checks meant it was possible for users to gain ...) + TODO: check +CVE-2024-37904 (Minder is an open source Software Supply Chain Security Platform. Mind ...) + TODO: check +CVE-2024-37821 (An arbitrary file upload vulnerability in the Upload Template function ...) + TODO: check +CVE-2024-37803 (Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProj ...) + TODO: check +CVE-2024-37802 (CodeProjects Health Care hospital Management System v1.0 was discovere ...) + TODO: check +CVE-2024-37800 (CodeProjects Restaurant Reservation System v1.0 was discovered to cont ...) + TODO: check +CVE-2024-37799 (CodeProjects Restaurant Reservation System v1.0 was discovered to cont ...) + TODO: check +CVE-2024-37791 (DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability ...) + TODO: check +CVE-2024-22002 (CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged u ...) + TODO: check +CVE-2024-21685 (This High severity Information Disclosure vulnerability was introduced ...) + TODO: check +CVE-2023-47726 (IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pa ...) + TODO: check CVE-2024-6103 - chromium [bullseye] - chromium (see #1061268) @@ -14,20 +84,20 @@ CVE-2024-6100 - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-36977 [usb: dwc3: Wait unconditionally after issuing EndXfer command] +CVE-2024-36977 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.8.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1d26ba0944d398f88aaf997bda3544646cf21945 (6.10-rc1) -CVE-2024-36976 [Revert "media: v4l2-ctrls: show all owned controls in log_status"] +CVE-2024-36976 (In the Linux kernel, the
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: adb4fafb by security tracker role at 2024-06-18T08:11:50+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,65 @@ +CVE-2024-6084 (A vulnerability has been found in itsourcecode Pool of Bethesda Online ...) + TODO: check +CVE-2024-6083 (A vulnerability, which was classified as critical, was found in PHPVib ...) + TODO: check +CVE-2024-6082 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-6080 (A vulnerability classified as critical was found in Intelbras InContro ...) + TODO: check +CVE-2024-6067 (A vulnerability classified as critical was found in SourceCodester Mus ...) + TODO: check +CVE-2024-6066 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-6065 (A vulnerability was found in itsourcecode Bakery Online Ordering Syste ...) + TODO: check +CVE-2024-6064 (A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It ...) + TODO: check +CVE-2024-6063 (A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It ...) + TODO: check +CVE-2024-5860 (The Tickera \u2013 WordPress Event Ticketing plugin for WordPress is v ...) + TODO: check +CVE-2024-5541 (The Ibtana \u2013 WordPress Website Builder plugin for WordPress is vu ...) + TODO: check +CVE-2024-5533 (The Divi theme for WordPress is vulnerable to Stored Cross-Site Script ...) + TODO: check +CVE-2024-5172 (The Expert Invoice WordPress plugin through 1.0.2 does not sanitise an ...) + TODO: check +CVE-2024-4375 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress ...) + TODO: check +CVE-2024-4094 (The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not ...) + TODO: check +CVE-2024-3276 (The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2 ...) + TODO: check +CVE-2024-37828 (A stored cross-site scripting (XSS) in Vermeg Agile Reporter v23.2.1 a ...) + TODO: check +CVE-2024-37798 (Cross-site scripting (XSS) vulnerability in search-appointment.php in ...) + TODO: check +CVE-2024-37081 (The vCenter Server contains multiple local privilege escalation vulner ...) + TODO: check +CVE-2024-37080 (vCenter Server contains a heap-overflow vulnerability in the implement ...) + TODO: check +CVE-2024-37079 (vCenter Server contains a heap-overflow vulnerability in the implement ...) + TODO: check +CVE-2024-34833 (Sourcecodester Payroll Management System v1.0 is vulnerable to File Up ...) + TODO: check +CVE-2024-34024 (Observable response discrepancy issue exists in ID Link Manager and FU ...) + TODO: check +CVE-2024-33622 (Missing authentication for critical function vulnerability exists in I ...) + TODO: check +CVE-2024-33620 (Absolute path traversal vulnerability exists in ID Link Manager and FU ...) + TODO: check +CVE-2024-1634 (The Scheduling Plugin \u2013 Online Booking for WordPress plugin for W ...) + TODO: check +CVE-2024-0845 (The PDF Viewer for Elementor plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-0066 (Johan Fagerstr\xf6m, member of the AXIS OS Bug Bounty Program, has fou ...) + TODO: check +CVE-2023-5527 (The Business Directory Plugin plugin for WordPress is vulnerable to CS ...) + TODO: check +CVE-2023-37058 (Insecure Permissions vulnerability in JLINK Unionman Technology Co. Lt ...) + TODO: check +CVE-2023-37057 (An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allow ...) + TODO: check CVE-2024-6062 (A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and ...) - gpac NOTE: https://github.com/gpac/gpac/issues/2872 @@ -321912,7 +321974,7 @@ CVE-2020-10138 (Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSS NOT-FOR-US: Acronis CVE-2020-10137 (Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do n ...) NOT-FOR-US: Z-Wave devices -CVE-2020-10136 (Multiple products that implement the IP Encapsulation within IP standa ...) +CVE-2020-10136 (IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2 ...) NOT-FOR-US: Cisco CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication in Blueto ...) NOTE: Bluetooth protocol issue View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adb4fafb0053344432a5bccfb7dbe264b0539ff1 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adb4fafb0053344432a5bccfb7dbe264b0539ff1 You're
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61865d31 by security tracker role at 2024-06-17T20:11:59+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,104 @@ -CVE-2024-36973 [misc: microchip: pci1: fix double free in the error handling of gp_aux_bus_probe()] +CVE-2024-6062 (A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and ...) + TODO: check +CVE-2024-6061 (A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-maste ...) + TODO: check +CVE-2024-6059 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-6058 (A vulnerability classified as problematic has been found in LabVantage ...) + TODO: check +CVE-2024-6057 (Improper authentication in the vault password feature in Devolutions R ...) + TODO: check +CVE-2024-6056 (A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. I ...) + TODO: check +CVE-2024-6055 (Improper removal of sensitive information in data source export featur ...) + TODO: check +CVE-2024-5741 (Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2. ...) + TODO: check +CVE-2024-4032 (The \u201cipaddress\u201d module contained incorrect information about ...) + TODO: check +CVE-2024-38470 (zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site ...) + TODO: check +CVE-2024-38469 (zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site ...) + TODO: check +CVE-2024-38449 (A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316 ...) + TODO: check +CVE-2024-37902 (DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in ...) + TODO: check +CVE-2024-37896 (Gin-vue-admin is a backstage management system based on vue and gin. G ...) + TODO: check +CVE-2024-37895 (Lobe Chat is an open-source LLMs/AI chat framework. In affected versio ...) + TODO: check +CVE-2024-37893 (Firefly III is a free and open source personal finance manager. In aff ...) + TODO: check +CVE-2024-37891 (urllib3 is a user-friendly HTTP client library for Python. When using ...) + TODO: check +CVE-2024-37890 (ws is an open source WebSocket client and server for Node.js. A reques ...) + TODO: check +CVE-2024-37848 (SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 al ...) + TODO: check +CVE-2024-37840 (SQL injection vulnerability in processscore.php in Itsourcecode Learni ...) + TODO: check +CVE-2024-37795 (A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a ...) + TODO: check +CVE-2024-37794 (Improper input validation in CVC5 Solver v1.1.3 allows attackers to ca ...) + TODO: check +CVE-2024-37664 (Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attack ...) + TODO: check +CVE-2024-37663 (Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect messag ...) + TODO: check +CVE-2024-37662 (TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attac ...) + TODO: check +CVE-2024-37661 (TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect messa ...) + TODO: check +CVE-2024-37625 (zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site ...) + TODO: check +CVE-2024-37624 (Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site s ...) + TODO: check +CVE-2024-37623 (Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site s ...) + TODO: check +CVE-2024-37622 (Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site s ...) + TODO: check +CVE-2024-37621 (StrongShop v1.0 was discovered to contain a Server-Side Template Injec ...) + TODO: check +CVE-2024-37620 (PHPVOD v4.0 was discovered to contain a reflected cross-site scripting ...) + TODO: check +CVE-2024-37619 (StrongShop v1.0 was discovered to contain a reflected cross-site scrip ...) + TODO: check +CVE-2024-37305 (oqs-provider is a provider for the OpenSSL 3 cryptography library that ...) + TODO: check +CVE-2024-37159 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. ...) + TODO: check +CVE-2024-37158 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. ...) + TODO: check +CVE-2024-36583 (A Prototype Pollution issue in byondreal accessor <= 1.0.0 allows an a ...) + TODO: check +CVE-2024-36582 (alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollut ...) + TODO: check +CVE-2024-36581 (A Prototype Pollution issue in abw badger-database 1.2.1 allows an att ...) + TODO: check +CVE-2024-36580 (A Prototype Pollution issue in cdr0 sg 1.0.10 allows an attacker to ex ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0406ed0a by security tracker role at 2024-06-17T08:11:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,39 @@
+CVE-2024-6048 (Openfind's MailGates and MailAudit fail to properly filter user
input ...)
+ TODO: check
+CVE-2024-6047 (Certain EOL GeoVision devices fail to properly filter user
input for t ...)
+ TODO: check
+CVE-2024-6046 (SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does
not pr ...)
+ TODO: check
+CVE-2024-6045 (Certain models of D-Link wireless routers contain an
undisclosed facto ...)
+ TODO: check
+CVE-2024-6044 (Certain models of D-Link wireless routers have a path traversal
vulner ...)
+ TODO: check
+CVE-2024-6043 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2024-6042 (A vulnerability was found in itsourcecode Real Estate
Management Syste ...)
+ TODO: check
+CVE-2024-6041 (A vulnerability was found in itsourcecode Gym Management System
1.0. I ...)
+ TODO: check
+CVE-2024-6039 (A vulnerability, which was classified as critical, was found in
Feng O ...)
+ TODO: check
+CVE-2024-5650 (DLL Hijacking vulnerability has been found in CENTUM CAMS Log
server p ...)
+ TODO: check
+CVE-2024-5163 (Improper permission settings for mobile applications
(com.transsion.ca ...)
+ TODO: check
+CVE-2024-4305 (The Post Grid Gutenberg Blocks and WordPress Blog Plugin
WordPress pl ...)
+ TODO: check
+CVE-2024-3236 (The Popup Builder WordPress plugin before 1.1.33 does not
sanitise and ...)
+ TODO: check
+CVE-2024-38396 (An issue was discovered in iTerm2 3.5.x before 3.5.2.
Unfiltered use o ...)
+ TODO: check
+CVE-2024-36289 (Reusing a nonce, key pair in encryption issue exists in
"FreeFrom - th ...)
+ TODO: check
+CVE-2024-36279 (Reliance on obfuscation or encryption of security-relevant
inputs with ...)
+ TODO: check
+CVE-2024-36277 (Improper verification of cryptographic signature issue exists
in "Free ...)
+ TODO: check
+CVE-2024-34451 (Ghost through 5.85.1 allows remote attackers to bypass an
authenticati ...)
+ TODO: check
CVE-2024-38468 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows
unauthorize ...)
NOT-FOR-US: Shenzhen Guoxin Synthesis image system
CVE-2024-38467 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows
unauthorize ...)
@@ -3723,6 +3759,7 @@ CVE-2024-5171 (Integer overflow in libaom internal
functionimg_alloc_helper can
NOTE:
https://aomedia.googlesource.com/aom/+/19d9966572a410804349e1a8ee2017fed49a6dab
NOTE:
https://aomedia.googlesource.com/aom/+/8156fb76d88845d716867d20333fd27001be47a8
CVE-2024-5197 (There exists interger overflows in libvpx in versions prior to
1.14.1. ...)
+ {DLA-3830-1}
- libvpx 1.14.1-1
NOTE: https://issues.chromium.org/issues/332382766
NOTE:
https://github.com/webmproject/libvpx/commit/c5640e3300690705c336966e2a8bb346a388c829
@@ -95617,8 +95654,8 @@ CVE-2023-27638 (An issue was discovered in the
tshirtecommerce (aka Custom Produ
NOT-FOR-US: tshirtecommerce
CVE-2023-27637 (An issue was discovered in the tshirtecommerce (aka Custom
Product Des ...)
NOT-FOR-US: tshirtecommerce
-CVE-2023-27636
- RESERVED
+CVE-2023-27636 (Progress Sitefinity before 15.0.0 allows XSS by authenticated
users vi ...)
+ TODO: check
CVE-2023-1184 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: ECshop
CVE-2023-1183 (A flaw was found in the Libreoffice package. An attacker can
craft an ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0406ed0a3e748d9de5f1998b8824fe14c857c2c8
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0406ed0a3e748d9de5f1998b8824fe14c857c2c8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a3ed1a6a by security tracker role at 2024-06-16T20:11:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,37 @@
+CVE-2024-38468 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows
unauthorize ...)
+ TODO: check
+CVE-2024-38467 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows
unauthorize ...)
+ TODO: check
+CVE-2024-38466 (Shenzhen Guoxin Synthesis image system before 8.3.0 has a
123456Qw def ...)
+ TODO: check
+CVE-2024-38465 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows
username en ...)
+ TODO: check
+CVE-2024-38462 (iRODS before 4.3.2 provides an msiSendMail function with a
problematic ...)
+ TODO: check
+CVE-2024-38461 (irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed
with use ...)
+ TODO: check
+CVE-2024-38460 (In SonarQube before 10.4 and 9.9.4 LTA, encrypted values
generated usi ...)
+ TODO: check
+CVE-2024-38459 (langchain_experimental (aka LangChain Experimental) before
0.0.61 for ...)
+ TODO: check
+CVE-2024-38458 (Xenforo before 2.2.16 allows code injection.)
+ TODO: check
+CVE-2024-38457 (Xenforo before 2.2.16 allows CSRF.)
+ TODO: check
+CVE-2024-38454 (ExpressionEngine before 7.4.11 allows XSS.)
+ TODO: check
+CVE-2024-38448 (htags in GNU Global through 6.6.12 allows code execution in
situations ...)
+ TODO: check
+CVE-2024-38443 (C/sorting/binary_insertion_sort.c in The Algorithms - C
through e5dad3 ...)
+ TODO: check
+CVE-2024-38441 (Netatalk 3.2.0 has an off-by-one error and resultant
heap-based buffer ...)
+ TODO: check
+CVE-2024-38440 (Netatalk 3.2.0 has an off-by-one error and resultant
heap-based buffer ...)
+ TODO: check
+CVE-2024-38439 (Netatalk 3.2.0 has an off-by-one error and resultant
heap-based buffer ...)
+ TODO: check
+CVE-2024-36397 (Vantiva - MediaAccess DGA2232v19.4 -CWE-79: Improper
Neutralization of ...)
+ TODO: check
CVE-2024-38428 (url.c in GNU Wget through 1.24.5 mishandles semicolons in the
userinfo ...)
- wget (bug #1073523)
[bookworm] - wget (Minor issue)
@@ -3999,6 +4033,7 @@ CVE-2023-6382 (The Master Slider \u2013 Responsive Touch
Slider plugin for WordP
CVE-2024-5565 (The Vanna library uses a prompt function to present the user
with visu ...)
NOT-FOR-US: Vanna
CVE-2024-5564 (A vulnerability was found in libndp. This flaw allows a local
maliciou ...)
+ {DSA-5713-1}
- libndp 1.8-2 (bug #1072366)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2284122
NOTE: https://github.com/jpirko/libndp/issues/26
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3ed1a6a099703f3cd44b1beae2514141c138cdf
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3ed1a6a099703f3cd44b1beae2514141c138cdf
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
af84318a by security tracker role at 2024-06-16T08:12:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,11 @@
+CVE-2024-38428 (url.c in GNU Wget through 1.24.5 mishandles semicolons in the
userinfo ...)
+ TODO: check
+CVE-2024-38427 (In International Color Consortium DemoIccMAX before 85ce74e, a
logic f ...)
+ TODO: check
+CVE-2024-38395 (In iTerm2 before 3.5.2, the "Terminal may report window title"
setting ...)
+ TODO: check
+CVE-2024-38394 (Mismatches in interpreting USB authorization policy between
GNOME Sett ...)
+ TODO: check
CVE-2024-6016 (A vulnerability, which was classified as critical, has been
found in i ...)
NOT-FOR-US: itsourcecode Online Laundry Management System
CVE-2024-6015 (A vulnerability classified as critical was found in
itsourcecode Onlin ...)
@@ -18577,6 +18585,7 @@ CVE-2024-1789 (The WP SMTP plugin for WordPress is
vulnerable to SQL Injection v
CVE-2024-0740 (Eclipse Target Management: Terminal and Remote System Explorer
(RSE) v ...)
NOT-FOR-US: Eclipse Target Management: Terminal and Remote System
Explorer
CVE-2023-51794 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
+ {DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- ffmpeg
[bullseye] - ffmpeg (Pick up when fixed in 4.3.x)
@@ -19862,6 +19871,7 @@ CVE-2024-1065 (Use After Free vulnerability in Arm Ltd
Bifrost GPU Kernel Driver
CVE-2024-0671 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel
Driver, Arm ...)
NOT-FOR-US: Arm
CVE-2023-51798 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
+ {DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- ffmpeg
[bullseye] - ffmpeg (Pick up when fixed in 4.3.x)
@@ -19885,6 +19895,7 @@ CVE-2023-51796 (Buffer Overflow vulnerability in Ffmpeg
v.N113007-g8d24a28d06 al
NOTE: https://trac.ffmpeg.org/ticket/10753
NOTE: Fixed in
https://github.com/ffmpeg/FFmpeg/commit/61e73851a33f0b4cb7662f8578a4695e77bd3c19
(n7.0)
CVE-2023-51795 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
+ {DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- ffmpeg
[bullseye] - ffmpeg (Vulnerable code not present)
@@ -19893,6 +19904,7 @@ CVE-2023-51795 (Buffer Overflow vulnerability in Ffmpeg
v.N113007-g8d24a28d06 al
NOTE: Fixed in
https://github.com/FFmpeg/FFmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06
(n7.0)
NOTE: Introduced in
https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80
(n5.1)
CVE-2023-51793 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
+ {DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- ffmpeg
[bullseye] - ffmpeg (Pick up when fixed in 4.3.x)
@@ -19917,6 +19929,7 @@ CVE-2023-51791 (Buffer Overflow vulenrability in Ffmpeg
v.N113007-g8d24a28d06 al
CVE-2023-50260 (Wazuh is a free and open source platform used for threat
prevention, d ...)
NOT-FOR-US: Wazuh
CVE-2023-50010 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5
allows a ...)
+ {DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- ffmpeg
[bullseye] - ffmpeg (Pick up when fixed in 4.3.x)
@@ -20430,6 +20443,7 @@ CVE-2024-32161 (jizhiCMS 2.5 suffers from a File upload
vulnerability.)
CVE-2024-32130 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-31585 (FFmpeg version n5.1 to n6.1 was discovered to contain an
Off-by-one Er ...)
+ {DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- ffmpeg
[bullseye] - ffmpeg (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af84318aa7d443edde8341f6b05e10c16fca456d
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af84318aa7d443edde8341f6b05e10c16fca456d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3f3b5155 by security tracker role at 2024-06-15T20:12:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,39 @@
+CVE-2024-6016 (A vulnerability, which was classified as critical, has been
found in i ...)
+ TODO: check
+CVE-2024-6015 (A vulnerability classified as critical was found in
itsourcecode Onlin ...)
+ TODO: check
+CVE-2024-6014 (A vulnerability classified as critical has been found in
itsourcecode ...)
+ TODO: check
+CVE-2024-6013 (A vulnerability was found in itsourcecode Online Book Store
1.0. It ha ...)
+ TODO: check
+CVE-2024-6009 (A vulnerability has been found in itsourcecode Event Calendar
1.0 and ...)
+ TODO: check
+CVE-2024-6008 (A vulnerability, which was classified as critical, was found in
itsour ...)
+ TODO: check
+CVE-2024-6007 (A vulnerability classified as critical has been found in
Netentsec NS- ...)
+ TODO: check
+CVE-2024-6006 (A vulnerability was found in ZKTeco ZKBio CVSecurity V5000
4.1.0. It h ...)
+ TODO: check
+CVE-2024-6005 (A vulnerability was found in ZKTeco ZKBio CVSecurity V5000
4.1.0. It h ...)
+ TODO: check
+CVE-2024-5858 (The AI Infographic Maker plugin for WordPress is vulnerable to
unautho ...)
+ TODO: check
+CVE-2024-5611 (The Stratum \u2013 Elementor Widgets plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-4551 (The Video Gallery \u2013 YouTube Playlist, Channel Gallery by
YotuWP p ...)
+ TODO: check
+CVE-2024-4258 (The Video Gallery \u2013 YouTube Playlist, Channel Gallery by
YotuWP p ...)
+ TODO: check
+CVE-2024-4095 (The Collapse-O-Matic plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2024-3105 (The Woody code snippets \u2013 Insert Header Footer Code,
AdSense Ads ...)
+ TODO: check
+CVE-2024-31870 (IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined
table funct ...)
+ TODO: check
+CVE-2024-2695 (The Shariff Wrapper plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-27275 (IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege
escalation vul ...)
+ TODO: check
CVE-2024-6003 (A vulnerability was found in Guangdong Baolun Electronics IP
Network B ...)
NOT-FOR-US: Guangdong Baolun Electronics IP Network Broadcasting
Service Platform
CVE-2024-6000 (The FooEvents for WooCommerce plugin for WordPress is
vulnerable to un ...)
@@ -1620,7 +1656,7 @@ CVE-2023-38533 (A vulnerability has been identified in
TIA Administrator (All ve
CVE-2023-33922 (Missing Authorization vulnerability in Elementor Elementor
Website Bui ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5702 (Memory corruption in the networking stack could have led to a
potentia ...)
- {DSA-5709-1 DLA-3825-1}
+ {DSA-5711-1 DSA-5709-1 DLA-3825-1}
- firefox-esr 115.12.0esr-1
- thunderbird 1:115.12.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702
@@ -1629,7 +1665,7 @@ CVE-2024-5701 (Memory safety bugs present in Firefox 126.
Some of these bugs sho
- firefox 127.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5701
CVE-2024-5700 (Memory safety bugs present in Firefox 126, Firefox ESR 115.11,
and Thu ...)
- {DSA-5709-1 DLA-3825-1}
+ {DSA-5711-1 DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
- thunderbird 1:115.12.0-1
@@ -1646,7 +1682,7 @@ CVE-2024-5697 (A website was able to detect when a user
took a screenshot of a p
- firefox 127.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5697
CVE-2024-5696 (By manipulating the text in an `input` tag, an attacker
could ...)
- {DSA-5709-1 DLA-3825-1}
+ {DSA-5711-1 DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
- thunderbird 1:115.12.0-1
@@ -1660,7 +1696,7 @@ CVE-2024-5694 (An attacker could have caused a
use-after-free in the JavaScript
- firefox 127.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5694
CVE-2024-5693 (Offscreen Canvas did not properly track cross-origin tainting,
which c ...)
- {DSA-5709-1 DLA-3825-1}
+ {DSA-5711-1 DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
- thunderbird 1:115.12.0-1
@@ -1675,7 +1711,7 @@ CVE-2024-5692 (On Windows 10, when using the 'Save As'
functionality, an attacke
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5692
CVE-2024-5691 (By tricking
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fd611beb by security tracker role at 2024-06-15T08:12:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,35 @@
+CVE-2024-6003 (A vulnerability was found in Guangdong Baolun Electronics IP
Network B ...)
+ TODO: check
+CVE-2024-6000 (The FooEvents for WooCommerce plugin for WordPress is
vulnerable to un ...)
+ TODO: check
+CVE-2024-5871 (The WooCommerce - Social Login plugin for WordPress is
vulnerable to P ...)
+ TODO: check
+CVE-2024-5868 (The WooCommerce - Social Login plugin for WordPress is
vulnerable to E ...)
+ TODO: check
+CVE-2024-5263 (The ElementsKit Pro plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-4479 (The Jeg Elementor Kit plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2024-3815 (The Newspaper theme for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2024-3814 (The tagDiv Composer plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-3813 (The tagDiv Composer plugin for WordPress is vulnerable to Local
File I ...)
+ TODO: check
+CVE-2024-30120 (HCL DRYiCE Optibot Reset Station is impacted by an Unused
Parameter in ...)
+ TODO: check
+CVE-2024-30119 (HCL DRYiCE Optibot Reset Stationis impacted by a missing
Strict Transp ...)
+ TODO: check
+CVE-2024-2875
+ REJECTED
+CVE-2024-2544 (The Popup Builder plugin for WordPress is vulnerable to
unauthorized m ...)
+ TODO: check
+CVE-2024-21988 (StorageGRID (formerly StorageGRID Webscale) versions prior to
11.7.0. ...)
+ TODO: check
+CVE-2024-1399 (The Restaurant Menu \u2013 Food Ordering System \u2013 Table
Reservati ...)
+ TODO: check
+CVE-2023-6696 (The Popup Builder \u2013 Create highly converting, mobile
friendly mar ...)
+ TODO: check
CVE-2024-5996 (The notification emails sent by Soar Cloud HR Portal contain a
link wi ...)
NOT-FOR-US: Soar Cloud HR Portal
CVE-2024-5934
@@ -3853,6 +3885,7 @@ CVE-2024-3200 (The wpForo Forum plugin for WordPress is
vulnerable to SQL Inject
CVE-2024-35636 (Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare
Uploadca ...)
NOT-FOR-US: WordPress plugin
CVE-2024-36041 [ksmserver: Unauthorized users can access session manager]
+ {DLA-3827-1}
- plasma-workspace 4:5.27.11.1-1
NOTE: https://kde.org/info/security/advisory-20240531-1.txt
NOTE: Fixed by:
https://invent.kde.org/plasma/plasma-workspace/-/commit/da843d3fdb143ed44094c8e6246cfb8305f6f09f
@@ -37670,7 +37703,7 @@ CVE-2024-23136 (A maliciously crafted STP file in
ASMKERN228A.dll when parsed th
NOT-FOR-US: Autodesk
CVE-2024-23135 (A maliciously crafted SLDPRT file in ASMkern228A.dll when
parsed throu ...)
NOT-FOR-US: Autodesk
-CVE-2024-23134 (A maliciously crafted IGS file in tbb.dll when parsed through
Autodesk ...)
+CVE-2024-23134 (A maliciously crafted IGS or IGES file in tbb.dll when parsed
through ...)
NOT-FOR-US: Autodesk
CVE-2024-23133 (A maliciously crafted STP file in ASMDATAX228A.dll when parsed
through ...)
NOT-FOR-US: Autodesk
@@ -37696,9 +37729,9 @@ CVE-2024-23123 (A maliciously crafted CATPART file in
CC5Dll.dll or ASMBASE228A.
NOT-FOR-US: Autodesk
CVE-2024-23122 (A maliciously crafted 3DM file in opennurbs.dll when parsed
through Au ...)
NOT-FOR-US: Autodesk
-CVE-2024-23121 (A maliciously crafted MODEL file in libodxdll.dll when parsed
through ...)
+CVE-2024-23121 (A maliciously crafted MODEL file when parsed in libodxdll.dll
through ...)
NOT-FOR-US: Autodesk
-CVE-2024-23120 (A maliciously crafted STP file in ASMIMPORT228A.dll when
parsed throug ...)
+CVE-2024-23120 (A maliciously crafted STP and STEP file when parsed in
ASMIMPORT228A.d ...)
NOT-FOR-US: Autodesk
CVE-2024-1053 (The Event Tickets and Registration plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
@@ -43420,7 +43453,7 @@ CVE-2023-7227 (SystemK NVR 504/508/516 versions
2.3.5SK.30084998 and prior are v
CVE-2023-6282 (IceHrm 23.0.0.OS does not sufficiently encode user-controlled
input, w ...)
NOT-FOR-US: IceHrm
CVE-2023-52076 (Atril Document Viewer is the default document reader of the
MATE deskt ...)
- {DSA-5688-1}
+ {DSA-5688-1 DLA-3828-1}
- atril 1.26.2-1 (bug #1061522)
NOTE:
https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37
NOTE:
https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50
@@ -49388,6 +49421,7 @@ CVE-2023-51766 (Exim before 4.97.1 allows SMTP
smuggling in certain PIPELINING/C
NOTE:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f5f71b5 by security tracker role at 2024-06-14T20:14:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,113 @@ +CVE-2024-5996 (The notification emails sent by Soar Cloud HR Portal contain a link wi ...) + TODO: check +CVE-2024-5934 + REJECTED +CVE-2024-5731 (A vulnerability in the IPS Manager, Central Manager, and Local Manager ...) + TODO: check +CVE-2024-5685 (Users with "User:edit" and "Self:api" permissionscan promote or demote ...) + TODO: check +CVE-2024-5671 (Insecure Deserialization in some workflows of the IPS Manager allows u ...) + TODO: check +CVE-2024-5659 (Rockwell Automation was made aware of a vulnerability that causes all ...) + TODO: check +CVE-2024-4863 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) + TODO: check +CVE-2024-3912 (Certain models of ASUS routers have an arbitrary firmware upload vulne ...) + TODO: check +CVE-2024-37889 (MyFinances is a web application for managing finances. MyFinances has ...) + TODO: check +CVE-2024-37888 (The Open Link is a CKEditor plugin, extending context menu with a poss ...) + TODO: check +CVE-2024-37887 (Nextcloud Server is a self hosted personal cloud system. Private share ...) + TODO: check +CVE-2024-37886 (user_oidc app is an OpenID Connect user backend for Nextcloud. An atta ...) + TODO: check +CVE-2024-37885 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) + TODO: check +CVE-2024-37884 (Nextcloud Server is a self hosted personal cloud system. A malicious u ...) + TODO: check +CVE-2024-37883 (Nextcloud Deck is a kanban style organization tool aimed at personal p ...) + TODO: check +CVE-2024-37882 (Nextcloud Server is a self hosted personal cloud system. A recipient o ...) + TODO: check +CVE-2024-37831 (Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Inject ...) + TODO: check +CVE-2024-37645 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack o ...) + TODO: check +CVE-2024-37644 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcod ...) + TODO: check +CVE-2024-37643 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack o ...) + TODO: check +CVE-2024-37642 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command ...) + TODO: check +CVE-2024-37641 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack o ...) + TODO: check +CVE-2024-37640 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37639 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37637 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37369 (A privilege escalation vulnerability exists in the affected product. T ...) + TODO: check +CVE-2024-37368 (A user authentication vulnerability exists in the Rockwell AutomationF ...) + TODO: check +CVE-2024-37367 (A user authentication vulnerability exists in the Rockwell Automation ...) + TODO: check +CVE-2024-37317 (The Nextcloud Notes app is a distraction free notes taking app for Nex ...) + TODO: check +CVE-2024-37316 (Nextcloud Calendar is a calendar app for Nextcloud. Authenticated user ...) + TODO: check +CVE-2024-37315 (Nextcloud Server is a self hosted personal cloud system. An attacker w ...) + TODO: check +CVE-2024-37314 (Nextcloud Photos is a photo management app. Users can remove photos fr ...) + TODO: check +CVE-2024-37313 (Nextcloud server is a self hosted personal cloud system. Under some ci ...) + TODO: check +CVE-2024-37312 (user_oidc app is an OpenID Connect user backend for Nextcloud. Missing ...) + TODO: check +CVE-2024-37182 (Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for p ...) + TODO: check +CVE-2024-36656 (In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript c ...) + TODO: check +CVE-2024-36600 (Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to ...) + TODO: check +CVE-2024-36599 (A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows a ...) + TODO: check +CVE-2024-36598 (An arbitrary file upload vulnerability in Aegon Life v1.0 allows attac ...) + TODO: check +CVE-2024-36597 (Aegon Life v1.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-36459 (A CRLF cross-site scripting vulnerability has been identified in certa ...) + TODO: check +CVE-2024-36287 (Mattermost Desktop App versions <=5.7.0 fail
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 77194603 by security tracker role at 2024-06-14T08:14:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,323 @@ +CVE-2024-5995 (The notification emails sent by Soar Cloud HR Portal contain a link wi ...) + TODO: check +CVE-2024-5994 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) + TODO: check +CVE-2024-5985 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-5984 (A vulnerability was found in itsourcecode Online Bookstore 1.0. It has ...) + TODO: check +CVE-2024-5983 (A vulnerability was found in itsourcecode Online Bookstore 1.0. It has ...) + TODO: check +CVE-2024-5981 (A vulnerability was found in itsourcecode Online House Rental System 1 ...) + TODO: check +CVE-2024-5976 (A vulnerability was found in SourceCodester Employee and Visitor Gate ...) + TODO: check +CVE-2024-5961 (Improper neutralization of input during web page generation vulnerabil ...) + TODO: check +CVE-2024-5577 (The Where I Was, Where I Will Be plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5551 (The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-5465 (Function vulnerabilities in the Calendar module Impact: Successful exp ...) + TODO: check +CVE-2024-5464 (Vulnerability of insufficient permission verification in the NearLink ...) + TODO: check +CVE-2024-5155 (The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF che ...) + TODO: check +CVE-2024-4936 (The Canto plugin for WordPress is vulnerable to Remote File Inclusion ...) + TODO: check +CVE-2024-4751 (The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF che ...) + TODO: check +CVE-2024-4480 (The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF che ...) + TODO: check +CVE-2024-4404 (The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side ...) + TODO: check +CVE-2024-4271 (The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file ...) + TODO: check +CVE-2024-4270 (The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file c ...) + TODO: check +CVE-2024-4005 (The Social Pixel WordPress plugin through 2.1 does not sanitise and es ...) + TODO: check +CVE-2024-3993 (The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check ...) + TODO: check +CVE-2024-3992 (The Amen WordPress plugin through 3.3.1 does not sanitise and escape s ...) + TODO: check +CVE-2024-3978 (The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not va ...) + TODO: check +CVE-2024-3977 (The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sa ...) + TODO: check +CVE-2024-3972 (The Similarity WordPress plugin through 3.0 does not have CSRF check i ...) + TODO: check +CVE-2024-3971 (The Similarity WordPress plugin through 3.0 does not have CSRF check i ...) + TODO: check +CVE-2024-3966 (The Pray For Me WordPress plugin through 1.0.4 does not sanitise and e ...) + TODO: check +CVE-2024-3965 (The Pray For Me WordPress plugin through 1.0.4 does not have CSRF chec ...) + TODO: check +CVE-2024-3754 (The Alemha watermarker WordPress plugin through 1.3.1 does not sanitis ...) + TODO: check +CVE-2024-3498 (Attackers can then execute malicious files by enabling certain service ...) + TODO: check +CVE-2024-3497 (Path traversal vulnerability in the web server of the Toshiba printer ...) + TODO: check +CVE-2024-3496 (Attackers can bypass the web login authentication process to gain acce ...) + TODO: check +CVE-2024-3080 (Certain ASUS router models have authentication bypass vulnerability, a ...) + TODO: check +CVE-2024-3079 (Certain models of ASUS routers have buffer overflow vulnerabilities, a ...) + TODO: check +CVE-2024-36503 (Memory management vulnerability in the Gralloc module Impact: Successf ...) + TODO: check +CVE-2024-36502 (Out-of-bounds read vulnerability in the audio module Impact: Successfu ...) + TODO: check +CVE-2024-36501 (Memory management vulnerability in the boottime module Impact: Success ...) + TODO: check +CVE-2024-36500 (Privilege escalation vulnerability in the AMS module Impact: Successfu ...) + TODO: check +CVE-2024-36499 (Vulnerability of unauthorized screenshot capturing in the WMS module I ...) + TODO: check +CVE-2024-33253 (Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learnin ...) + TODO: check +CVE-2024-32930 (In plugin_ipc_handler of slc_plugin.c, there is a possible information ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dcc96146 by security tracker role at 2024-06-13T20:14:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,193 @@ +CVE-2024-5952 (Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-S ...) + TODO: check +CVE-2024-5951 (Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denia ...) + TODO: check +CVE-2024-5950 (Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffe ...) + TODO: check +CVE-2024-5949 (Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of ...) + TODO: check +CVE-2024-5948 (Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Over ...) + TODO: check +CVE-2024-5947 (Deep Sea Electronics DSE855 Configuration Backup Missing Authenticatio ...) + TODO: check +CVE-2024-5927 + REJECTED +CVE-2024-5924 (Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. T ...) + TODO: check +CVE-2024-4696 (A privilege escalation vulnerability was reported in Lenovo Service Br ...) + TODO: check +CVE-2024-4371 (The CoDesigner WooCommerce Builder for Elementor \u2013 Customize Chec ...) + TODO: check +CVE-2024-4176 (An Cross site scripting vulnerability in the EDR XConsole before this ...) + TODO: check +CVE-2024-3073 (The Easy WP SMTP by SendLayer \u2013 WordPress SMTP and Email Log Plug ...) + TODO: check +CVE-2024-38313 (In certain scenarios a malicious website could attempt to display a fa ...) + TODO: check +CVE-2024-38312 (When browsing private tabs, some data related to location history or w ...) + TODO: check +CVE-2024-38285 (Logs storing credentials are insufficiently protected and can be decod ...) + TODO: check +CVE-2024-38284 (Transmitted data is logged between the device and the backend service. ...) + TODO: check +CVE-2024-38283 (Sensitive customer information is stored in the device without encrypt ...) + TODO: check +CVE-2024-38282 (Utilizing default credentials, an attacker is able to log into the cam ...) + TODO: check +CVE-2024-38281 (An attacker can access the maintenance console using hard coded creden ...) + TODO: check +CVE-2024-38280 (An unauthorized user is able to gain access to sensitive data, includi ...) + TODO: check +CVE-2024-38279 (The affected product is vulnerable to an attacker modifying the bootlo ...) + TODO: check +CVE-2024-38083 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + TODO: check +CVE-2024-37877 (UERANSIM before 3.2.6 allows out-of-bounds read when a RLS packet is s ...) + TODO: check +CVE-2024-37849 (A SQL Injection vulnerability in itsourcecode Billing System 1.0 allow ...) + TODO: check +CVE-2024-37635 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37634 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37633 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37632 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37631 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37630 (D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded passwor ...) + TODO: check +CVE-2024-37309 (CrateDB is a distributed SQL database. A high-risk vulnerability has b ...) + TODO: check +CVE-2024-37308 (The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent ...) + TODO: check +CVE-2024-37307 (Cilium is a networking, observability, and security solution with an e ...) + TODO: check +CVE-2024-37306 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...) + TODO: check +CVE-2024-37164 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...) + TODO: check +CVE-2024-37131 (SCG Policy Manager, all versions, contains an overly permissive Cross- ...) + TODO: check +CVE-2024-37029 (Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based ...) + TODO: check +CVE-2024-37022 (Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-boun ...) + TODO: check +CVE-2024-36760 (A stack overflow vulnerability was found in version 1.18.0 of rhai. Th ...) + TODO: check +CVE-2024-36647 (A stored cross-site scripting (XSS) vulnerability in Church CRM v5.8.0 ...) + TODO: check +CVE-2024-36589 (An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2 ...) + TODO: check +CVE-2024-36588 (An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bd01a430 by security tracker role at 2024-06-13T08:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,339 @@ +CVE-2024-5787 (The PowerPack Addons for Elementor (Free Widgets, Extensions and Templ ...) + TODO: check +CVE-2024-5757 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-5661 (An issue has been identified in both XenServer 8 and Citrix Hypervisor ...) + TODO: check +CVE-2024-5265 (The WPBakery Visual Composer plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-4615 (The Elespare \u2013 Blog, Magazine and Newspaper Addons for Elementor ...) + TODO: check +CVE-2024-4576 (The component listed above contains a vulnerability that allows an att ...) + TODO: check +CVE-2024-4201 (A cross-site scripting issue has been discovered in GitLab affecting a ...) + TODO: check +CVE-2024-4149 (The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, ...) + TODO: check +CVE-2024-4145 (The Search & Replace WordPress plugin before 3.2.2 does not sanitize a ...) + TODO: check +CVE-2024-3922 (The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via ...) + TODO: check +CVE-2024-3552 (The Web Directory Free WordPress plugin before 1.7.0 does not sanitise ...) + TODO: check +CVE-2024-3468 (There is a vulnerability in AVEVA PI Web API that could allow maliciou ...) + TODO: check +CVE-2024-3467 (There is a vulnerability in AVEVA PI Asset Framework Client that could ...) + TODO: check +CVE-2024-3032 (Themify Builder WordPress plugin before 7.5.8 does not validate a para ...) + TODO: check +CVE-2024-38295 (ALCASAR before 3.6.1 allows still_connected.php remote code execution.) + TODO: check +CVE-2024-38294 (ALCASAR before 3.6.1 allows email_registration_back.php remote code ex ...) + TODO: check +CVE-2024-38293 (ALCASAR before 3.6.1 allows CSRF and remote code execution in activity ...) + TODO: check +CVE-2024-37665 (An access control issue in Wvp GB28181 Pro 2.0 allows authenticated at ...) + TODO: check +CVE-2024-36523 (An access control issue in Wvp GB28181 Pro 2.0 allows users to continu ...) + TODO: check +CVE-2024-36239 (Adobe Experience Manager versions 6.5.20 and earlier Answer: are affec ...) + TODO: check +CVE-2024-36238 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36236 (Adobe Experience Manager versions 6.5.20 and earlier Answer: are affec ...) + TODO: check +CVE-2024-36235 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36234 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36233 (Adobe Experience Manager versions 6.5.20 and earlier Answer: are affec ...) + TODO: check +CVE-2024-36232 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36231 (Adobe Experience Manager versions 6.5.20 and earlier Answer: are affec ...) + TODO: check +CVE-2024-36230 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36229 (Adobe Experience Manager versions 6.5.20 and earlier Answer: are affec ...) + TODO: check +CVE-2024-36228 (Adobe Experience Manager versions 6.5.20 and earlier Answer: are affec ...) + TODO: check +CVE-2024-36227 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36226 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36225 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36224 (Adobe Experience Manager versions 6.5.20 and earlier Answer: are affec ...) + TODO: check +CVE-2024-36222 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36221 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36220 (Adobe Experience Manager versions 6.5.20 and earlier Answer: are affec ...) + TODO: check +CVE-2024-36219 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36218 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36217 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36216 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: df97ab30 by security tracker role at 2024-06-12T20:12:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,169 @@ +CVE-2024-5909 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...) + TODO: check +CVE-2024-5908 (A problem with the Palo Alto Networks GlobalProtect app can result in ...) + TODO: check +CVE-2024-5907 (A privilege escalation (PE) vulnerability in the Palo Alto Networks Co ...) + TODO: check +CVE-2024-5906 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prism ...) + TODO: check +CVE-2024-5905 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...) + TODO: check +CVE-2024-5898 (A vulnerability was found in itsourcecode Payroll Management System 1. ...) + TODO: check +CVE-2024-5897 (A vulnerability has been found in SourceCodester Employee and Visitor ...) + TODO: check +CVE-2024-5896 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-5895 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-5894 (A vulnerability classified as critical was found in SourceCodester Onl ...) + TODO: check +CVE-2024-5893 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-5891 (A vulnerability was found in Quay. If an attacker can obtain the clien ...) + TODO: check +CVE-2024-5798 (Vault and Vault Enterprise did not properly validate the JSON Web Toke ...) + TODO: check +CVE-2024-5759 (An improper privilege management vulnerability exists in Tenable Secur ...) + TODO: check +CVE-2024-5674 (The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-5560 (CWE-125: Out-of-bounds Read vulnerability exists that could cause deni ...) + TODO: check +CVE-2024-5559 (CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabilit ...) + TODO: check +CVE-2024-5558 (CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerabili ...) + TODO: check +CVE-2024-5557 (CWE-532: Insertion of Sensitive Information into Log File vulnerabilit ...) + TODO: check +CVE-2024-5468 (The WordPress Header Builder Plugin \u2013 Pearl plugin for WordPress ...) + TODO: check +CVE-2024-5313 (CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists th ...) + TODO: check +CVE-2024-5266 (The Download Manager Pro plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-5211 (A path traversal vulnerability in mintplex-labs/anything-llm allowed a ...) + TODO: check +CVE-2024-5056 (CWE-552: Files or Directories Accessible to External Parties vulnerabi ...) + TODO: check +CVE-2024-4898 (The InstaWP Connect \u2013 1-click WP Staging & Migration plugin for W ...) + TODO: check +CVE-2024-4845 (The Icegram Express plugin for WordPress is vulnerable to SQL Injectio ...) + TODO: check +CVE-2024-3492 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...) + TODO: check +CVE-2024-37878 (Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote at ...) + TODO: check +CVE-2024-37629 (SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the ...) + TODO: check +CVE-2024-37304 (NuGet Gallery is a package repository that powers nuget.org. The NuGet ...) + TODO: check +CVE-2024-37300 (OAuthenticator is software that allows OAuth2 identity providers to be ...) + TODO: check +CVE-2024-37297 (WooCommerce is an open-source e-commerce platform built on WordPress. ...) + TODO: check +CVE-2024-37040 (CWE-120: Buffer Copy without Checking Size of Input (\u2018Classic Buf ...) + TODO: check +CVE-2024-37039 (CWE-252: Unchecked Return Value vulnerability exists that could cause ...) + TODO: check +CVE-2024-37038 (CWE-276: Incorrect Default Permissions vulnerability exists that could ...) + TODO: check +CVE-2024-37037 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\ ...) + TODO: check +CVE-2024-37036 (CWE-787: Out-of-bounds Write vulnerability exists that could result in ...) + TODO: check +CVE-2024-36840 (SQL Injection vulnerability in Boelter Blue System Management v.1.3 al ...) + TODO: check +CVE-2024-36761 (naga v0.14.0 was discovered to contain a stack overflow via the compon ...) + TODO: check +CVE-2024-36699 (GNU Debugger v8.2 to v14.2 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2024-36691 (Insecure permissions in the AdminController.AjaxSave() method of PPGo_ ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 702c090a by security tracker role at 2024-06-12T08:12:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,74 +1,134 @@ +CVE-2024-5892 (The Divi Torque Lite \u2013 Divi Theme and Extra Theme plugin for Word ...) + TODO: check +CVE-2024-5873 + REJECTED +CVE-2024-5783 + REJECTED +CVE-2024-5782 + REJECTED +CVE-2024-5781 + REJECTED +CVE-2024-5780 + REJECTED +CVE-2024-5779 + REJECTED +CVE-2024-5778 + REJECTED +CVE-2024-5777 + REJECTED +CVE-2024-5776 + REJECTED +CVE-2024-5739 (The in-app browser of LINE iOS versions below 14.9.0 contains a Univer ...) + TODO: check +CVE-2024-5646 (The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-5553 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5543 (The Slideshow Gallery LITE plugin for WordPress is vulnerable to time- ...) + TODO: check +CVE-2024-4924 (The Social Sharing Plugin WordPress plugin before 3.3.63 does not san ...) + TODO: check +CVE-2024-4892 (The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-4669 (The Events Addon for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-4564 (The CoDesigner WooCommerce Builder for Elementor \u2013 Customize Chec ...) + TODO: check +CVE-2024-4315 (parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI ...) + TODO: check +CVE-2024-3925 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) + TODO: check +CVE-2024-3559 (The Custom Field Suite plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-36856 (RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Servic ...) + TODO: check +CVE-2024-36454 (Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x ...) + TODO: check +CVE-2024-36103 (OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlie ...) + TODO: check +CVE-2024-35225 (Jupyter Server Proxy allows users to run arbitrary external processes ...) + TODO: check +CVE-2024-33606 (An attacker could retrieve sensitive files (medical images) as well as ...) + TODO: check +CVE-2024-28970 (Dell Client BIOS contains an Out-of-bounds Write vulnerability. A loca ...) + TODO: check +CVE-2024-28877 (MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow ...) + TODO: check +CVE-2024-0427 (The ARForms - Premium WordPress Form Builder Plugin WordPress plugin b ...) + TODO: check +CVE-2024-0160 (Dell Client Platform contains an incorrect authorization vulnerability ...) + TODO: check CVE-2024-25131 NOT-FOR-US: MustGather.managed.openshift.io Custom Defined Resource (CRD) -CVE-2024-5847 +CVE-2024-5847 (Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allow ...) - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-5846 +CVE-2024-5846 (Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allow ...) - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-5845 +CVE-2024-5845 (Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowe ...) - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-5844 +CVE-2024-5844 (Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478 ...) - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-5843 +CVE-2024-5843 (Inappropriate implementation in Downloads in Google Chrome prior to 12 ...) - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-5842 +CVE-2024-5842 (Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 a ...) - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-5841 +CVE-2024-5841 (Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a ...) - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-5840 +CVE-2024-5840 (Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed ...) - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-5839 +CVE-2024-5839 (Inappropriate Implementation in Memory Allocator in Google Chrome prio ...) - chromium
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 03ea5981 by security tracker role at 2024-06-11T20:12:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,66 +1,370 @@ -CVE-2024-5702 +CVE-2024-5851 (A vulnerability classified as problematic has been found in playSMS up ...) + TODO: check +CVE-2024-5829 (A vulnerability classified as problematic was found in smallweigit Avu ...) + TODO: check +CVE-2024-5825 + REJECTED +CVE-2024-5813 (A medium severity vulnerability in BIPS has been identified where an a ...) + TODO: check +CVE-2024-5812 (A low severity vulnerability in BIPS has been identified where an atta ...) + TODO: check +CVE-2024-5584 (The WordPress Online Booking and Scheduling Plugin \u2013 Bookly plugi ...) + TODO: check +CVE-2024-5531 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-5398 + REJECTED +CVE-2024-5189 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-4387 + REJECTED +CVE-2024-4206 + REJECTED +CVE-2024-4190 (Stored Cross-Site Scripting (XSS) vulnerabilities have been identified ...) + TODO: check +CVE-2024-4155 + REJECTED +CVE-2024-37325 (Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerabil ...) + TODO: check +CVE-2024-37301 (Document Merge Service is a document template merge service providing ...) + TODO: check +CVE-2024-37296 (The Aimeos HTML client provides Aimeos HTML components for e-commerce ...) + TODO: check +CVE-2024-37295 (Aimeos is an Open Source e-commerce framework for online shops. Starti ...) + TODO: check +CVE-2024-37294 (Aimeos is an Open Source e-commerce framework for online shops. All Sa ...) + TODO: check +CVE-2024-37293 (The AWS Deployment Framework (ADF) is a framework to manage and deploy ...) + TODO: check +CVE-2024-37161 (MeterSphere is an open source continuous testing platform. Prior to ve ...) + TODO: check +CVE-2024-36821 (Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 a ...) + TODO: check +CVE-2024-36702 (libiec61850 v1.5 was discovered to contain a heap overflow via the Ber ...) + TODO: check +CVE-2024-36650 (TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1 ...) + TODO: check +CVE-2024-36266 (A vulnerability has been identified in PowerSys (All versions < V3.11) ...) + TODO: check +CVE-2024-35716 (Missing Authorization vulnerability in Copymatic Copymatic \u2013 AI C ...) + TODO: check +CVE-2024-35692 (Missing Authorization vulnerability in Termly Cookie Consent.This issu ...) + TODO: check +CVE-2024-35685 (Missing Authorization vulnerability in Anders Nor\xe9n Radcliffe 2.Thi ...) + TODO: check +CVE-2024-35683 (Missing Authorization vulnerability in Teplitsa of social technologies ...) + TODO: check +CVE-2024-35671 (Missing Authorization vulnerability in Minoji MJ Update History.This i ...) + TODO: check +CVE-2024-35667 (Missing Authorization vulnerability in WP EasyCart.This issue affects ...) + TODO: check +CVE-2024-35665 (Missing Authorization vulnerability in namithjawahar Insert Post Ads.T ...) + TODO: check +CVE-2024-35663 (Missing Authorization vulnerability in HahnCreativeGroup WP Translate. ...) + TODO: check +CVE-2024-35628 (Missing Authorization vulnerability in Photo Gallery Team Photo Galler ...) + TODO: check +CVE-2024-35303 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...) + TODO: check +CVE-2024-35292 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 ( ...) + TODO: check +CVE-2024-35265 (Windows Perception Service Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-35263 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerabil ...) + TODO: check +CVE-2024-35255 (Azure Identity Libraries and Microsoft Authentication Library Elevatio ...) + TODO: check +CVE-2024-35254 (Azure Monitor Agent Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-35253 (Microsoft Azure File Sync Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-35252 (Azure Storage Movement Client Library Denial of Service Vulnerability) + TODO: check +CVE-2024-35250 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-35249 (Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerab ...) + TODO: check +CVE-2024-35248 (Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnera ...) + TODO: check +CVE-2024-35213 (An improper input validation vulnerability in the SGI Image Codec of Q
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dba58818 by security tracker role at 2024-06-11T08:12:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,185 @@ +CVE-2024-5530 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) + TODO: check +CVE-2024-5090 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-4319 (The Advanced Contact form 7 DB plugin for WordPress is vulnerable to u ...) + TODO: check +CVE-2024-4266 (The MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder f ...) + TODO: check +CVE-2024-3723 (The Advanced Contact form 7 DB plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-3549 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...) + TODO: check +CVE-2024-37289 (An improper access control vulnerability in Trend Micro Apex One could ...) + TODO: check +CVE-2024-37178 (SAP Financial Consolidation does not sufficiently encode user-controll ...) + TODO: check +CVE-2024-37177 (SAP Financial Consolidation allows data to enter a Web application thr ...) + TODO: check +CVE-2024-37176 (SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an ...) + TODO: check +CVE-2024-37169 (@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior ...) + TODO: check +CVE-2024-37168 (@grpc/grps-js implements the core functionality of gRPC purely in Java ...) + TODO: check +CVE-2024-37166 (ghtml is software that uses tagged templates for template engine funct ...) + TODO: check +CVE-2024-37130 (Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, con ...) + TODO: check +CVE-2024-36473 (Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerabl ...) + TODO: check +CVE-2024-36471 (Import functionality is vulnerable to DNS rebinding attacks between ve ...) + TODO: check +CVE-2024-36419 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36418 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36416 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36360 (OS command injection vulnerability exists in awkblog v0.0.1 (commit ha ...) + TODO: check +CVE-2024-36359 (A cross-site scripting (XSS) vulnerability in Trend Micro InterScan We ...) + TODO: check +CVE-2024-36358 (A link following vulnerability in Trend Micro Deep Security 20.x agent ...) + TODO: check +CVE-2024-36307 (A security agent link following vulnerability in Trend Micro Apex One ...) + TODO: check +CVE-2024-36306 (A link following vulnerability in the Trend Micro Apex One and Apex On ...) + TODO: check +CVE-2024-36305 (A security agent link following vulnerability in Trend Micro Apex One ...) + TODO: check +CVE-2024-36304 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One ...) + TODO: check +CVE-2024-36303 (An origin validation vulnerability in the Trend Micro Apex One securit ...) + TODO: check +CVE-2024-36302 (An origin validation vulnerability in the Trend Micro Apex One securit ...) + TODO: check +CVE-2024-35329 (libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_do ...) + TODO: check +CVE-2024-35242 (Composer is a dependency manager for PHP. On the 2.x branch prior to v ...) + TODO: check +CVE-2024-35241 (Composer is a dependency manager for PHP. On the 2.x branch prior to v ...) + TODO: check +CVE-2024-34691 (Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform ...) + TODO: check +CVE-2024-34690 (SAP Student Life Cycle Management (SLcM) fails to conduct proper autho ...) + TODO: check +CVE-2024-34688 (Due to unrestricted access to the Meta Model Repository services in SA ...) + TODO: check +CVE-2024-34686 (Due to insufficient input validation, SAP CRM WebClient UI allows an u ...) + TODO: check +CVE-2024-34684 (On Unix, SAP BusinessObjects Business Intelligence Platform (Schedulin ...) + TODO: check +CVE-2024-34683 (An authenticated attacker can upload malicious file to SAP Document Bu ...) + TODO: check +CVE-2024-33850 (Pexip Infinity before 34.1 has Improper Access Control for persons in ...) + TODO: check +CVE-2024-33001 (SAP NetWeaver and ABAP platform allows an attacker to impede performan ...) + TODO: check +CVE-2024-32849 (Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Esca ...) + TODO: check +CVE-2024-31404 (Insertion of sensitive information into sent data issue exists in Cybo ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d4ef0e4a by security tracker role at 2024-06-10T20:12:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,9 +1,141 @@
-CVE-2024-36972 [af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue
lock.]
+CVE-2024-5786 (Cross-Site Request Forgery vulnerability in Comtrend router
WLD71-T1_v ...)
+ TODO: check
+CVE-2024-5785 (Command injection vulnerability in Comtrend router
WLD71-T1_v2.0.20182 ...)
+ TODO: check
+CVE-2024-5597 (Fuji Electric Monitouch V-SFTis vulnerable to a type confusion,
which ...)
+ TODO: check
+CVE-2024-5102 (A sym-linked file accessed via the repair function in Avast
Antivirus ...)
+ TODO: check
+CVE-2024-4745 (Missing Authorization vulnerability in RafflePress Giveaways
and Conte ...)
+ TODO: check
+CVE-2024-4744 (Missing Authorization vulnerability in Avirtum iPages
Flipbook.This is ...)
+ TODO: check
+CVE-2024-4403 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the
restar ...)
+ TODO: check
+CVE-2024-3850 (Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site
scripting ...)
+ TODO: check
+CVE-2024-3700 (Use of hard-coded password to the patients' database allows an
attacke ...)
+ TODO: check
+CVE-2024-3699 (Use of hard-coded password to the patients' database allows an
attacke ...)
+ TODO: check
+CVE-2024-37393 (Multiple LDAP injections vulnerabilities exist in SecurEnvoy
MFA befor ...)
+ TODO: check
+CVE-2024-37051 (GitHub access token could be exposed to third-party sites in
JetBrains ...)
+ TODO: check
+CVE-2024-37014 (Langflow through 0.6.19 allows remote code execution if
untrusted user ...)
+ TODO: check
+CVE-2024-36531 (nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and
before are vu ...)
+ TODO: check
+CVE-2024-36528 (nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and
before have a ...)
+ TODO: check
+CVE-2024-36417 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36415 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36414 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36413 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36412 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36411 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36410 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36409 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36408 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36407 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36406 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36405 (liboqs is a C-language cryptographic library that provides
implementat ...)
+ TODO: check
+CVE-2024-35754 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35749 (Authentication Bypass by Spoofing vulnerability in Acurax
Under Constr ...)
+ TODO: check
+CVE-2024-35747 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
+ TODO: check
+CVE-2024-35746 (Unrestricted Upload of File with Dangerous Type vulnerability
in Asgha ...)
+ TODO: check
+CVE-2024-35745 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35744 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35743 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35728 (Improper Neutralization of Special Elements in Output Used by
a Downst ...)
+ TODO: check
+CVE-2024-35712 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35680 (Improper Neutralization of Special Elements in Output Used by
a Downst ...)
+ TODO: check
+CVE-2024-35677 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35658 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35650 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c6b2428e by security tracker role at 2024-06-10T08:11:58+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,37 @@ +CVE-2024-5389 (In lunary-ai/lunary version 1.2.13, an insufficient granularity of acc ...) + TODO: check +CVE-2024-4746 (Missing Authorization vulnerability in Netgsm.This issue affects Netgs ...) + TODO: check +CVE-2024-4328 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_ ...) + TODO: check +CVE-2024-37880 (The Kyber reference implementation before 9b8d306, when compiled by LL ...) + TODO: check +CVE-2024-35742 (Missing Authorization vulnerability in Code Parrots Easy Forms for Mai ...) + TODO: check +CVE-2024-35741 (Missing Authorization vulnerability in Awesome Support Team Awesome Su ...) + TODO: check +CVE-2024-35735 (Missing Authorization vulnerability in CodePeople WP Time Slots Bookin ...) + TODO: check +CVE-2024-35729 (Missing Authorization vulnerability in Tickera.This issue affects Tick ...) + TODO: check +CVE-2024-35727 (Missing Authorization vulnerability in actpro Extra Product Options fo ...) + TODO: check +CVE-2024-35726 (Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue ...) + TODO: check +CVE-2024-35725 (Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit ...) + TODO: check +CVE-2024-35724 (Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addo ...) + TODO: check +CVE-2024-35723 (Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do Li ...) + TODO: check +CVE-2024-35722 (Missing Authorization vulnerability in A WP Life Slider Responsive Sli ...) + TODO: check +CVE-2024-35721 (Missing Authorization vulnerability in A WP Life Image Gallery \u2013 ...) + TODO: check +CVE-2024-35720 (Missing Authorization vulnerability in A WP Life Album Gallery \u2013 ...) + TODO: check +CVE-2024-35717 (Missing Authorization vulnerability in A WP Life Media Slider \u2013 P ...) + TODO: check CVE-2024-37570 (On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.h ...) TODO: check CVE-2024-37569 (An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x throug ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6b2428e7db18478b1e0788da3f99aebb9298edb -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6b2428e7db18478b1e0788da3f99aebb9298edb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bb24258b by security tracker role at 2024-06-09T20:11:58+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,194 @@ -CVE-2024-37535 +CVE-2024-37570 (On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.h ...) + TODO: check +CVE-2024-37569 (An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x throug ...) + TODO: check +CVE-2024-37568 (lepture Authlib before 1.3.1 has algorithm confusion with asymmetric p ...) + TODO: check +CVE-2024-35748 (Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.T ...) + TODO: check +CVE-2024-35669 (Missing Authorization vulnerability in Bowo Debug Log Manager.This iss ...) + TODO: check +CVE-2024-35662 (Missing Authorization vulnerability in Andreas Sofantzis Simple COD Fe ...) + TODO: check +CVE-2024-35661 (Missing Authorization vulnerability in SoftLab Upload Fields for WPFor ...) + TODO: check +CVE-2024-35660 (Missing Authorization vulnerability in Jewel Theme Master Addons for E ...) + TODO: check +CVE-2024-34802 (Missing Authorization vulnerability in AdFoxly AdFoxly \u2013 Ad Manag ...) + TODO: check +CVE-2024-34435 (Missing Authorization vulnerability in CodeRevolution Aiomatic.This is ...) + TODO: check +CVE-2024-33572 (Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Bl ...) + TODO: check +CVE-2024-33565 (Missing Authorization vulnerability in UkrSolution Barcode Scanner wit ...) + TODO: check +CVE-2024-33564 (Missing Authorization vulnerability in 8theme XStore.This issue affect ...) + TODO: check +CVE-2024-33563 (Missing Authorization vulnerability in 8theme XStore.This issue affect ...) + TODO: check +CVE-2024-33561 (Missing Authorization vulnerability in 8theme XStore.This issue affect ...) + TODO: check +CVE-2024-33555 (Missing Authorization vulnerability in 8theme XStore Core.This issue a ...) + TODO: check +CVE-2024-33547 (Missing Authorization vulnerability in AA-Team WZone.This issue affect ...) + TODO: check +CVE-2024-33545 (Missing Authorization vulnerability in AA-Team WZone.This issue affect ...) + TODO: check +CVE-2024-33543 (Missing Authorization vulnerability in CodePeople WP Time Slots Bookin ...) + TODO: check +CVE-2024-32824 (Missing Authorization vulnerability in Evergreen Content Poster.This i ...) + TODO: check +CVE-2024-32821 (Missing Authorization vulnerability in TotalSuite Total Poll Lite.This ...) + TODO: check +CVE-2024-32820 (Missing Authorization vulnerability in Social Share Pro Social Share I ...) + TODO: check +CVE-2024-32818 (Missing Authorization vulnerability in realmag777 WordPress Meta Data ...) + TODO: check +CVE-2024-32814 (Missing Authorization vulnerability in Zorem Advanced Local Pickup for ...) + TODO: check +CVE-2024-32813 (Missing Authorization vulnerability in SoftLab Integrate Google Drive. ...) + TODO: check +CVE-2024-32811 (Insertion of Sensitive Information into Log File vulnerability in Octo ...) + TODO: check +CVE-2024-32805 (Missing Authorization vulnerability in Social Snap.This issue affects ...) + TODO: check +CVE-2024-32804 (Missing Authorization vulnerability in Martin Gibson WP GoToWebinar.Th ...) + TODO: check +CVE-2024-32799 (Missing Authorization vulnerability in Merv Barrett Easy Property List ...) + TODO: check +CVE-2024-32798 (Missing Authorization vulnerability in WP Travel Engine.This issue aff ...) + TODO: check +CVE-2024-32797 (Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto ...) + TODO: check +CVE-2024-32792 (Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue ...) + TODO: check +CVE-2024-32787 (Missing Authorization vulnerability in Copy Content Protection Team Se ...) + TODO: check +CVE-2024-32784 (Missing Authorization vulnerability in CookieHub.This issue affects Co ...) + TODO: check +CVE-2024-32783 (Missing Authorization vulnerability in wpcreativeidea Advanced Testimo ...) + TODO: check +CVE-2024-32779 (Missing Authorization vulnerability in Avirtum Vision Interactive.This ...) + TODO: check +CVE-2024-32778 (Missing Authorization vulnerability in Contest Gallery.This issue affe ...) + TODO: check +CVE-2024-32777 (Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Br ...) + TODO: check +CVE-2024-32727 (Missing Authorization vulnerability in Rometheme RomethemeForm For Ele ...) + TODO: check +CVE-2024-32725 (Missing Authorization vulnerability in Saleswonder 5 Stars Rating Funn ...) + TODO: check +CVE-2024-32715 (Missing Authorization vulnerability in Olive Themes
