[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 817d4e1d by security tracker role at 2024-07-29T20:12:39+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,455 +1,545 @@ -CVE-2024-42098 [crypto: ecdh - explicitly zeroize private_key] +CVE-2024-7200 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-7199 (A vulnerability classified as critical was found in SourceCodester Com ...) + TODO: check +CVE-2024-7198 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-7197 (A vulnerability was found in SourceCodester Complaints Report Manageme ...) + TODO: check +CVE-2024-7196 (A vulnerability was found in SourceCodester Complaints Report Manageme ...) + TODO: check +CVE-2024-7195 (A vulnerability was found in itsourcecode Society Management System 1. ...) + TODO: check +CVE-2024-7194 (A vulnerability was found in itsourcecode Society Management System 1. ...) + TODO: check +CVE-2024-7193 (A vulnerability has been found in Mp3tag up to 3.26d and classified as ...) + TODO: check +CVE-2024-7192 (A vulnerability, which was classified as critical, was found in itsour ...) + TODO: check +CVE-2024-7191 (A vulnerability, which was classified as critical, has been found in i ...) + TODO: check +CVE-2024-6984 (An issue was discovered in Juju that resulted in the leak of the sensi ...) + TODO: check +CVE-2024-6881 (Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authe ...) + TODO: check +CVE-2024-6761 + REJECTED +CVE-2024-6748 (Zohocorp ManageEngineOpManager, OpManager Plus, OpManager MSP and RMM ...) + TODO: check +CVE-2024-6727 (A flaw in versions of Delphix Data Control Tower (DCT) prior to 19.0.0 ...) + TODO: check +CVE-2024-6726 (Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw wh ...) + TODO: check +CVE-2024-6578 (A stored cross-site scripting (XSS) vulnerability exists in aimhubio/a ...) + TODO: check +CVE-2024-6576 (Improper Authentication vulnerability in Progress MOVEit Transfer (SFT ...) + TODO: check +CVE-2024-6124 (Reflected XSS in M-Files Hubshare before version 5.0.6.0 allowsan atta ...) + TODO: check +CVE-2024-4848 + REJECTED +CVE-2024-41881 (SDoP versions prior to 1.11 fails to handle appropriately some paramet ...) + TODO: check +CVE-2024-41819 (Note Mark is a web-based Markdown notes app. A stored cross-site scrip ...) + TODO: check +CVE-2024-41818 (fast-xml-parser is an open source, pure javascript xml parser. a ReDOS ...) + TODO: check +CVE-2024-41817 (ImageMagick is a free and open-source software suite, used for editing ...) + TODO: check +CVE-2024-41810 (Twisted is an event-based framework for internet applications, support ...) + TODO: check +CVE-2024-41799 (tgstation-server is a production scale tool for BYOND server managemen ...) + TODO: check +CVE-2024-41726 (Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 ...) + TODO: check +CVE-2024-41676 (Magento-lts is a long-term support alternative to Magento Community Ed ...) + TODO: check +CVE-2024-41671 (Twisted is an event-based framework for internet applications, support ...) + TODO: check +CVE-2024-41640 (Cross Site Scripting (XSS) vulnerability in AML Surety Eco up to 3.5 a ...) + TODO: check +CVE-2024-41631 (Buffer Overflow vulnerability in host-host NEUQ_board v.1.0 allows a r ...) + TODO: check +CVE-2024-41624 (Incorrect access control in Himalaya Xiaoya nano smart speaker rom_ver ...) + TODO: check +CVE-2024-41143 (Origin validation error vulnerability exists in SKYSEA Client View Ver ...) + TODO: check +CVE-2024-41139 (Incorrect privilege assignment vulnerability exists in SKYSEA Client V ...) + TODO: check +CVE-2024-40576 (Cross Site Scripting vulnerability in Best House Rental Management Sys ...) + TODO: check +CVE-2024-38529 (Admidio is a free, open source user management system for websites of ...) + TODO: check +CVE-2024-37906 (Admidio is a free, open source user management system for websites of ...) + TODO: check +CVE-2024-37859 (Cross Site Scripting vulnerability in Lost and Found Information Syste ...) + TODO: check +CVE-2024-37858 (SQL Injection vulnerability in Lost and Found Information System 1.0 a ...) + TODO: check +CVE-2024-37857 (SQL Injection vulnerability in Lost and Found Information System 1.0 a ...) + TODO: check +CVE-2024-37856 (Cross Site Scripting vulnerability in Lost and Found Information Syste ...) + TODO: check +CVE-2024-33365 (Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7cf2ac1d by security tracker role at 2024-07-29T08:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,24 +1,92 @@ -CVE-2024-41019 [fs/ntfs3: Validate ff offset] +CVE-2024-7202 (The query functionality of WinMatrix3 Web package from Simopro Technol ...) + TODO: check +CVE-2024-7201 (The login functionality of WinMatrix3 Web package from Simopro Technol ...) + TODO: check +CVE-2024-7190 (A vulnerability classified as critical was found in itsourcecode Socie ...) + TODO: check +CVE-2024-7189 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-7188 (A vulnerability was found in Bylancer Quicklancer 2.4. It has been rat ...) + TODO: check +CVE-2024-7187 (A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. I ...) + TODO: check +CVE-2024-7186 (A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. I ...) + TODO: check +CVE-2024-7185 (A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 an ...) + TODO: check +CVE-2024-7184 (A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B202011 ...) + TODO: check +CVE-2024-7183 (A vulnerability, which was classified as critical, was found in TOTOLI ...) + TODO: check +CVE-2024-7182 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-7181 (A vulnerability classified as critical was found in TOTOLINK A3600R 4. ...) + TODO: check +CVE-2024-7180 (A vulnerability classified as critical has been found in TOTOLINK A360 ...) + TODO: check +CVE-2024-7179 (A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. I ...) + TODO: check +CVE-2024-7178 (A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. I ...) + TODO: check +CVE-2024-7177 (A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. I ...) + TODO: check +CVE-2024-7176 (A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 an ...) + TODO: check +CVE-2024-7175 (A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B202011 ...) + TODO: check +CVE-2024-7174 (A vulnerability, which was classified as critical, was found in TOTOLI ...) + TODO: check +CVE-2024-7173 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-7172 (A vulnerability classified as critical was found in TOTOLINK A3600R 4. ...) + TODO: check +CVE-2024-7171 (A vulnerability classified as critical has been found in TOTOLINK A360 ...) + TODO: check +CVE-2024-7170 (A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been r ...) + TODO: check +CVE-2024-6487 (The Inline Related Posts WordPress plugin before 3.8.0 does not saniti ...) + TODO: check +CVE-2024-6366 (The User Profile Builder WordPress plugin before 3.11.8 does not have ...) + TODO: check +CVE-2024-6362 (The Ultimate Blocks WordPress plugin before 3.2.0 does not validate a ...) + TODO: check +CVE-2024-5883 (The Ultimate Classified Listings WordPress plugin before 1.3 does not ...) + TODO: check +CVE-2024-5882 (The Ultimate Classified Listings WordPress plugin before 1.3 does not ...) + TODO: check +CVE-2024-5670 (The web services of Softnext's products, Mail SQR Expert and Mail Arch ...) + TODO: check +CVE-2024-5285 (The wp-affiliate-platform WordPress plugin before 6.5.2 does not have ...) + TODO: check +CVE-2024-4483 (The Email Encoder WordPress plugin before 2.2.2 does not escape the W ...) + TODO: check +CVE-2024-41637 (RaspAP before 3.1.5 allows an attacker to escalate privileges: the www ...) + TODO: check +CVE-2024-37381 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-32671 (Heap-based Buffer Overflow vulnerability in Samsung Open Source Escarg ...) + TODO: check +CVE-2024-41019 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.9.12-1 NOTE: https://git.kernel.org/linus/50c47879650b4c97836a0086632b3a2e300b0f06 (6.11-rc1) -CVE-2024-41018 [fs/ntfs3: Add a check for attr_names and oatbl] +CVE-2024-41018 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.9.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/702d4930eb06dcfda85a2fa67e8a1a27bfa2a845 (6.11-rc1) -CVE-2024-41017 [jfs: don't walk off the end of ealist] +CVE-2024-41017 (In the Linux kernel, the following vulnerability has been resolved: j
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 275405b0 by security tracker role at 2024-07-28T20:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,35 @@ +CVE-2024-7169 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2024-7168 (A vulnerability was found in SourceCodester School Fees Payment System ...) + TODO: check +CVE-2024-7167 (A vulnerability was found in SourceCodester School Fees Payment System ...) + TODO: check +CVE-2024-7166 (A vulnerability was found in SourceCodester School Fees Payment System ...) + TODO: check +CVE-2024-7165 (A vulnerability was found in SourceCodester School Fees Payment System ...) + TODO: check +CVE-2024-7164 (A vulnerability has been found in SourceCodester School Fees Payment S ...) + TODO: check +CVE-2024-7163 (A vulnerability, which was classified as problematic, was found in Sea ...) + TODO: check +CVE-2024-7162 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-7161 (A vulnerability classified as problematic was found in SeaCMS 13.0. Af ...) + TODO: check +CVE-2024-7160 (A vulnerability classified as critical has been found in TOTOLINK A370 ...) + TODO: check +CVE-2024-7159 (A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. I ...) + TODO: check +CVE-2024-7158 (A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. I ...) + TODO: check +CVE-2024-7157 (A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. I ...) + TODO: check +CVE-2024-7156 (A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and ...) + TODO: check +CVE-2024-7155 (A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B202210 ...) + TODO: check +CVE-2024-7154 (A vulnerability, which was classified as problematic, was found in TOT ...) + TODO: check CVE-2024- [SPRT dissector crash] - wireshark 4.2.6-1 [bookworm] - wireshark (Minor issue) @@ -5777,6 +5809,7 @@ CVE-2024-32853 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain a CVE-2024-32852 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of ...) NOT-FOR-US: Dell CVE-2024-32230 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size- ...) + {DSA-5721-1 DSA-5712-1} - ffmpeg NOTE: https://trac.ffmpeg.org/ticket/10952 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/275405b0115b6963e48df305e59f83cfc95d1cd7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/275405b0115b6963e48df305e59f83cfc95d1cd7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 917f8b88 by security tracker role at 2024-07-28T08:11:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2024-7153 (A vulnerability classified as problematic has been found in Netgear WN ...) + TODO: check +CVE-2024-7152 (A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been rate ...) + TODO: check +CVE-2024-42055 (Cervantes through 0.5-alpha allows stored XSS.) + TODO: check +CVE-2024-42054 (Cervantes through 0.5-alpha accepts insecure file uploads.) + TODO: check +CVE-2024-42053 (The MSI installer for Splashtop Streamer for Windows before 3.6.0.0 us ...) + TODO: check +CVE-2024-42052 (The MSI installer for Splashtop Streamer for Windows before 3.5.8.0 us ...) + TODO: check +CVE-2024-42051 (The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 us ...) + TODO: check +CVE-2024-42050 (The MSI installer for Splashtop Streamer for Windows before 3.7.0.0 us ...) + TODO: check +CVE-2024-42049 (TightVNC (Server for Windows) before 2.8.84 allows attackers to connec ...) + TODO: check CVE-2024-7151 (A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been decl ...) NOT-FOR-US: Tenda CVE-2024-6897 (The aThemes Starter Sites plugin for WordPress is vulnerable to Stored ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/917f8b88d6d59a5f1370aa3332aaea38ca5fda1a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/917f8b88d6d59a5f1370aa3332aaea38ca5fda1a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 850f068d by security tracker role at 2024-07-27T20:11:47+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,23 @@ +CVE-2024-7151 (A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been decl ...) + TODO: check +CVE-2024-6897 (The aThemes Starter Sites plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-6703 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-6627 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-6569 (The Campaign Monitor for WordPress plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-6521 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-6520 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-6518 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-6458 (The WooCommerce Product Table Lite plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-5614 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...) + TODO: check CVE-2024-6661 (The ParityPress \u2013 Parity Pricing with Discount Rules plugin for W ...) NOT-FOR-US: WordPress plugin CVE-2024-6634 (The Master Currency WP plugin for WordPress is vulnerable to Stored Cr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/850f068d108d4211e4658de0167fdabc7eecdf48 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/850f068d108d4211e4658de0167fdabc7eecdf48 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b0d770c4 by security tracker role at 2024-07-27T08:12:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,59 @@ +CVE-2024-6661 (The ParityPress \u2013 Parity Pricing with Discount Rules plugin for W ...) + TODO: check +CVE-2024-6634 (The Master Currency WP plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-6591 (The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-6573 (The Intelligence plugin for WordPress is vulnerable to Full Path Discl ...) + TODO: check +CVE-2024-6566 (The Aramex Shipping WooCommerce plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-6549 (The Admin Post Navigation plugin for WordPress is vulnerable to Full P ...) + TODO: check +CVE-2024-6548 (The Add Admin JavaScript plugin for WordPress is vulnerable to Full Pa ...) + TODO: check +CVE-2024-6547 (The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disc ...) + TODO: check +CVE-2024-6546 (The One Click Close Comments plugin for WordPress is vulnerable to Ful ...) + TODO: check +CVE-2024-6545 (The Admin Trim Interface plugin for WordPress is vulnerable to Full Pa ...) + TODO: check +CVE-2024-6431 (The Media.net Ads Manager plugin for WordPress is vulnerable to arbitr ...) + TODO: check +CVE-2024-6152 (The Flipbox Builder plugin for WordPress is vulnerable to PHP Object I ...) + TODO: check +CVE-2024-5969 (The AIomatic - Automatic AI Content Writer for WordPress is vulnerable ...) + TODO: check +CVE-2024-4410 (The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-42029 (xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyp ...) + TODO: check +CVE-2024-41815 (Starship is a cross-shell prompt. Starting in version 1.0.0 and prior ...) + TODO: check +CVE-2024-41628 (Directory Traversal vulnerability in Severalnines Cluster Control 1.9. ...) + TODO: check +CVE-2024-41120 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-41119 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-41118 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-41117 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-41116 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-41115 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-41114 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-40433 (Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows a ...) + TODO: check +CVE-2024-37034 (An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 bef ...) + TODO: check +CVE-2024-1804 (The Tutor LMS \u2013 Migration Tool plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-1798 (The Tutor LMS \u2013 Migration Tool plugin for WordPress is vulnerable ...) + TODO: check CVE-2024-7128 (A flaw was found in the Openshift console. Several endpoints in the ap ...) NOT-FOR-US: Openshift CVE-2024-7062 (Nimble Commander suffers from a privilege escalation vulnerability due ...) @@ -375,7 +431,7 @@ CVE-2024-33519 (A vulnerability in the web-based management interface of HPE Aru NOT-FOR-US: HPE Aruba Networking EdgeConnect SD-WAN gateway CVE-2024-31977 (Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version ...) NOT-FOR-US: Adtran 834-5 -CVE-2024-31971 (Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran N ...) +CVE-2024-31971 (**UNSUPPORTED WHEN ASSIGNED** Multiple stored cross-site scripting (XS ...) NOT-FOR-US: AdTran NetVanta 3120 devices CVE-2024-31970 (AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixe ...) NOT-FOR-US: Adtran 834-5 devices @@ -38639,7 +38695,7 @@ CVE-2024-28131 (EasyRange Ver 1.41 contains an issue with the executable file se NOT-FOR-US: EasyRange CVE-2024-28126 (Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. ...) NOT-FOR-US: 0ch BBS Script -CVE-2024-28093 (The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is en ...) +CVE-2024-28093 (**UNSUPPORTED WHEN ASSIGNED** The TELNET service of AdTran NetVanta 31 ...) NOT-FOR-US: AdTran NetVanta devices CVE-2024-28048 (OS command injection vulnerability exists in ffBull ver.4.11, which ma
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5162cab5 by security tracker role at 2024-07-26T20:12:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,97 @@ +CVE-2024-7128 (A flaw was found in the Openshift console. Several endpoints in the ap ...) + TODO: check +CVE-2024-7062 (Nimble Commander suffers from a privilege escalation vulnerability due ...) + TODO: check +CVE-2024-7050 (Improper Authentication vulnerability in OpenText OpenText Directory S ...) + TODO: check +CVE-2024-6922 (Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Sid ...) + TODO: check +CVE-2024-4786 (An improper validation vulnerability was reported in the Lenovo Tab K1 ...) + TODO: check +CVE-2024-42007 (SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal ...) + TODO: check +CVE-2024-41813 (txtdot is an HTTP proxy that parses only text, links, and pictures fro ...) + TODO: check +CVE-2024-41812 (txtdot is an HTTP proxy that parses only text, links, and pictures fro ...) + TODO: check +CVE-2024-41807 + REJECTED +CVE-2024-41805 (Tracks, a Getting Things Done (GTD) web application, is vulnerable to ...) + TODO: check +CVE-2024-41692 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...) + TODO: check +CVE-2024-41691 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...) + TODO: check +CVE-2024-41690 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...) + TODO: check +CVE-2024-41689 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...) + TODO: check +CVE-2024-41688 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due la ...) + TODO: check +CVE-2024-41687 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...) + TODO: check +CVE-2024-41686 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...) + TODO: check +CVE-2024-41685 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...) + TODO: check +CVE-2024-41684 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...) + TODO: check +CVE-2024-41670 (In the module "PayPal Official" for PrestaShop 7+ releases prior to ve ...) + TODO: check +CVE-2024-41375 (ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/termi ...) + TODO: check +CVE-2024-41374 (ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/setti ...) + TODO: check +CVE-2024-41373 (ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-ve ...) + TODO: check +CVE-2024-41357 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin ...) + TODO: check +CVE-2024-41356 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\ ...) + TODO: check +CVE-2024-41355 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools ...) + TODO: check +CVE-2024-41354 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin ...) + TODO: check +CVE-2024-41353 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\ ...) + TODO: check +CVE-2024-41113 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-41112 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...) + TODO: check +CVE-2024-40689 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...) + TODO: check +CVE-2024-40117 (Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- ...) + TODO: check +CVE-2024-40116 (An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was d ...) + TODO: check +CVE-2024-39304 (ChurchCRM is an open-source church management system. Versions of the ...) + TODO: check +CVE-2024-38872 (Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below a ...) + TODO: check +CVE-2024-38871 (Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below a ...) + TODO: check +CVE-2024-38512 (A privilege escalation vulnerability was discovered in XCC that could ...) + TODO: check +CVE-2024-38511 (A privilege escalation vulnerability was discovered in an upload proce ...) + TODO: check +CVE-2024-38510 (A privilege escalation vulnerability was discovered in the SSH captive ...) + TODO: check +CVE-2024-38509 (A privilege escalation vulnerability was discovered in XCC that could ...) + TODO: check +CVE-2024-38508 (A privilege escalation vulnerability was discovered in the web interfa ...) + TODO: check +CVE-2024-27358 (An issue was discovered in WithSecure
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2ca57aaa by security tracker role at 2024-07-26T08:11:42+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,45 @@ +CVE-2024-7120 (A vulnerability, which was classified as critical, was found in Raisec ...) + TODO: check +CVE-2024-7119 (A vulnerability, which was classified as critical, has been found in M ...) + TODO: check +CVE-2024-7118 (A vulnerability classified as critical was found in MD-MAFUJUL-HASAN O ...) + TODO: check +CVE-2024-7117 (A vulnerability classified as critical has been found in MD-MAFUJUL-HA ...) + TODO: check +CVE-2024-7116 (A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Managemen ...) + TODO: check +CVE-2024-7115 (A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Managemen ...) + TODO: check +CVE-2024-7114 (A vulnerability was found in Tianchoy Blog up to 1.8.8. It has been cl ...) + TODO: check +CVE-2024-7106 (A vulnerability classified as problematic was found in Spina CMS 2.18. ...) + TODO: check +CVE-2024-7105 (A vulnerability classified as critical has been found in ForIP Tecnolo ...) + TODO: check +CVE-2024-6490 (During testing of the Master Slider WordPress plugin through 3.9.10, ...) + TODO: check +CVE-2024-4447 (In the System \u2192 Maintenance tool, the Logged Users tab surfaces s ...) + TODO: check +CVE-2024-41809 (OpenObserve is an open-source observability platform. Starting in vers ...) + TODO: check +CVE-2024-41808 (The OpenObserve open-source observability platform provides the abilit ...) + TODO: check +CVE-2024-41473 (Tenda FH1201 v1.2.0.14 was discovered to contain a command injection v ...) + TODO: check +CVE-2024-41468 (Tenda FH1201 v1.2.0.14 was discovered to contain a command injection v ...) + TODO: check +CVE-2024-40897 (Stack-based buffer overflow vulnerability exists in orcparse.c of ORC ...) + TODO: check +CVE-2024-3938 (The "reset password" login page accepted an HTML injection via URL par ...) + TODO: check +CVE-2024-38103 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) + TODO: check +CVE-2024-24623 (Softaculous Webuzo contains a command injection vulnerability in the F ...) + TODO: check +CVE-2024-24622 (Softaculous Webuzo contains a command injection in the password reset ...) + TODO: check +CVE-2024-24621 (Softaculous Webuzo contains an authentication bypass vulnerability thr ...) + TODO: check CVE-2024-35296 [Invalid Accept-Encoding can force forwarding requests] - trafficserver (bug #1077141) NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1 @@ -316,6 +358,7 @@ CVE-2024-4080 (A memory corruption issue due to an improper length check in LabV CVE-2024-4079 (An out of bounds read due to a missing bounds check in LabVIEW may dis ...) NOT-FOR-US: NI LabVIEW CVE-2024-4076 (Client queries that trigger serving stale data and that also require l ...) + {DSA-5734-1} - bind9 1:9.20.0-1 NOTE: https://kb.isc.org/docs/cve-2024-4076 CVE-2024-41839 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) @@ -347,9 +390,11 @@ CVE-2024-34128 (Adobe Experience Manager versions 6.5.20 and earlier are affecte CVE-2024-29070 (On versions before 2.1.4,session is not invalidated after logout. When ...) NOT-FOR-US: Apache StreamPark CVE-2024-1975 (If a server hosts a zone containing a "KEY" Resource Record, or a reso ...) + {DSA-5734-1} - bind9 1:9.20.0-1 NOTE: https://kb.isc.org/docs/cve-2024-1975 CVE-2024-1737 (Resolver caches and authoritative zone databases that hold significant ...) + {DSA-5734-1} - bind9 1:9.20.0-1 NOTE: https://kb.isc.org/docs/cve-2024-1737 NOTE: RRset limits in zones: https://kb.isc.org/docs/rrset-limits-in-zones @@ -3531,7 +3576,7 @@ CVE-2024-39071 (Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in se NOT-FOR-US: Fujian Kelixun CVE-2024-39069 (An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows ...) NOT-FOR-US: ifood Order Manager -CVE-2024-39031 (In Silverpeas Core <= 6.3.5, inside of mes agendas a user can create a ...) +CVE-2024-39031 (In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new eve ...) NOT-FOR-US: Silverpeas Core CVE-2024-38963 (Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS) via the ...) NOT-FOR-US: Nopcommerce @@ -62077,7 +62122,7 @@ CVE-2023-6710 (A flaw was found in the mod_proxy_cluster in the Apache server. T CVE-2023-5379 (A flaw was found in Undertow. When an AJP request is sent that exceeds ...) - undertow (bug #1059055) NOTE:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f39a872 by security tracker role at 2024-07-25T20:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,57 @@ +CVE-2024-7101 (A vulnerability, which was classified as critical, has been found in F ...) + TODO: check +CVE-2024-7007 (Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an ...) + TODO: check +CVE-2024-6589 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-6558 (HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable ...) + TODO: check +CVE-2024-41806 (The Open edX Platform is a learning management platform. Instructors c ...) + TODO: check +CVE-2024-41801 (OpenProject is open source project management software. Prior to versi ...) + TODO: check +CVE-2024-41800 (Craft is a content management system (CMS). Craft CMS 5 allows reuse o ...) + TODO: check +CVE-2024-40873 (There is a cross-site scripting vulnerability in the Secure Access adm ...) + TODO: check +CVE-2024-40872 (There is an elevation of privilege vulnerability in server and client ...) + TODO: check +CVE-2024-40324 (A CRLF injection vulnerability in E-Staff v5.1 allows attackers to ins ...) + TODO: check +CVE-2024-40318 (An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allo ...) + TODO: check +CVE-2024-39674 (Plaintext vulnerability in the Gallery search module. Impact: Successf ...) + TODO: check +CVE-2024-39673 (Vulnerability of serialisation/deserialisation mismatch in the iAware ...) + TODO: check +CVE-2024-39672 (Memory request logic vulnerability in the memory module. Impact: Succe ...) + TODO: check +CVE-2024-39671 (Access control vulnerability in the security verification module. Impa ...) + TODO: check +CVE-2024-39670 (Privilege escalation vulnerability in the account synchronisation modu ...) + TODO: check +CVE-2024-38289 (A boolean-based SQL injection issue in the Virtual Meeting Password (V ...) + TODO: check +CVE-2024-38288 (A command-injection issue in the Certificate Signing Request (CSR) fun ...) + TODO: check +CVE-2024-38287 (The password-reset mechanism in the Forgot Password functionality in R ...) + TODO: check +CVE-2024-37084 (In Spring Cloud Data Flow versions prior to 2.11.4,a malicious user wh ...) + TODO: check +CVE-2024-36542 (Insecure permissions in kuma v2.7.0 allows attackers to access sensiti ...) + TODO: check +CVE-2024-36111 (KubePi is a K8s panel. Starting in version 1.6.3 and prior to version ...) + TODO: check +CVE-2024-29069 (In snapd versions prior to 2.62, snapd failed to properly check the de ...) + TODO: check +CVE-2024-29068 (In snapd versions prior to 2.62, snapd failed to properly check the fi ...) + TODO: check +CVE-2024-28772 (IBM Security Directory Integrator 7.2.0 and IBM Security Verify Direct ...) + TODO: check +CVE-2024-1724 (In snapd versions prior to 2.62, when using AppArmor for enforcement o ...) + TODO: check +CVE-2023-7271 (Privilege escalation vulnerability in the NMS module Impact: Successfu ...) + TODO: check CVE-2024-7091 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) - gitlab CVE-2024-7081 (A vulnerability was found in itsourcecode Tailoring Management System ...) @@ -169394,8 +169448,8 @@ CVE-2022-32769 (Multiple authentication bypass vulnerabilities exist in the obje NOT-FOR-US: WWBN AVideo CVE-2022-32768 (Multiple authentication bypass vulnerabilities exist in the objects id ...) NOT-FOR-US: WWBN AVideo -CVE-2022-32759 - RESERVED +CVE-2022-32759 (IBM Security Directory Integrator 7.2.0 and IBM Security Verify Direct ...) + TODO: check CVE-2022-32758 RESERVED CVE-2022-32757 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequ ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f39a872bea62b0cbfa1b71bcc70e0a18e4a5729 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f39a872bea62b0cbfa1b71bcc70e0a18e4a5729 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f31a086 by security tracker role at 2024-07-25T08:11:45+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,45 @@ +CVE-2024-7091 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-7081 (A vulnerability was found in itsourcecode Tailoring Management System ...) + TODO: check +CVE-2024-7060 (An information disclosure vulnerability in GitLab CE/EE in project/gro ...) + TODO: check +CVE-2024-7057 (An information disclosure vulnerability in GitLab CE/EE affecting all ...) + TODO: check +CVE-2024-7047 (A cross site scripting vulnerability exists in GitLab CE/EE affecting ...) + TODO: check +CVE-2024-6972 (In affected versions of Octopus Server under certain circumstances it ...) + TODO: check +CVE-2024-5067 (An issue was discovered in GitLab EE affecting all versions starting f ...) + TODO: check +CVE-2024-4811 (In affected versions of Octopus Server under certain conditions, a use ...) + TODO: check +CVE-2024-41707 (An issue was discovered in Archer Platform 6 before 2024.06. Authentic ...) + TODO: check +CVE-2024-41706 (A stored XSS issue was discovered in Archer Platform 6 before version ...) + TODO: check +CVE-2024-41705 (A stored XSS issue was discovered in Archer Platform 6.8 before 2024.0 ...) + TODO: check +CVE-2024-41466 (Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-41465 (Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-41464 (Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-41463 (Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-41462 (Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-41461 (Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-41460 (Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-41459 (Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-41136 (An authenticated command injection vulnerability exists in the HPE Aru ...) + TODO: check +CVE-2024-0231 (A resource misdirection vulnerability in GitLab CE/EE versions 12.0 pr ...) + TODO: check CVE-2024-41091 - linux CVE-2024-41090 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f31a086efba2de9acc4f745ebaf8866d767d3b7 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f31a086efba2de9acc4f745ebaf8866d767d3b7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c75f5a34 by security tracker role at 2024-07-24T20:11:39+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,95 @@ +CVE-2024-7080 (A vulnerability was found in SourceCodester Insurance Management Syste ...) + TODO: check +CVE-2024-7079 (A flaw was found in the Openshift console. The /API/helm/verify endpoi ...) + TODO: check +CVE-2024-7069 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-7068 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2024-7067 (A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap u ...) + TODO: check +CVE-2024-7066 (A vulnerability was found in F-logic DataCube3 1.0. It has been declar ...) + TODO: check +CVE-2024-7065 (A vulnerability was found in Spina CMS up to 2.18.0. It has been class ...) + TODO: check +CVE-2024-6896 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is ...) + TODO: check +CVE-2024-6327 (In Progress\xae Telerik\xae Report Server versions prior to 2024 Q2 (1 ...) + TODO: check +CVE-2024-6096 (In Progress\xae Telerik\xae Reporting versions prior to 18.1.24.709, a ...) + TODO: check +CVE-2024-5818 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) + TODO: check +CVE-2024-41914 (A vulnerability in the web-based management interface of EdgeConnect S ...) + TODO: check +CVE-2024-41672 (DuckDB is a SQL database management system. In versions 1.0.0 and prio ...) + TODO: check +CVE-2024-41667 (OpenAM is an open access management solution. In versions 15.0.3 and p ...) + TODO: check +CVE-2024-41666 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + TODO: check +CVE-2024-41662 (VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerab ...) + TODO: check +CVE-2024-41551 (CampCodes Supplier Management System v1.0 is vulnerable to SQL injecti ...) + TODO: check +CVE-2024-41550 (CampCodes Supplier Management System v1.0 is vulnerable to SQL injecti ...) + TODO: check +CVE-2024-41135 (A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN ...) + TODO: check +CVE-2024-41134 (A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN ...) + TODO: check +CVE-2024-41133 (A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN ...) + TODO: check +CVE-2024-41110 (Moby is an open-source project created by Docker for software containe ...) + TODO: check +CVE-2024-40575 (An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7. ...) + TODO: check +CVE-2024-40495 (A vulnerability was discovered in Linksys Router E2500 with firmware 2 ...) + TODO: check +CVE-2024-40422 (The snapshot_path parameter in the /api/get-browser-snapshot endpoint ...) + TODO: check +CVE-2024-40137 (Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remo ...) + TODO: check +CVE-2024-3896 (The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for Word ...) + TODO: check +CVE-2024-39345 (AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH s ...) + TODO: check +CVE-2024-37533 (IBM InfoSphere Information Server 11.7 could disclose sensitive user i ...) + TODO: check +CVE-2024-36541 (Insecure permissions in logging-operator v4.6.0 allows attackers to ac ...) + TODO: check +CVE-2024-36540 (Insecure permissions in external-secrets v0.9.16 allows attackers to a ...) + TODO: check +CVE-2024-36539 (Insecure permissions in contour v1.28.3 allows attackers to access sen ...) + TODO: check +CVE-2024-36538 (Insecure permissions in chaos-mesh v2.6.3 allows attackers to access s ...) + TODO: check +CVE-2024-36537 (Insecure permissions in cert-manager v1.14.4 allows attackers to acces ...) + TODO: check +CVE-2024-36536 (Insecure permissions in fabedge v0.8.1 allows attackers to access sens ...) + TODO: check +CVE-2024-36535 (Insecure permissions in meshery v0.7.51 allows attackers to access sen ...) + TODO: check +CVE-2024-36534 (Insecure permissions in hwameistor v0.14.3 allows attackers to access ...) + TODO: check +CVE-2024-36533 (Insecure permissions in volcano v1.8.2 allows attackers to access sens ...) + TODO: check +CVE-2024-33519 (A vulnerability in the web-based management interface of HPE Aruba Net ...) + TODO: check +CVE-2024-31977 (Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version ...) + TODO: check +CVE-2024-31971 (Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran N ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9693d3f7 by security tracker role at 2024-07-24T08:11:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2024-7027 (The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to a ...) + TODO: check +CVE-2024-6930 (The WP Booking Calendar plugin for WordPress is vulnerable to Stored C ...) + TODO: check +CVE-2024-6836 (The Funnel Builder for WordPress by FunnelKit \u2013 Customize WooComm ...) + TODO: check +CVE-2024-6756 (The Social Auto Poster plugin for WordPress is vulnerable to arbitrary ...) + TODO: check +CVE-2024-6755 (The Social Auto Poster plugin for WordPress is vulnerable to unauthori ...) + TODO: check +CVE-2024-6754 (The Social Auto Poster plugin for WordPress is vulnerable to unauthori ...) + TODO: check +CVE-2024-6753 (The Social Auto Poster plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-6752 (The Social Auto Poster plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-6751 (The Social Auto Poster plugin for WordPress is vulnerable to Cross-Sit ...) + TODO: check +CVE-2024-6750 (The Social Auto Poster plugin for WordPress is vulnerable to unauthori ...) + TODO: check +CVE-2024-6629 (The All-in-One Video Gallery plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-6571 (The Optimize Images ALT Text (alt tag) & names for SEO using AI plugin ...) + TODO: check +CVE-2024-6553 (The WP Meteor Website Speed Optimization Addon plugin for WordPress is ...) + TODO: check +CVE-2024-6094 (The WP ULike WordPress plugin before 4.7.1 does not sanitise and esca ...) + TODO: check +CVE-2024-5861 (The WP EasyPay \u2013 Square for WordPress plugin for WordPress is vul ...) + TODO: check +CVE-2024-41656 (Sentry is an error tracking and performance monitoring platform. Start ...) + TODO: check +CVE-2024-3454 (An implementation issue in the Connectivity Standards Alliance Matter ...) + TODO: check +CVE-2024-3297 (An issue in the Certificate Authenticated Session Establishment (CASE) ...) + TODO: check +CVE-2024-3246 (The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site R ...) + TODO: check +CVE-2024-39676 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-38176 (An improper restriction of excessive authentication attempts in GroupM ...) + TODO: check +CVE-2024-38164 (An improper access control vulnerability in GroupMe allows an a unauth ...) + TODO: check +CVE-2024-0981 (Okta Browser Plugin versions 6.5.0 through 6.31.0 (Chrome/Edge/Firefox ...) + TODO: check +CVE-2023-48362 (XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greate ...) + TODO: check +CVE-2023-32471 (Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bou ...) + TODO: check +CVE-2023-32466 (Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bou ...) + TODO: check CVE-2024-7014 (EvilVideo vulnerability allows sending malicious apps disguised as vid ...) NOT-FOR-US: Telegram for Android CVE-2024-6783 (A vulnerability has been discovered in Vue, that allows an attacker to ...) @@ -5138,7 +5190,7 @@ CVE-2023-51776 (Improper privilege management in Jungo WinDriver before 12.1.0 a NOT-FOR-US: Jungo WinDriver CVE-2023-39324 REJECTED -CVE-2024-40767 +CVE-2024-40767 (In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1. ...) - nova (Incomplete fix/regression never introduced in Debian as fix for CVE-2024-32498 complete) CVE-2024-32498 (An issue was discovered in OpenStack Cinder through 24.0.0, Glance bef ...) - cinder (bug #1074763) @@ -7421,14 +7473,14 @@ CVE-2023-3352 (The Smush plugin for WordPress is vulnerable to unauthorized dele NOT-FOR-US: WordPress plugin CVE-2021-47621 (ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XX ...) NOT-FOR-US: ClassGraph -CVE-2024-6874 +CVE-2024-6874 (libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/ ...) - curl [bookworm] - curl (Vulnerable code introduced later) [bullseye] - curl (Vulnerable code introduced later) NOTE: https://curl.se/docs/CVE-2024-6874.html NOTE: Introduced in: https://github.com/curl/curl/commit/add22feeef07858307be5722e1869e082554290e (curl-8_8_0) NOTE: Fixed by: https://github.com/curl/curl/commit/686d54baf1df6e0775898f484d1670742898b3b2 (curl-8_9_0) -CVE-2024-6197 [freeing stack buffer in utf8asn1str] +CVE-2024-6197 (libcurl's ASN1 parser has this utf8asn1str() function used for parsing ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61b7067d by security tracker role at 2024-07-23T20:12:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,53 @@ +CVE-2024-7014 (EvilVideo vulnerability allows sending malicious apps disguised as vid ...) + TODO: check +CVE-2024-6783 (A vulnerability has been discovered in Vue, that allows an attacker to ...) + TODO: check +CVE-2024-6714 (An issue was discovered in provd before version 0.1.5 with a setuid bi ...) + TODO: check +CVE-2024-5602 (A stack-based buffer overflow vulnerability due to a missing bounds ch ...) + TODO: check +CVE-2024-4081 (A memory corruption issue due to an improper length check in NI LabVIE ...) + TODO: check +CVE-2024-4080 (A memory corruption issue due to an improper length check in LabVIEW t ...) + TODO: check +CVE-2024-4079 (An out of bounds read due to a missing bounds check in LabVIEW may dis ...) + TODO: check +CVE-2024-4076 (Client queries that trigger serving stale data and that also require l ...) + TODO: check +CVE-2024-41839 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-41836 (InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by ...) + TODO: check +CVE-2024-41668 (The cBioPortal for Cancer Genomics provides visualization, analysis, a ...) + TODO: check +CVE-2024-41665 (Ampache, a web based audio/video streaming application and file manage ...) + TODO: check +CVE-2024-41664 (Canarytokens help track activity and actions on a network. Prior to `s ...) + TODO: check +CVE-2024-41663 (Canarytokens help track activity and actions on a network. A Cross-Si ...) + TODO: check +CVE-2024-41661 (reNgine is an automated reconnaissance framework for web applications. ...) + TODO: check +CVE-2024-41655 (TF2 Item Format helps users format TF2 items to the community standard ...) + TODO: check +CVE-2024-41319 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a comm ...) + TODO: check +CVE-2024-41178 (Exposure of temporary credentials in logsin Apache Arrow Rust Object S ...) + TODO: check +CVE-2024-40060 (go-chart v2.1.1 was discovered to contain an infinite loop via the dra ...) + TODO: check +CVE-2024-39702 (In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string ha ...) + TODO: check +CVE-2024-34128 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-29070 (On versions before 2.1.4,session is not invalidated after logout. When ...) + TODO: check +CVE-2024-1975 (If a server hosts a zone containing a "KEY" Resource Record, or a reso ...) + TODO: check +CVE-2024-1737 (Resolver caches and authoritative zone databases that hold significant ...) + TODO: check +CVE-2024-0760 (A malicious client can send many DNS messages over TCP, potentially ca ...) + TODO: check CVE-2024-6913 (Execution with unnecessary privileges in PerkinElmer ProcessPlus allow ...) NOT-FOR-US: PerkinElmer ProcessPlus CVE-2024-6912 (Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Wind ...) @@ -326603,10 +326653,10 @@ CVE-2020-11642 (The local file inclusion vulnerability present in B SiteManage NOT-FOR-US: B SiteManager CVE-2020-11641 (A local file inclusion vulnerability in B SiteManager versions <9.2. ...) NOT-FOR-US: B GateManager -CVE-2020-11640 - RESERVED -CVE-2020-11639 - RESERVED +CVE-2020-11640 (AdvaBuild uses a command queue to launch certain operations. An attack ...) + TODO: check +CVE-2020-11639 (An attacker could exploit the vulnerability by injecting garbage data ...) + TODO: check CVE-2020-11638 RESERVED CVE-2020-11637 (A memory leak in the TFTP service in B Automation Runtime versions < ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61b7067d3a5a0e418f73ca09e08b3b1bbf64fdf9 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61b7067d3a5a0e418f73ca09e08b3b1bbf64fdf9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 44287a1b by security tracker role at 2024-07-23T08:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,39 @@ +CVE-2024-6913 (Execution with unnecessary privileges in PerkinElmer ProcessPlus allow ...) + TODO: check +CVE-2024-6912 (Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Wind ...) + TODO: check +CVE-2024-6911 (Files on the Windows system are accessible without authentication to e ...) + TODO: check +CVE-2024-6885 (The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles pl ...) + TODO: check +CVE-2024-6828 (The Redux Framework plugin for WordPress is vulnerable to unauthentica ...) + TODO: check +CVE-2024-6806 (The NI VeriStand Gateway is missing authorization checks when an actor ...) + TODO: check +CVE-2024-6805 (The NI VeriStand Gateway is missing authorization checks when an actor ...) + TODO: check +CVE-2024-6794 (A deserialization of untrusted data vulnerability exists in NI VeriSta ...) + TODO: check +CVE-2024-6793 (Adeserialization of untrusted datavulnerabilityexists in NI VeriStand ...) + TODO: check +CVE-2024-6791 (A directory path traversal vulnerability exists when loading a vsmodel ...) + TODO: check +CVE-2024-6717 (HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 arc ...) + TODO: check +CVE-2024-6420 (The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent ...) + TODO: check +CVE-2024-6231 (The Request a Quote WordPress plugin before 2.4.1 does not sanitise an ...) + TODO: check +CVE-2024-4260 (The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does ...) + TODO: check +CVE-2024-41012 (In the Linux kernel, the following vulnerability has been resolved: f ...) + TODO: check +CVE-2024-40502 (SQL injection vulnerability in Hospital Management System Project in A ...) + TODO: check +CVE-2024-24507 (Cross Site Scripting vulnerability in Act-On 2023 allows a remote atta ...) + TODO: check +CVE-2024-1575 (The improper privilege management vulnerability in the Zyxel WBE660S f ...) + TODO: check CVE-2024-6675 (A deserialization of untrusted data vulnerability exists in NI VeriSta ...) NOT-FOR-US: NI VeriStand CVE-2024-6638 (An integer overflow vulnerability due to improper input validation whe ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44287a1b2b692fff38201f1d7f60728762b01feb -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44287a1b2b692fff38201f1d7f60728762b01feb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 45c784c3 by security tracker role at 2024-07-22T20:11:45+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,211 @@ +CVE-2024-6675 (A deserialization of untrusted data vulnerability exists in NI VeriSta ...) + TODO: check +CVE-2024-6638 (An integer overflow vulnerability due to improper input validation whe ...) + TODO: check +CVE-2024-6542 (Improper neutralization of livestatus command delimiters in mknotifyd ...) + TODO: check +CVE-2024-6122 (An incorrect permission in the installation directory for the shared N ...) + TODO: check +CVE-2024-6121 (An out-of-date version of Redis shipped with NI SystemLink Server is s ...) + TODO: check +CVE-2024-41880 (In veilid-core in Veilid before 0.3.4, the protocol's ping function ca ...) + TODO: check +CVE-2024-41829 (In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space ...) + TODO: check +CVE-2024-41828 (In JetBrains TeamCity before 2024.07 comparison of authorization token ...) + TODO: check +CVE-2024-41827 (In JetBrains TeamCity before 2024.07 access tokens could continue work ...) + TODO: check +CVE-2024-41826 (In JetBrains TeamCity before 2024.07 stored XSS was possible on Show C ...) + TODO: check +CVE-2024-41825 (In JetBrains TeamCity before 2024.07 stored XSS was possible on the Co ...) + TODO: check +CVE-2024-41824 (In JetBrains TeamCity before 2024.07 parameters of the "password" type ...) + TODO: check +CVE-2024-41320 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a comm ...) + TODO: check +CVE-2024-41318 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a comm ...) + TODO: check +CVE-2024-41317 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a comm ...) + TODO: check +CVE-2024-41316 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a comm ...) + TODO: check +CVE-2024-41315 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a comm ...) + TODO: check +CVE-2024-41314 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a comm ...) + TODO: check +CVE-2024-41132 (ImageSharp is a 2D graphics API. A vulnerability discovered in the Ima ...) + TODO: check +CVE-2024-41131 (ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability ...) + TODO: check +CVE-2024-41130 (llama.cpp provides LLM inference in C/C++. Prior to b3427, llama.cpp c ...) + TODO: check +CVE-2024-41129 (The ops library is a Python framework for developing and testing Kuber ...) + TODO: check +CVE-2024-40634 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + TODO: check +CVE-2024-40075 (Laravel v11.x was discovered to contain an XML External Entity (XXE) v ...) + TODO: check +CVE-2024-40051 (IP Guard v4.81.0307.0 was discovered to contain an arbitrary file read ...) + TODO: check +CVE-2024-39902 (Tuleap is an open source suite to improve management of software devel ...) + TODO: check +CVE-2024-39688 (Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input su ...) + TODO: check +CVE-2024-39686 (Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input su ...) + TODO: check +CVE-2024-39685 (Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input su ...) + TODO: check +CVE-2024-39601 (A vulnerability has been identified in CPCI85 Central Processing/Commu ...) + TODO: check +CVE-2024-39250 (EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQ ...) + TODO: check +CVE-2024-38944 (An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a ...) + TODO: check +CVE-2024-38788 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-38773 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-38759 (Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search ...) + TODO: check +CVE-2024-38755 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-38730 (Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical ...) + TODO: check +CVE-2024-38728 (Server-Side Request Forgery (SSRF) vulnerability in Seraphinite Soluti ...) + TODO: check +CVE-2024-38723 (Server-Side Request Forgery (SSRF) vulnerability in Bernhard Kux JSON ...) + TODO: check +CVE-2024-38708 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-38701 (Authorization Bypass Through User-Controlled Key vulnerability in Acad
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 48097ea6 by security tracker role at 2024-07-22T08:11:37+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,105 @@ +CVE-2024-6970 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-6969 (A vulnerability was found in SourceCodester Clinics Patient Management ...) + TODO: check +CVE-2024-6968 (A vulnerability was found in SourceCodester Clinics Patient Management ...) + TODO: check +CVE-2024-6967 (A vulnerability was found in SourceCodester Employee and Visitor Gate ...) + TODO: check +CVE-2024-6966 (A vulnerability was found in itsourcecode Online Blood Bank Management ...) + TODO: check +CVE-2024-6965 (A vulnerability has been found in Tenda O3 1.0.0.10 and classified as ...) + TODO: check +CVE-2024-6964 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-6963 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-6962 (A vulnerability classified as critical was found in Tenda O3 1.0.0.10. ...) + TODO: check +CVE-2024-6961 (RAIL documents are an XML-based format invented by Guardrails AI to en ...) + TODO: check +CVE-2024-6960 (The H2O machine learning platform uses "Iced" classes as the primary m ...) + TODO: check +CVE-2024-6958 (A vulnerability classified as critical was found in itsourcecode Unive ...) + TODO: check +CVE-2024-6957 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-6956 (A vulnerability was found in itsourcecode University Management System ...) + TODO: check +CVE-2024-6955 (A vulnerability was found in SourceCodester Record Management System 1 ...) + TODO: check +CVE-2024-6954 (A vulnerability was found in SourceCodester Record Management System 1 ...) + TODO: check +CVE-2024-6953 (A vulnerability was found in itsourcecode Tailoring Management System ...) + TODO: check +CVE-2024-6952 (A vulnerability has been found in itsourcecode University Management S ...) + TODO: check +CVE-2024-6951 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-6950 (A vulnerability, which was classified as critical, has been found in P ...) + TODO: check +CVE-2024-6949 (A vulnerability classified as problematic was found in Gargaj wuhu up ...) + TODO: check +CVE-2024-6948 (A vulnerability classified as critical has been found in Gargaj wuhu u ...) + TODO: check +CVE-2024-6947 (A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been rate ...) + TODO: check +CVE-2024-6946 (A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been decl ...) + TODO: check +CVE-2024-6271 (The Community Events WordPress plugin before 1.5 does not have CSRF ch ...) + TODO: check +CVE-2024-6244 (The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CS ...) + TODO: check +CVE-2024-6243 (The HTML Forms WordPress plugin before 1.3.33 does not sanitize and e ...) + TODO: check +CVE-2024-5973 (The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 d ...) + TODO: check +CVE-2024-5529 (The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and ...) + TODO: check +CVE-2024-5004 (The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does ...) + TODO: check +CVE-2024-41709 (Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficien ...) + TODO: check +CVE-2024-41704 (LibreChat through 0.7.4-rc1 does not validate the normalized pathnames ...) + TODO: check +CVE-2024-41703 (LibreChat through 0.7.4-rc1 has incorrect access control for message u ...) + TODO: check +CVE-2024-40430 (In SFTPGO 2.6.2, the JWT implementation lacks cerrtain security measur ...) + TODO: check +CVE-2024-38786 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38785 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38784 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38782 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38781 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37485 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37480 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7fc6a0f3 by security tracker role at 2024-07-21T08:12:04+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,97 @@ +CVE-2024-6945 (A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been clas ...) + TODO: check +CVE-2024-6944 (A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and class ...) + TODO: check +CVE-2024-6943 (A vulnerability has been found in ZhongBangKeJi CRMEB up to 5.4.0 and ...) + TODO: check +CVE-2024-6942 (A vulnerability, which was classified as problematic, was found in Thi ...) + TODO: check +CVE-2024-6941 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-6940 (A vulnerability was found in DedeCMS 5.7.114. It has been classified a ...) + TODO: check +CVE-2024-6939 (A vulnerability was found in Xinhu RockOA 2.6.3 and classified as prob ...) + TODO: check +CVE-2024-6938 (A vulnerability has been found in SiYuan 3.1.0 and classified as probl ...) + TODO: check +CVE-2024-6937 (A vulnerability, which was classified as problematic, was found in for ...) + TODO: check +CVE-2024-6936 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-6935 (A vulnerability classified as problematic was found in formtools.org F ...) + TODO: check +CVE-2024-6934 (A vulnerability classified as problematic has been found in formtools. ...) + TODO: check +CVE-2024-6933 (A vulnerability was found in LimeSurvey 6.5.14-240624. It has been rat ...) + TODO: check +CVE-2024-6932 (A vulnerability was found in ClassCMS 4.5. It has been declared as pro ...) + TODO: check +CVE-2024-38438 (D-Link - CWE-294: Authentication Bypass by Capture-replay) + TODO: check +CVE-2024-38437 (D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Chan ...) + TODO: check +CVE-2024-38436 (Commugen SOX 365 \u2013CWE-79: Improper Neutralization of Input During ...) + TODO: check +CVE-2024-38435 (Unitronics Vision PLC \u2013CWE-703: Improper Check or Handling of Exc ...) + TODO: check +CVE-2024-38434 (Unitronics Vision PLC \u2013CWE-676: Use of Potentially Dangerous ...) + TODO: check +CVE-2024-37559 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37558 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37557 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37556 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37552 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37551 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37550 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37549 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37548 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37545 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37538 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37537 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37536 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37523 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37522 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37521 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37519 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37515 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37514 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37512 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37509 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37507 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e2907d9f by security tracker role at 2024-07-20T20:11:36+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2024-6848 (The Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Edit ...) + TODO: check +CVE-2024-6497 (The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-37959 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37958 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37957 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37956 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37955 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37954 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37953 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37951 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37950 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37949 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37948 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37947 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37946 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37944 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37943 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37936 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37922 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37920 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37919 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37918 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37565 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37563 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37562 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37561 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check CVE-2024-6694 (The WP Mail SMTP plugin for WordPress is vulnerable to information exp ...) TODO: check CVE-2024-6637 (The WooCommerce - Social Login plugin for WordPress is vulnerable to u ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2907d9f74da84b9ba747cf19024b281739a7dc3 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2907d9f74da84b9ba747cf19024b281739a7dc3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e4dc298b by security tracker role at 2024-07-20T08:12:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,115 @@ +CVE-2024-6694 (The WP Mail SMTP plugin for WordPress is vulnerable to information exp ...) + TODO: check +CVE-2024-6637 (The WooCommerce - Social Login plugin for WordPress is vulnerable to u ...) + TODO: check +CVE-2024-6636 (The WooCommerce - Social Login plugin for WordPress is vulnerable to u ...) + TODO: check +CVE-2024-6635 (The WooCommerce - Social Login plugin for WordPress is vulnerable to a ...) + TODO: check +CVE-2024-6560 (The Addonify \u2013 Quick View For WooCommerce plugin for WordPress is ...) + TODO: check +CVE-2024-6491 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-6489 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-6281 (A path traversal vulnerability exists in the `apply_settings` function ...) + TODO: check +CVE-2024-5804 (The Conditional Fields for Contact Form 7 plugin for WordPress is vuln ...) + TODO: check +CVE-2024-40348 (An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allow ...) + TODO: check +CVE-2024-40347 (A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresc ...) + TODO: check +CVE-2024-3934 (The Mercado Pago payments for WooCommerce plugin for WordPress is vuln ...) + TODO: check +CVE-2024-38767 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38758 (Server-Side Request Forgery (SSRF) vulnerability in WappPress Team Wap ...) + TODO: check +CVE-2024-38757 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38750 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38741 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38739 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38738 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38725 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38722 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38720 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38718 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38713 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38712 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38711 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38710 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38705 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38703 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38698 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38697 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38696 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38694 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38689 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38687 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38686 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38685 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38684 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38683 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38682 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-38681 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d737e8f by security tracker role at 2024-07-19T20:11:49+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,71 @@ +CVE-2024-6916 (A vulnerability in Zowe CLI allows local, privileged actors to display ...) + TODO: check +CVE-2024-6908 (Improper privilege management in Yugabyte Platform allows authenticate ...) + TODO: check +CVE-2024-6907 (A vulnerability was found in SourceCodester Record Management System 1 ...) + TODO: check +CVE-2024-6906 (A vulnerability was found in SourceCodester Record Management System 1 ...) + TODO: check +CVE-2024-6905 (A vulnerability has been found in SourceCodester Record Management Sys ...) + TODO: check +CVE-2024-6904 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-6895 (Insufficient authentication in user account management in Yugabyte Pla ...) + TODO: check +CVE-2024-5977 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...) + TODO: check +CVE-2024-41603 (Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forge ...) + TODO: check +CVE-2024-41602 (Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and bef ...) + TODO: check +CVE-2024-41601 (Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allow ...) + TODO: check +CVE-2024-41600 (Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and b ...) + TODO: check +CVE-2024-41599 (Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows ...) + TODO: check +CVE-2024-41597 (Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allo ...) + TODO: check +CVE-2024-41492 (A stack overflow in Tenda AX1806 v1.0.0.1 allows attackers to cause a ...) + TODO: check +CVE-2024-41281 (Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge ...) + TODO: check +CVE-2024-41172 (In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower vers ...) + TODO: check +CVE-2024-41124 (Puncia is the Official CLI utility for Subdomain Center & Exploit Obse ...) + TODO: check +CVE-2024-41122 (Woodpecker is a simple yet powerful CI/CD engine with great extensibil ...) + TODO: check +CVE-2024-41121 (Woodpecker is a simple yet powerful CI/CD engine with great extensibil ...) + TODO: check +CVE-2024-41107 (The CloudStack SAML authentication (disabled by default) does not enfo ...) + TODO: check +CVE-2024-40400 (An arbitrary file upload vulnerability in the image upload function of ...) + TODO: check +CVE-2024-39963 (AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Du ...) + TODO: check +CVE-2024-39962 (D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 w ...) + TODO: check +CVE-2024-39906 (A command injection vulnerability was found in the IndieAuth functiona ...) + TODO: check +CVE-2024-39457 (Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerabi ...) + TODO: check +CVE-2024-39123 (In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments functi ...) + TODO: check +CVE-2024-37066 (A command injection vulnerability exists in Wyze V4 Pro firmware versi ...) + TODO: check +CVE-2024-32007 (An improper input validation of thep2c parameter in the Apache CXF JOS ...) + TODO: check +CVE-2024-29736 (A SSRF vulnerability in WADL service description in versions of Apache ...) + TODO: check +CVE-2024-29080 (Potential vulnerabilities have been identified in the HP Display Contr ...) + TODO: check +CVE-2024-27489 (An issue in the DelFile() function of WMCMS v4.4 allows attackers to d ...) + TODO: check +CVE-2024-24970 (Potential vulnerabilities have been identified in the HP Display Contr ...) + TODO: check +CVE-2024-0006 (Information exposure in the logging system in Yugabyte Platform allows ...) + TODO: check CVE-2024-6903 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Record Management System CVE-2024-6902 (A vulnerability classified as critical was found in SourceCodester Rec ...) @@ -502,18 +570,24 @@ CVE-2024-21122 (Vulnerability in the PeopleSoft Enterprise HCM Shared Components CVE-2024-20996 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.38-1 CVE-2023-7013 (Inappropriate implementation in Compositing in Google Chrome prior to ...) + {DSA-5546-1} - chromium 119.0.6045.105-1 CVE-2023-7012 (Insufficient data validation in Permission Prompts in Google Chrome pr ...) + {DSA-5499-1} - chromium 117.0.5938.62-1
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 38cf2f91 by security tracker role at 2024-07-19T08:11:34+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,49 @@ +CVE-2024-6903 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-6902 (A vulnerability classified as critical was found in SourceCodester Rec ...) + TODO: check +CVE-2024-6901 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-6900 (A vulnerability was found in SourceCodester Record Management System 1 ...) + TODO: check +CVE-2024-6899 (A vulnerability was found in SourceCodester Record Management System 1 ...) + TODO: check +CVE-2024-6898 (A vulnerability was found in SourceCodester Record Management System 1 ...) + TODO: check +CVE-2024-6799 (The YITH Essential Kit for WooCommerce #1 plugin for WordPress is vuln ...) + TODO: check +CVE-2024-6455 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-6338 (The FV Flowplayer Video Player plugin for WordPress is vulnerable to t ...) + TODO: check +CVE-2024-6205 (The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not pro ...) + TODO: check +CVE-2024-5997 (The Duplica \u2013 Duplicate Posts, Pages, Custom Posts or Users plugi ...) + TODO: check +CVE-2024-5604 (The Bug Library WordPress plugin before 2.1.2 does not sanitise and es ...) + TODO: check +CVE-2024-4 (Sliver is an open source cross-platform adversary emulation/red team f ...) + TODO: check +CVE-2024-40724 (Heap-based buffer overflow vulnerability in Assimp versions prior to 5 ...) + TODO: check +CVE-2024-40642 (The netty incubator codec.bhttp is a java language binary http parser. ...) + TODO: check +CVE-2024-38156 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + TODO: check +CVE-2024-35199 (TorchServe is a flexible and easy-to-use tool for serving and scaling ...) + TODO: check +CVE-2024-35198 (TorchServe is a flexible and easy-to-use tool for serving and scaling ...) + TODO: check +CVE-2024-30130 (HCL Nomad server on Domino is vulnerable to the cache containing sensi ...) + TODO: check +CVE-2024-21583 (Versions of the package github.com/gitpod-io/gitpod/components/server/ ...) + TODO: check +CVE-2024-21527 (Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenber ...) + TODO: check +CVE-2023-7269 (The ArtPlacer Widget WordPress plugin before 2.21.2 does not have CSRF ...) + TODO: check +CVE-2023-7268 (The ArtPlacer Widget WordPress plugin before 2.21.2 does not have auth ...) + TODO: check CVE-2024-6504 (Rapid7 InsightVM Console versions below 6.6.260 suffer from a protecti ...) NOT-FOR-US: Rapid7 InsightVM Console CVE-2024-5625 (Improper Restriction of XML External Entity Reference vulnerability in ...) @@ -3301,7 +3347,7 @@ CVE-2024-6605 (Firefox Android allowed immediate interaction with permission pro - firefox (Only affects Firefox on Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6605 CVE-2024-6604 (Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thu ...) - {DSA-5727-1} + {DSA-5733-1 DSA-5727-1} - firefox 128.0-1 - firefox-esr 115.13.0esr-1 - thunderbird 1:115.13.0-1 @@ -3309,7 +3355,7 @@ CVE-2024-6604 (Memory safety bugs present in Firefox 127, Firefox ESR 115.12, an NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6604 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/#CVE-2024-6604 CVE-2024-6603 (In an out-of-memory scenario an allocation could fail but free would h ...) - {DSA-5727-1} + {DSA-5733-1 DSA-5727-1} - firefox 128.0-1 - firefox-esr 115.13.0esr-1 - thunderbird 1:115.13.0-1 @@ -3317,7 +3363,7 @@ CVE-2024-6603 (In an out-of-memory scenario an allocation could fail but free wo NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6603 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/#CVE-2024-6603 CVE-2024-6602 (A mismatch between allocator and deallocator could have lead to memory ...) - {DSA-5727-1} + {DSA-5733-1 DSA-5727-1} - firefox 128.0-1 - firefox-esr 115.13.0esr-1 - thunderbird 1:115.13.0-1 @@ -3326,7 +3372,7 @@ CVE-2024-6602 (A mismatch between allocator and deallocator could have lead to m NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/#CVE-2024-6602 TODO: check how its related to src:nss and if src:nss tracking is
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3d86f0e4 by security tracker role at 2024-07-18T20:11:55+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,67 @@ +CVE-2024-6504 (Rapid7 InsightVM Console versions below 6.6.260 suffer from a protecti ...) + TODO: check +CVE-2024-5625 (Improper Restriction of XML External Entity Reference vulnerability in ...) + TODO: check +CVE-2024-5620 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...) + TODO: check +CVE-2024-5619 (Authorization Bypass Through User-Controlled Key vulnerability in Pruv ...) + TODO: check +CVE-2024-5618 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) + TODO: check +CVE-2024- (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) + TODO: check +CVE-2024-5554 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) + TODO: check +CVE-2024-5321 (A security issue was discovered in Kubernetes clusters with Windows no ...) + TODO: check +CVE-2024-40648 (matrix-rust-sdk is an implementation of a Matrix client-server library ...) + TODO: check +CVE-2024-40647 (sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's ...) + TODO: check +CVE-2024-40644 (gitoxide An idiomatic, lean, fast & safe pure Rust implementation of G ...) + TODO: check +CVE-2024-40629 (JumpServer is an open-source Privileged Access Management (PAM) tool t ...) + TODO: check +CVE-2024-40628 (JumpServer is an open-source Privileged Access Management (PAM) tool t ...) + TODO: check +CVE-2024-3242 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to ar ...) + TODO: check +CVE-2024-39911 (1Panel is a web-based linux server management control panel. 1Panel co ...) + TODO: check +CVE-2024-39907 (1Panel is a web-based linux server management control panel. There are ...) + TODO: check +CVE-2024-39173 (calculator-boilerplate v1.0 was discovered to contain a remote code ex ...) + TODO: check +CVE-2024-39152 + REJECTED +CVE-2024-39090 (The PHPGurukul Online Shopping Portal Project version 2.0 contains a v ...) + TODO: check +CVE-2024-38806 (Failure to properly synchronize user's permissions in UAA in Cloud Fou ...) + TODO: check +CVE-2024-38302 (Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encrypti ...) + TODO: check +CVE-2024-34013 (Local privilege escalation due to OS command injection vulnerability. ...) + TODO: check +CVE-2024-30473 (Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulne ...) + TODO: check +CVE-2024-30126 (HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP he ...) + TODO: check +CVE-2024-30125 (HCL BigFix Compliance server can respond with an HTTP status of 500, i ...) + TODO: check +CVE-2024-29178 (On versions before 2.1.4, a user could log in and perform a template i ...) + TODO: check +CVE-2024-0857 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-50304 (IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vu ...) + TODO: check +CVE-2023-40704 (Philips Vue PACS uses default credentials for potentially critical fun ...) + TODO: check +CVE-2023-40539 (Philips Vue PACS does not require that users have strong passwords, wh ...) + TODO: check +CVE-2023-40223 (Philips Vue PACS does not properly assign, modify, track, or check act ...) + TODO: check +CVE-2023-40159 (A validated user not explicitly authorized to have access to certain s ...) + TODO: check CVE-2024-6705 (The RegLevel plugin for WordPress is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2024-6599 (The Meks Video Importer plugin for WordPress is vulnerable to unauthor ...) @@ -31,7 +95,7 @@ CVE-2024-39679 (Cooked is a recipe plugin for WordPress. The Cooked plugin for W NOT-FOR-US: WordPress plugin CVE-2024-39678 (Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerab ...) NOT-FOR-US: WordPress plugin -CVE-2024-29014 (Vulnerability in SonicWall NetExtender Windows (32 and 64-bit) client ...) +CVE-2024-29014 (Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) ...) NOT-FOR-US: SonicWall CVE-2023-6708 (The SVG Support plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin @@ -200,6 +264,7 @@ CVE-2024-5582 (The Schema & Structured Data for WP & AMP plugin for WordPress is CVE-2024-5566 (An improper privilege management vulnerability allowed users to migrat ...) NOT-FOR-US: GitHub Enterprise Server
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 44c8954c by security tracker role at 2024-07-18T08:11:35+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,38 @@ -CVE-2024-41011 [drm/amdkfd: don't allow mapping the MMIO HDP page with large pages] +CVE-2024-6705 (The RegLevel plugin for WordPress is vulnerable to Stored Cross-Site S ...) + TODO: check +CVE-2024-6599 (The Meks Video Importer plugin for WordPress is vulnerable to unauthor ...) + TODO: check +CVE-2024-6175 (The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for ...) + TODO: check +CVE-2024-6164 (The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Loc ...) + TODO: check +CVE-2024-5964 (The Zenon Lite theme for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-5726 (The Timeline Event History plugin for WordPress is vulnerable to PHP O ...) + TODO: check +CVE-2024-41184 (In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived th ...) + TODO: check +CVE-2024-40764 (Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allo ...) + TODO: check +CVE-2024-40492 (Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a ...) + TODO: check +CVE-2024-39682 (Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPre ...) + TODO: check +CVE-2024-39681 (Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPre ...) + TODO: check +CVE-2024-39680 (Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPre ...) + TODO: check +CVE-2024-39679 (Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPre ...) + TODO: check +CVE-2024-39678 (Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerab ...) + TODO: check +CVE-2024-29014 (Vulnerability in SonicWall NetExtender Windows (32 and 64-bit) client ...) + TODO: check +CVE-2023-6708 (The SVG Support plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2023-43971 (Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a remote ...) + TODO: check +CVE-2024-41011 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.8.11-1 [bookworm] - linux 6.1.94-1 NOTE: https://git.kernel.org/linus/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 (6.9) @@ -356,27 +390,35 @@ CVE-2024-41009 (In the Linux kernel, the following vulnerability has been resolv [bookworm] - linux 6.1.98-1 NOTE: https://git.kernel.org/linus/cfa1a2329a691ffd991fcf7248a57d752e712881 (6.10-rc6) CVE-2024-6779 (Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478 ...) + {DSA-5732-1} - chromium 126.0.6478.182-1 [bullseye] - chromium (see #1061268) CVE-2024-6778 (Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an a ...) + {DSA-5732-1} - chromium 126.0.6478.182-1 [bullseye] - chromium (see #1061268) CVE-2024-6777 (Use after free in Navigation in Google Chrome prior to 126.0.6478.182 ...) + {DSA-5732-1} - chromium 126.0.6478.182-1 [bullseye] - chromium (see #1061268) CVE-2024-6776 (Use after free in Audio in Google Chrome prior to 126.0.6478.182 allow ...) + {DSA-5732-1} - chromium 126.0.6478.182-1 [bullseye] - chromium (see #1061268) CVE-2024-6775 (Use after free in Media Stream in Google Chrome prior to 126.0.6478.18 ...) + {DSA-5732-1} - chromium 126.0.6478.182-1 [bullseye] - chromium (see #1061268) CVE-2024-6774 (Use after free in Screen Capture in Google Chrome prior to 126.0.6478. ...) + {DSA-5732-1} - chromium 126.0.6478.182-1 [bullseye] - chromium (see #1061268) CVE-2024-6773 (Inappropriate implementation in V8 in Google Chrome prior to 126.0.647 ...) + {DSA-5732-1} - chromium 126.0.6478.182-1 [bullseye] - chromium (see #1061268) CVE-2024-6772 (Inappropriate implementation in V8 in Google Chrome prior to 126.0.647 ...) + {DSA-5732-1} - chromium 126.0.6478.182-1 [bullseye] - chromium (see #1061268) CVE-2024-6621 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Au ...) @@ -185837,7 +185879,7 @@ CVE-2020-36518 (jackson-databind before 2.13.0 allows a Java StackOverflow excep {DSA-5283-1 DLA-3207-1 DLA-2990-1} - jackson-databind 2.13.2.2-1 (bug #1007109) NOTE: https://github.com/FasterXML/jackson-databind/issues/2816 -CVE-2018-25031 (Swagger UI before 4.1.3 could allow a remote attacker to conduct spoof ...) +CVE-2018-25031 (Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct ...) -
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 95fdbcd6 by security tracker role at 2024-07-17T20:11:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,121 @@ +CVE-2024-6834 (A vulnerability in APIML Spring Cloud Gateway which leverages user pri ...) + TODO: check +CVE-2024-6833 (A vulnerability in Zowe CLI allows local, privileged actors to store p ...) + TODO: check +CVE-2024-6830 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-6765 + REJECTED +CVE-2024-5471 (Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnera ...) + TODO: check +CVE-2024-40641 (Nuclei is a fast and customizable vulnerability scanner based on simpl ...) + TODO: check +CVE-2024-40640 (vodozemac is an open source implementation of Olm and Megolm in pure R ...) + TODO: check +CVE-2024-40639 + REJECTED +CVE-2024-40636 (Steeltoe is an open source project that provides a collection of libra ...) + TODO: check +CVE-2024-40633 (Sylius is an Open Source eCommerce Framework on Symfony. A security vu ...) + TODO: check +CVE-2024-40617 (Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 ( ...) + TODO: check +CVE-2024-40420 (A Server-Side Template Injection (SSTI) vulnerability in the edit them ...) + TODO: check +CVE-2024-40402 (A SQL injection vulnerability was found in 'ajax.php' of Sourcecodeste ...) + TODO: check +CVE-2024-40119 (Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmw ...) + TODO: check +CVE-2024-39126 (Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG do ...) + TODO: check +CVE-2024-39125 (Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Refere ...) + TODO: check +CVE-2024-39124 (In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.) + TODO: check +CVE-2024-38870 (Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpM ...) + TODO: check +CVE-2024-38447 (NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modi ...) + TODO: check +CVE-2024-38446 (NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a r ...) + TODO: check +CVE-2024-36491 (FutureNet NXR series, VXR series and WXR series provided by Century Sy ...) + TODO: check +CVE-2024-36475 (FutureNet NXR series, VXR series and WXR series provided by Century Sy ...) + TODO: check +CVE-2024-32981 (Silverstripe framework is the PHP framework forming the base for the S ...) + TODO: check +CVE-2024-31979 (Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes ...) + TODO: check +CVE-2024-31411 (Unrestricted Upload of File with dangerous type vulnerability in Apach ...) + TODO: check +CVE-2024-31070 (Initialization of a resource with an insecure default vulnerability in ...) + TODO: check +CVE-2024-30471 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apa ...) + TODO: check +CVE-2024-29885 (silverstripe/reports is an API for creating backend reports in the Sil ...) + TODO: check +CVE-2024-29737 (In streampark, the project module integrates Maven's compilation capab ...) + TODO: check +CVE-2024-29120 (In Streampark (version < 2.1.4), when a user logged in successfully, t ...) + TODO: check +CVE-2024-28993 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...) + TODO: check +CVE-2024-28992 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...) + TODO: check +CVE-2024-28796 (IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross- ...) + TODO: check +CVE-2024-28074 (It was discovered that a previous vulnerability was not completely fix ...) + TODO: check +CVE-2024-27311 (Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnera ...) + TODO: check +CVE-2024-23475 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...) + TODO: check +CVE-2024-23474 (The SolarWinds Access Rights Manager was found to be susceptible to an ...) + TODO: check +CVE-2024-23472 (SolarWinds Access Rights Manager (ARM) is susceptible to Directory Tra ...) + TODO: check +CVE-2024-23471 (The SolarWinds Access Rights Manager was found to be susceptible to a ...) + TODO: check +CVE-2024-23470 (The SolarWinds Access Rights Manager was found to be susceptible to a ...) + TODO: check +CVE-2024-23469 (SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code ...) + TODO: check +CVE-2024-23468 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...) + TODO: check +CVE-2024-23467 (The SolarWinds
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 39cb9062 by security tracker role at 2024-07-17T08:11:49+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,34 +1,258 @@ -CVE-2024-41010 [bpf: Fix too early release of tcx_entry] +CVE-2024-6808 (A vulnerability was found in itsourcecode Simple Task List 1.0. It has ...) + TODO: check +CVE-2024-6807 (A vulnerability was found in SourceCodester Student Study Center Desk ...) + TODO: check +CVE-2024-6803 (A vulnerability has been found in itsourcecode Document Management Sys ...) + TODO: check +CVE-2024-6802 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-6801 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-6669 (The AI ChatBot for WordPress \u2013 WPBot plugin for WordPress is vuln ...) + TODO: check +CVE-2024-6660 (The BookingPress \u2013 Appointment Booking Calendar Plugin and Online ...) + TODO: check +CVE-2024-6535 (A flaw was found in Skupper. When Skupper is initialized with the cons ...) + TODO: check +CVE-2024-6467 (The BookingPress \u2013 Appointment Booking Calendar Plugin and Online ...) + TODO: check +CVE-2024-6395 (An exposure of sensitive information vulnerability in GitHub Enterpris ...) + TODO: check +CVE-2024-6336 (A Security Misconfiguration vulnerability in GitHub Enterprise Server ...) + TODO: check +CVE-2024-6220 (The \u7b80\u6570\u91c7\u96c6\u5668 (Keydatas) plugin for WordPress is ...) + TODO: check +CVE-2024-6033 (The Event Manager, Events Calendar, Tickets, Registrations \u2013 Even ...) + TODO: check +CVE-2024-5817 (An Incorrect Authorization vulnerability was identified in GitHub Ente ...) + TODO: check +CVE-2024-5816 (An Incorrect Authorization vulnerability was identified in GitHub Ente ...) + TODO: check +CVE-2024-5815 (A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server ...) + TODO: check +CVE-2024-5795 (A Denial of Service vulnerability was identified in GitHub Enterprise ...) + TODO: check +CVE-2024-5703 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) + TODO: check +CVE-2024-5582 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...) + TODO: check +CVE-2024-5566 (An improper privilege management vulnerability allowed users to migrat ...) + TODO: check +CVE-2024-5500 (Inappropriate implementation in Sign-In in Google Chrome prior to 1.3. ...) + TODO: check +CVE-2024-5255 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5254 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5253 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5252 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5251 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-40637 (dbt enables data analysts and engineers to transform their data using ...) + TODO: check +CVE-2024-40536 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were discovere ...) + TODO: check +CVE-2024-40535 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered ...) + TODO: check +CVE-2024-3176 (Out of bounds write in SwiftShader in Google Chrome prior to 117.0.593 ...) + TODO: check +CVE-2024-3175 (Insufficient data validation in Extensions in Google Chrome prior to 1 ...) + TODO: check +CVE-2024-3174 (Inappropriate implementation in V8 in Google Chrome prior to 119.0.604 ...) + TODO: check +CVE-2024-3173 (Insufficient data validation in Updater in Google Chrome prior to 120. ...) + TODO: check +CVE-2024-3172 (Insufficient data validation in DevTools in Google Chrome prior to 121 ...) + TODO: check +CVE-2024-3171 (Use after free in Accessibility in Google Chrome prior to 122.0.6261.5 ...) + TODO: check +CVE-2024-3170 (Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allow ...) + TODO: check +CVE-2024-3169 (Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed ...) + TODO: check +CVE-2024-3168 (Use after free in DevTools in Google Chrome prior to 122.0.6261.57 all ...) + TODO: check +CVE-2024-39877 (Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability t ...) + TODO: check +CVE-2024-39863 (Apache Airflow versions before 2.9.3 have a vulnerability that allows ...) + TODO: check +CVE-2024-2884 (Out of bounds read in V8 in Google Chrome prior
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 668e0550 by security tracker role at 2024-07-16T20:11:42+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,381 +1,465 @@ -CVE-2023-52886 [USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()] +CVE-2024-6621 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Au ...) + TODO: check +CVE-2024-6579 (The Web and WooCommerce Addons for WPBakery Builder plugin for WordPre ...) + TODO: check +CVE-2024-6570 (The Glossary plugin for WordPress is vulnerable to Full Path Disclosur ...) + TODO: check +CVE-2024-6565 (The AForms \u2014 Form Builder for Price Calculator & Cost Estimation ...) + TODO: check +CVE-2024-6492 (Exposure of Sensitive Information in edge browser session proxy featur ...) + TODO: check +CVE-2024-6457 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...) + TODO: check +CVE-2024-6435 (A privilege escalation vulnerability exists in the affected products w ...) + TODO: check +CVE-2024-6326 (An exposure of sensitive information vulnerability exists in the Rockw ...) + TODO: check +CVE-2024-6325 (The v6.40 release of Rockwell Automation FactoryTalk\xae Policy Manage ...) + TODO: check +CVE-2024-6089 (An input validation vulnerability exists in the Rockwell Automation501 ...) + TODO: check +CVE-2024-5852 (The WordPress File Upload plugin for WordPress is vulnerable to Direct ...) + TODO: check +CVE-2024-40626 (Outline is an open source, collaborative document editor. A type confu ...) + TODO: check +CVE-2024-40516 (An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R ...) + TODO: check +CVE-2024-40515 (An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.4 ...) + TODO: check +CVE-2024-40505 (**UNSUPPORTED WHEN ASSIGNED** Directory Traversal vulnerability in D-L ...) + TODO: check +CVE-2024-40503 (An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to c ...) + TODO: check +CVE-2024-40456 (ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerabili ...) + TODO: check +CVE-2024-40455 (An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows atta ...) + TODO: check +CVE-2024-40425 (File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop ...) + TODO: check +CVE-2024-40394 (Simple Library Management System Project Using PHP/MySQL v1.0 was disc ...) + TODO: check +CVE-2024-40393 (Online Clinic Management System In PHP With Free Source code v1.0 was ...) + TODO: check +CVE-2024-40392 (SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/M ...) + TODO: check +CVE-2024-40322 (An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection ...) + TODO: check +CVE-2024-40130 (open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c.) + TODO: check +CVE-2024-40129 (Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context ...) + TODO: check +CVE-2024-3779 (Denial of service vulnerability present shortly after product installa ...) + TODO: check +CVE-2024-3587 (The Premium Portfolio Features for Phlox theme plugin for WordPress is ...) + TODO: check +CVE-2024-3232 (A formula injection vulnerability exists in Tenable Identity Exposure ...) + TODO: check +CVE-2024-39908 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some ...) + TODO: check +CVE-2024-39887 (An SQL Injection vulnerability in Apache Superset exists due to improp ...) + TODO: check +CVE-2024-39700 (JupyterLab extension template is a `copier` template for JupyterLab e ...) + TODO: check +CVE-2024-39036 (SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php.) + TODO: check +CVE-2024-35338 (Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password ...) + TODO: check +CVE-2024-33182 (Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buff ...) + TODO: check +CVE-2024-33181 (Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buff ...) + TODO: check +CVE-2024-33180 (Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buff ...) + TODO: check +CVE-2024-32861 (Under certain circumstances the Software House C\u25cfCURE 9000 Site S ...) + TODO: check +CVE-2024-2691 (The WP Event Manager \u2013 Events Calendar, Registrations, Sell Ticke ...) + TODO: check +CVE-2024-22442 (The vulnerability could be remotely exploited to bypass authentication ...) + TODO: check +CVE-2024-21686 (This High severity Stored XSS vulnerability was introduced in versions ...) + TODO: check +CVE-2024-1937
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 64a14189 by security tracker role at 2024-07-16T08:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,23 @@ +CVE-2024-6780 (Improper permission control in the mobile application (com.android.ser ...) + TODO: check +CVE-2024-6559 (The Backup, Restore and Migrate WordPress Sites With the XCloner Plugi ...) + TODO: check +CVE-2024-6557 (The SchedulePress \u2013 Auto Post & Publish, Auto Social Share, Sched ...) + TODO: check +CVE-2024-4780 (The Image Hover Effects \u2013 Elementor Addon plugin for WordPress is ...) + TODO: check +CVE-2024-4224 (An authenticated stored cross-site scripting (XSS) exists in the TP-Li ...) + TODO: check +CVE-2024-4143 (A potential security vulnerability has been identified in certain HP P ...) + TODO: check +CVE-2024-41008 (In the Linux kernel, the following vulnerability has been resolved: d ...) + TODO: check +CVE-2024-40632 (Linkerd is an open source, ultralight, security-first service mesh for ...) + TODO: check +CVE-2024-40524 (Directory Traversal vulnerability in xmind2testcase v.1.5 allows a rem ...) + TODO: check +CVE-2023-52290 (In streampark-console the list pages(e.g: application pages), users ca ...) + TODO: check CVE-2024-6746 (A vulnerability classified as problematic was found in NaiboWang EasyS ...) NOT-FOR-US: NaiboWang EasySpider CVE-2024-6745 (A vulnerability classified as critical has been found in code-projects ...) @@ -361,7 +381,7 @@ CVE-2024-39909 (KubeClarity is a tool for detection and management of Software B NOT-FOR-US: KubeClarity CVE-2024-39903 (Solara is a pure Python, React-style framework for scaling Jupyter and ...) NOT-FOR-US: Solara -CVE-2024-39340 (Securepoint UTM before 12.6.5 mishandles OTP codes.) +CVE-2024-39340 (A security vulnerability has been discovered in the handling of OTP ke ...) NOT-FOR-US: Securepoint CVE-2024-38736 (Unrestricted Upload of File with Dangerous Type vulnerability in Realt ...) NOT-FOR-US: WordPress plugin View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64a1418935c41a0b84210c2edc434eb8daca90ab -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64a1418935c41a0b84210c2edc434eb8daca90ab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f43b9903 by security tracker role at 2024-07-15T20:12:44+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,106 @@ -CVE-2024-41007 [tcp: avoid too many retransmit packets] +CVE-2024-6746 (A vulnerability classified as problematic was found in NaiboWang EasyS ...) + TODO: check +CVE-2024-6745 (A vulnerability classified as critical has been found in code-projects ...) + TODO: check +CVE-2024-6741 (Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag ...) + TODO: check +CVE-2024-6740 (Openfind's Mail2000 does not properly validate email atachments, allow ...) + TODO: check +CVE-2024-6721 + REJECTED +CVE-2024-6689 (Local Privilege Escalation in MSI-Installer in baramundi Management Ag ...) + TODO: check +CVE-2024-6398 (An information disclosure vulnerability in SWG in versions 12.x prior ...) + TODO: check +CVE-2024-5402 (Unquoted Search Path or Element vulnerability in ABB Mint Workbench. ...) + TODO: check +CVE-2024-40631 (Plate media is an open source, rich-text editor for React. Editors tha ...) + TODO: check +CVE-2024-40630 (OpenImageIO is a toolset for reading, writing, and manipulating image ...) + TODO: check +CVE-2024-40627 (Fastapi OPA is an opensource fastapi middleware which includes auth fl ...) + TODO: check +CVE-2024-40624 (TorrentPier is an open source BitTorrent Public/Private tracker engine ...) + TODO: check +CVE-2024-40560 (Tmall_demo before v2024.07.03 was discovered to contain a SQL injectio ...) + TODO: check +CVE-2024-40555 (Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upl ...) + TODO: check +CVE-2024-40554 (An access control issue in Tmall_demo v2024.07.03 allows attackers to ...) + TODO: check +CVE-2024-40553 (Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upl ...) + TODO: check +CVE-2024-40416 (A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C functi ...) + TODO: check +CVE-2024-40415 (A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function ...) + TODO: check +CVE-2024-40414 (A vulnerability in /goform/SetNetControlList in the sub_656BC function ...) + TODO: check +CVE-2024-39919 (@jmondi/url-to-png is an open source URL to PNG utility featuring para ...) + TODO: check +CVE-2024-39918 (@jmondi/url-to-png is an open source URL to PNG utility featuring para ...) + TODO: check +CVE-2024-39915 (Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Ic ...) + TODO: check +CVE-2024-39912 (web-auth/webauthn-lib is an open source set of PHP libraries and a Sym ...) + TODO: check +CVE-2024-39827 (Improper input validation in the installer for Zoom Workplace Desktop ...) + TODO: check +CVE-2024-39826 (Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for ...) + TODO: check +CVE-2024-39821 (Race condition in the installer for Zoom Workplace App for Windows and ...) + TODO: check +CVE-2024-39820 (Uncontrolled search path element in the installer for Zoom Workplace D ...) + TODO: check +CVE-2024-39819 (Improper privilege management in the installer for some Zoom Workplace ...) + TODO: check +CVE-2024-39767 (Mattermost Mobile Apps versions <=2.16.0 fail to validate that the pus ...) + TODO: check +CVE-2024-38496 (The vulnerability allows a malicious low-privileged PAM user to access ...) + TODO: check +CVE-2024-38495 (A specific authentication strategy allows a malicious attacker to lear ...) + TODO: check +CVE-2024-38494 (This vulnerability allows a high-privileged authenticated PAM user to ...) + TODO: check +CVE-2024-38493 (A reflected cross-site scripting (XSS) vulnerability exists in the PAM ...) + TODO: check +CVE-2024-38492 (This vulnerability allows an unauthenticated attacker to achieve remot ...) + TODO: check +CVE-2024-38491 (The vulnerability allows an unauthenticated attacker to read arbitrary ...) + TODO: check +CVE-2024-38360 (Discourse is an open source platform for community discussion. In affe ...) + TODO: check +CVE-2024-37386 (An issue was discovered in Stormshield Network Security (SNS) 4.0.0 th ...) + TODO: check +CVE-2024-37016 (Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypa ...) + TODO: check +CVE-2024-36458 (The vulnerability allows a malicious low-privileged PAM user to perfor ...) + TODO: check +CVE-2024-36457 (The vulnerability allows an attacker to bypass the authentication requ ...) + TODO: check +CVE-2024-36456 (This vulnerability allows an unauthenticated attacker to achieve remot ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ced1073 by security tracker role at 2024-07-15T08:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,73 @@ +CVE-2024-6744 (The SMTP Listener of Secure Email Gateway from Cellopoint does not pro ...) + TODO: check +CVE-2024-6743 (AguardNet's Space Management System does not properly validate user in ...) + TODO: check +CVE-2024-6742 (AguardNet Technology's Space Management System does not properly filte ...) + TODO: check +CVE-2024-6739 (The session cookie in MailGates and MailAudit from Openfind does not h ...) + TODO: check +CVE-2024-6738 (The tumbnail API of Tronclass from WisdomGarden lacks proper access co ...) + TODO: check +CVE-2024-6737 (The access control in the Electronic Official Document Management Syst ...) + TODO: check +CVE-2024-6736 (A vulnerability was found in SourceCodester Employee and Visitor Gate ...) + TODO: check +CVE-2024-6735 (A vulnerability was found in itsourcecode Tailoring Management System ...) + TODO: check +CVE-2024-6734 (A vulnerability was found in itsourcecode Tailoring Management System ...) + TODO: check +CVE-2024-6733 (A vulnerability was found in itsourcecode Tailoring Management System ...) + TODO: check +CVE-2024-6732 (A vulnerability classified as critical was found in SourceCodester Stu ...) + TODO: check +CVE-2024-6731 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-6540 (Improper filtering of fields when using the export function in the tic ...) + TODO: check +CVE-2024-6345 (A vulnerability in the package_index module of pypa/setuptools version ...) + TODO: check +CVE-2024-6289 (The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent r ...) + TODO: check +CVE-2024-6076 (The wp-cart-for-digital-products WordPress plugin before 8.5.5 does no ...) + TODO: check +CVE-2024-6075 (The wp-cart-for-digital-products WordPress plugin before 8.5.5 does no ...) + TODO: check +CVE-2024-6074 (The wp-cart-for-digital-products WordPress plugin before 8.5.5 does no ...) + TODO: check +CVE-2024-6073 (The wp-cart-for-digital-products WordPress plugin before 8.5.5 does no ...) + TODO: check +CVE-2024-6072 (The wp-cart-for-digital-products WordPress plugin before 8.5.5 does no ...) + TODO: check +CVE-2024-5630 (The Insert or Embed Articulate Content into WordPress plugin before 4. ...) + TODO: check +CVE-2024-39741 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allo ...) + TODO: check +CVE-2024-39740 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays v ...) + TODO: check +CVE-2024-39739 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnera ...) + TODO: check +CVE-2024-39737 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allo ...) + TODO: check +CVE-2024-39736 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnera ...) + TODO: check +CVE-2024-39735 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnera ...) + TODO: check +CVE-2024-39731 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weake ...) + TODO: check +CVE-2024-39729 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allo ...) + TODO: check +CVE-2024-39728 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnera ...) + TODO: check +CVE-2024-23794 (An incorrect privilege assignment vulnerability in the inline editing ...) + TODO: check +CVE-2024-21513 (Versions of the package langchain-experimental from 0.0.15 and before ...) + TODO: check +CVE-2023-49566 (In Apache Linkis <=1.5.0, due to the lack of effective filtering of pa ...) + TODO: check +CVE-2023-46801 (In Apache Linkis <= 1.5.0, data source management module, when adding ...) + TODO: check +CVE-2023-41916 (In Apache Linkis =1.4.0, due to the lack of effective filtering of par ...) + TODO: check CVE-2024-39734 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not s ...) NOT-FOR-US: IBM CVE-2024-39733 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores use ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ced1073f78367bdc157e424711298a83c17b7bf -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ced1073f78367bdc157e424711298a83c17b7bf You're receiving this email because of your account on salsa.debian.org. ___
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e6ec5151 by security tracker role at 2024-07-14T20:12:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2024-39734 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not s ...) + TODO: check +CVE-2024-39733 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores use ...) + TODO: check +CVE-2024-39732 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporaril ...) + TODO: check CVE-2024-6730 (A vulnerability was found in Nanjing Xingyuantu Technology SparkShop u ...) NOT-FOR-US: Nanjing Xingyuantu Technology SparkShop CVE-2024-6729 (A vulnerability was found in SourceCodester Kortex Lite Advocate Offic ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6ec51519c9bb85722d13aa5ab1cdd12dff4e401 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6ec51519c9bb85722d13aa5ab1cdd12dff4e401 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 08fd62f4 by security tracker role at 2024-07-14T08:11:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,10 @@ -CVE-2023-52885 [SUNRPC: Fix UAF in svc_tcp_listen_data_ready()] +CVE-2024-6730 (A vulnerability was found in Nanjing Xingyuantu Technology SparkShop u ...) + TODO: check +CVE-2024-6729 (A vulnerability was found in SourceCodester Kortex Lite Advocate Offic ...) + TODO: check +CVE-2024-6728 (A vulnerability was found in itsourcecode Tailoring Management System ...) + TODO: check +CVE-2023-52885 (In the Linux kernel, the following vulnerability has been resolved: S ...) - linux 6.4.4-1 [bookworm] - linux 6.1.52-1 [bullseye] - linux 5.10.191-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08fd62f4a8878c664267317ea0cf90773abed3c9 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08fd62f4a8878c664267317ea0cf90773abed3c9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e7ae4cec by security tracker role at 2024-07-13T20:12:01+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-6465 (The WP Links Page plugin for WordPress is vulnerable to unauthorized m ...) + TODO: check CVE-2024-6716 - tiff NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2297636 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ae4cece9ffe7507378d70f931f3a7565c270bc -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ae4cece9ffe7507378d70f931f3a7565c270bc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f41cc4b9 by security tracker role at 2024-07-13T08:12:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,101 @@ +CVE-2024-6574 (The Laposta plugin for WordPress is vulnerable to Full Path Disclosure ...) + TODO: check +CVE-2024-6070 (The If-So Dynamic Content Personalization WordPress plugin before 1.8. ...) + TODO: check +CVE-2024-5902 (The User Feedback \u2013 Create Interactive Feedback Form, User Survey ...) + TODO: check +CVE-2024-5744 (The wp-eMember WordPress plugin before 10.6.7 does not escape the $_SE ...) + TODO: check +CVE-2024-5715 (The wp-eMember WordPress plugin before 10.6.7 does not sanitise and es ...) + TODO: check +CVE-2024-5713 (The If-So Dynamic Content Personalization WordPress plugin before 1.8. ...) + TODO: check +CVE-2024-5644 (The Tournamatch WordPress plugin before 4.6.1 does not sanitise and es ...) + TODO: check +CVE-2024-5627 (The Tournamatch WordPress plugin before 4.6.1 does not sanitise and es ...) + TODO: check +CVE-2024-5575 (The Ditty WordPress plugin before 3.1.43 does not sanitise and escape ...) + TODO: check +CVE-2024-5472 (The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and ...) + TODO: check +CVE-2024-5450 (The Bug Library WordPress plugin before 2.1.1 does not check the file ...) + TODO: check +CVE-2024-5442 (The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.5 ...) + TODO: check +CVE-2024-5287 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not have ...) + TODO: check +CVE-2024-5286 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanit ...) + TODO: check +CVE-2024-5284 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not have ...) + TODO: check +CVE-2024-5283 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanit ...) + TODO: check +CVE-2024-5282 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanit ...) + TODO: check +CVE-2024-5281 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanit ...) + TODO: check +CVE-2024-5280 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not have ...) + TODO: check +CVE-2024-5167 (The CM Email Registration Blacklist and Whitelist WordPress plugin bef ...) + TODO: check +CVE-2024-5151 (The SULly WordPress plugin before 4.3.1 does not sanitise and escape s ...) + TODO: check +CVE-2024-5080 (The wp-eMember WordPress plugin before 10.6.6 does not validate files ...) + TODO: check +CVE-2024-5079 (The wp-eMember WordPress plugin before 10.6.7 does not sanitise and es ...) + TODO: check +CVE-2024-5077 (The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check ...) + TODO: check +CVE-2024-5076 (The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check ...) + TODO: check +CVE-2024-5075 (The wp-eMember WordPress plugin before 10.6.6 does not sanitise and es ...) + TODO: check +CVE-2024-5074 (The wp-eMember WordPress plugin before 10.6.6 does not sanitise and es ...) + TODO: check +CVE-2024-5034 (The SULly WordPress plugin before 4.3.1 does not have CSRF checks in s ...) + TODO: check +CVE-2024-5033 (The SULly WordPress plugin before 4.3.1 does not have CSRF check in so ...) + TODO: check +CVE-2024-5032 (The SULly WordPress plugin before 4.3.1 does not sanitise and escape a ...) + TODO: check +CVE-2024-5028 (The CM WordPress Search And Replace Plugin WordPress plugin before 1.3 ...) + TODO: check +CVE-2024-5002 (The User Submitted Posts WordPress plugin before 20240516 does not sa ...) + TODO: check +CVE-2024-4977 (The Index WP MySQL For Speed WordPress plugin before 1.4.18 does not s ...) + TODO: check +CVE-2024-4752 (The EventON WordPress plugin before 2.2.15 does not sanitise and escap ...) + TODO: check +CVE-2024-4602 (The Embed Peertube Playlist WordPress plugin before 1.10 does not sani ...) + TODO: check +CVE-2024-4272 (The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG f ...) + TODO: check +CVE-2024-4269 (The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG fil ...) + TODO: check +CVE-2024-4217 (The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not pro ...) + TODO: check +CVE-2024-3964 (The Product Enquiry for WooCommerce WordPress plugin before 3.1.8 does ...) + TODO: check +CVE-2024-3963 (The Giveaways and Contests by RafflePress WordPress plugin before 1.1 ...) + TODO: check +CVE-2024-3919 (The OpenPGP Form Encryption for WordPress plugin before 1.5.1 does not ...) + TODO: check +CVE-2024-3753
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 39dbeee4 by security tracker role at 2024-07-12T20:12:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,454 +1,570 @@ -CVE-2024-41006 [netrom: Fix a memory leak in nr_heartbeat_expiry()] +CVE-2024-6495 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-6353 (The Wallet for WooCommerce plugin for WordPress is vulnerable to SQL I ...) + TODO: check +CVE-2024-6328 (The MStore API \u2013 Create Native Android & iOS Apps On The Cloud pl ...) + TODO: check +CVE-2024-5325 (The Form Vibes plugin for WordPress is vulnerable to SQL Injection via ...) + TODO: check +CVE-2024-40690 (IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This ...) + TODO: check +CVE-2024-40552 (PublicCMS v4.0.202302.e was discovered to contain a remote commande ex ...) + TODO: check +CVE-2024-40551 (An arbitrary file upload vulnerability in the component /admin/cmsTemp ...) + TODO: check +CVE-2024-40550 (An arbitrary file upload vulnerability in the component /admin/cmsTemp ...) + TODO: check +CVE-2024-40549 (An arbitrary file upload vulnerability in the component /admin/cmsTemp ...) + TODO: check +CVE-2024-40548 (An arbitrary file upload vulnerability in the component /admin/cmsTemp ...) + TODO: check +CVE-2024-40547 (PublicCMS v4.0.202302.e was discovered to contain an arbitrary file co ...) + TODO: check +CVE-2024-40546 (An arbitrary file upload vulnerability in the component /admin/cmsWebF ...) + TODO: check +CVE-2024-40545 (An arbitrary file upload vulnerability in the component /admin/cmsWebF ...) + TODO: check +CVE-2024-40544 (PublicCMS v4.0.202302.e was discovered to contain a Server-Side Reques ...) + TODO: check +CVE-2024-40543 (PublicCMS v4.0.202302.e was discovered to contain a Server-Side Reques ...) + TODO: check +CVE-2024-40542 (my-springsecurity-plus before v2024.07.03 was discovered to contain a ...) + TODO: check +CVE-2024-40541 (my-springsecurity-plus before v2024.07.03 was discovered to contain a ...) + TODO: check +CVE-2024-40540 (my-springsecurity-plus before v2024.07.03 was discovered to contain a ...) + TODO: check +CVE-2024-40539 (my-springsecurity-plus before v2024.07.03 was discovered to contain a ...) + TODO: check +CVE-2024-40522 (There is a remote code execution vulnerability in SeaCMS 12.9. The vul ...) + TODO: check +CVE-2024-40521 (SeaCMS 12.9 has a remote code execution vulnerability. The vulnerabili ...) + TODO: check +CVE-2024-40520 (SeaCMS 12.9 has a remote code execution vulnerability. The vulnerabili ...) + TODO: check +CVE-2024-40519 (SeaCMS 12.9 has a remote code execution vulnerability. The vulnerabili ...) + TODO: check +CVE-2024-40518 (SeaCMS 12.9 has a remote code execution vulnerability. The vulnerabili ...) + TODO: check +CVE-2024-40110 (Sourcecodester Poultry Farm Management System v1.0 contains an Unauthe ...) + TODO: check +CVE-2024-39917 (xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have ...) + TODO: check +CVE-2024-39916 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...) + TODO: check +CVE-2024-39914 (FOG is a cloning/imaging/rescue suite/inventory management system. Pri ...) + TODO: check +CVE-2024-39909 (KubeClarity is a tool for detection and management of Software Bill Of ...) + TODO: check +CVE-2024-39903 (Solara is a pure Python, React-style framework for scaling Jupyter and ...) + TODO: check +CVE-2024-39340 (Securepoint UTM before 12.6.5 mishandles OTP codes.) + TODO: check +CVE-2024-38736 (Unrestricted Upload of File with Dangerous Type vulnerability in Realt ...) + TODO: check +CVE-2024-38735 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-38734 (Unrestricted Upload of File with Dangerous Type vulnerability in Sprea ...) + TODO: check +CVE-2024-38717 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-38716 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-38715 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-38709 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-38706 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-38704 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-38700 (Improper Neutralization of
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 56860f1f by security tracker role at 2024-07-12T08:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,43 @@ +CVE-2024-6677 (Privilege escalation in uberAgent) + TODO: check +CVE-2024-6625 (The WP Total Branding \u2013 Complete branding solution for WordPress ...) + TODO: check +CVE-2024-6588 (The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vu ...) + TODO: check +CVE-2024-6555 (The WP Popups \u2013 WordPress Popup builder plugin for WordPress is v ...) + TODO: check +CVE-2024-6468 (Vault and Vault Enterprise did not properly handle requests originatin ...) + TODO: check +CVE-2024-6396 (A vulnerability in the `_backup_run` function in aimhubio/aim version ...) + TODO: check +CVE-2024-6392 (The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress ...) + TODO: check +CVE-2024-6024 (The ContentLock WordPress plugin through 1.0.3 does not have CSRF chec ...) + TODO: check +CVE-2024-6023 (The ContentLock WordPress plugin through 1.0.3 does not have CSRF chec ...) + TODO: check +CVE-2024-6022 (The ContentLock WordPress plugin through 1.0.3 does not have CSRF chec ...) + TODO: check +CVE-2024-5811 (The Simple Video Directory WordPress plugin before 1.4.4 does not sani ...) + TODO: check +CVE-2024-5626 (The Inline Related Posts WordPress plugin before 3.7.0 does not saniti ...) + TODO: check +CVE-2024-4753 (The WP Secure Maintenance WordPress plugin before 1.7 does not sanitis ...) + TODO: check +CVE-2024-3112 (The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does n ...) + TODO: check +CVE-2024-36435 (An issue was discovered on Supermicro BMC firmware in select X11, X12, ...) + TODO: check +CVE-2024-2696 (The socialdriver-framework WordPress plugin before 2024.04.30 does not ...) + TODO: check +CVE-2024-2640 (The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and es ...) + TODO: check +CVE-2024-2430 (The Website Content in Page or Post WordPress plugin before 2024.04.09 ...) + TODO: check +CVE-2024-1375 (The Event post plugin for WordPress is vulnerable to unauthorized bulk ...) + TODO: check +CVE-2024-0974 (The Social Media Widget WordPress plugin before 4.0.9 does not sanitis ...) + TODO: check CVE-2024-6681 (A vulnerability, which was classified as critical, has been found in w ...) TODO: check CVE-2024-6680 (A vulnerability classified as critical was found in witmy my-springsec ...) @@ -345,7 +385,7 @@ CVE-2023-33859 (IBM Security QRadar EDR 3.12 could disclose sensitive informatio NOT-FOR-US: IBM CVE-2024-6550 (The Gravity Forms: Multiple Form Instances plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin -CVE-2024-6433 (Relative Path Traversal in GitHub repository stitionai/devika prior to ...) +CVE-2024-6433 (The application zips all the files in the folder specified by the user ...) NOT-FOR-US: stitionai/devika CVE-2024-6422 (An unauthenticated remote attacker can manipulate the device via Telne ...) NOT-FOR-US: Pepperl+Fuchs SE @@ -1358,7 +1398,7 @@ CVE-2024-5793 (The Houzez Theme - Functionality plugin for WordPress is vulnerab CVE-2024-5569 (A Denial of Service (DoS) vulnerability exists in the jaraco/zipp libr ...) - python-zipp 3.19.2-1 NOTE: https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd (v3.19.1) -CVE-2024-5549 (Origin Validation Error in GitHub repository stitionai/devika prior to ...) +CVE-2024-5549 (A CORS misconfiguration in the stitionai/devika repository allows atta ...) NOT-FOR-US: stitionai/devika CVE-2024-5488 (The SEOPress WordPress plugin before 7.9 does not properly protect so ...) NOT-FOR-US: WordPress plugin @@ -1571,7 +1611,7 @@ CVE-2023-34435 (A firmware update vulnerability exists in the boa formUpload fun NOT-FOR-US: Realtek rtl819x Jungle SDK CVE-2024-6539 (A vulnerability classified as problematic has been found in heyewei Sp ...) NOT-FOR-US: heyewei SpringBootCMS -CVE-2024-5711 (Cross-site Scripting (XSS) - Stored in GitHub repository stitionai/dev ...) +CVE-2024-5711 (A stored Cross-Site Scripting (XSS) vulnerability exists in the stitio ...) NOT-FOR-US: stitionai/devika CVE-2024-39723 (IBM FlashSystem 5300 USB ports may be usable even if the port has been ...) NOT-FOR-US: IBM @@ -1933,9 +1973,9 @@ CVE-2024-6126 (A flaw was found in the cockpit package. This flaw allows an auth NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2290859 CVE-2024-6052 (Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and ...) - check-mk -CVE-2024-5887
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: be06487e by security tracker role at 2024-07-11T20:12:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,107 @@ +CVE-2024-6681 (A vulnerability, which was classified as critical, has been found in w ...) + TODO: check +CVE-2024-6680 (A vulnerability classified as critical was found in witmy my-springsec ...) + TODO: check +CVE-2024-6679 (A vulnerability classified as critical has been found in witmy my-spri ...) + TODO: check +CVE-2024-6643 + REJECTED +CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes users to ...) + TODO: check +CVE-2024-6528 (CWE-79: Improper Neutralization of Input During Web Page Generation (' ...) + TODO: check +CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that could e ...) + TODO: check +CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes users to ...) + TODO: check +CVE-2024-6407 (CWE-200: Information Exposure vulnerability exists that could cause di ...) + TODO: check +CVE-2024-6035 (A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbia ...) + TODO: check +CVE-2024-5681 (CWE-20: Improper Input Validation vulnerability exists that could caus ...) + TODO: check +CVE-2024-5680 (CWE-129: Improper Validation of Array Index vulnerability exists that ...) + TODO: check +CVE-2024-5679 (CWE-787: Out-of-Bounds Write vulnerability exists that could cause loc ...) + TODO: check +CVE-2024-39905 (Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3r ...) + TODO: check +CVE-2024-39904 (VNote is a note-taking platform. Prior to 3.18.1, a code execution vul ...) + TODO: check +CVE-2024-39553 (An Exposure of Resource to Wrong Sphere vulnerability in the sampling ...) + TODO: check +CVE-2024-39552 (An Improper Handling of Exceptional Conditions vulnerability in the ro ...) + TODO: check +CVE-2024-39551 (An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (A ...) + TODO: check +CVE-2024-39550 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + TODO: check +CVE-2024-39549 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + TODO: check +CVE-2024-39548 (An Uncontrolled Resource Consumption vulnerability in the aftmand proc ...) + TODO: check +CVE-2024-39546 (A Missing Authorization vulnerability in the Socket Intercept (SI) com ...) + TODO: check +CVE-2024-39545 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + TODO: check +CVE-2024-39543 (A Buffer Copy without Checking Size of Inputvulnerability in the routi ...) + TODO: check +CVE-2024-39542 (An Improper Validation of Syntactic Correctness of Input vulnerability ...) + TODO: check +CVE-2024-39541 (An Improper Handling of Exceptional Conditions vulnerability in the Ro ...) + TODO: check +CVE-2024-39540 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + TODO: check +CVE-2024-39539 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + TODO: check +CVE-2024-39538 (A Buffer Copy without Checking Size of Input vulnerability in the PFE ...) + TODO: check +CVE-2024-39537 (An Improper Restriction of Communication Channel to Intended Endpoints ...) + TODO: check +CVE-2024-39536 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + TODO: check +CVE-2024-39535 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + TODO: check +CVE-2024-39533 (An Unimplemented or Unsupported Feature in the UI vulnerability in Jun ...) + TODO: check +CVE-2024-39532 (AnInsertion of Sensitive Information into Log File vulnerability in Ju ...) + TODO: check +CVE-2024-39531 (An Improper Handling of Values vulnerability in the Packet Forwarding ...) + TODO: check +CVE-2024-39530 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + TODO: check +CVE-2024-39529 (A Use of Externally-Controlled Format String vulnerability in the Pack ...) + TODO: check +CVE-2024-39528 (A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of ...) + TODO: check +CVE-2024-39524 (An Improper Neutralization of Special Elements vulnerability in Junipe ...) + TODO: check +CVE-2024-39523 (An Improper Neutralization of Special Elements vulnerability in Junipe ...) + TODO: check +CVE-2024-39522 (An Improper Neutralization of Special Elements vulnerability in Junipe ...) + TODO: check +CVE-2024-39521 (An Improper Neutralization of Special Elements
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b43ad738 by security tracker role at 2024-07-11T08:11:37+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,14 +1,122 @@ +CVE-2024-6676 (A vulnerability has been found in witmy my-springsecurity-plus up to 2 ...) + TODO: check +CVE-2024- (The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ...) + TODO: check +CVE-2024-6664 + REJECTED +CVE-2024-6663 + REJECTED +CVE-2024-6653 (A vulnerability was found in code-projects Simple Task List 1.0. It ha ...) + TODO: check +CVE-2024-6652 (A vulnerability was found in itsourcecode Gym Management System 1.0. I ...) + TODO: check +CVE-2024-6650 (A vulnerability was found in SourceCodester Employee and Visitor Gate ...) + TODO: check +CVE-2024-6624 (The JSON API User plugin for WordPress is vulnerable to privilege esca ...) + TODO: check +CVE-2024-6554 (The Branda \u2013 White Label WordPress, Custom Login Page Customizer ...) + TODO: check +CVE-2024-6447 (The FULL \u2013 Cliente plugin for WordPress is vulnerable to Stored C ...) + TODO: check +CVE-2024-6397 (The InstaWP Connect \u2013 1-click WP Staging & Migration plugin for W ...) + TODO: check +CVE-2024-6286 (Local Privilege escalation allows a low-privileged user to gain SYSTEM ...) + TODO: check +CVE-2024-6256 (The Feeds for YouTube (YouTube video, channel, and gallery plugin) plu ...) + TODO: check +CVE-2024-6236 (Denial of Service inNetScaler Console (formerly NetScaler ADM), NetS ...) + TODO: check +CVE-2024-6210 (The Duplicator plugin for WordPress is vulnerable to information expos ...) + TODO: check +CVE-2024-6151 (Local Privilege escalation allows a low-privileged user to gain SYSTEM ...) + TODO: check +CVE-2024-6150 (A non-admin user can cause short-term disruption in Target VM availabi ...) + TODO: check +CVE-2024-6149 (Redirection of users to a vulnerable URL inCitrix Workspace app for HT ...) + TODO: check +CVE-2024-6148 (Bypass of GACS Policy Configuration settings in Citrix Workspace app f ...) + TODO: check +CVE-2024-6138 (The Secure Copy Content Protection and Content Locking WordPress plugi ...) + TODO: check +CVE-2024-6037 (A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows ...) + TODO: check +CVE-2024-6036 (A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows ...) + TODO: check +CVE-2024-6026 (The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise ...) + TODO: check +CVE-2024-6025 (The Quiz and Survey Master (QSM) WordPress plugin before 9.0.5 does n ...) + TODO: check +CVE-2024-5444 (The Bible Text WordPress plugin through 0.2 does not validate and esca ...) + TODO: check +CVE-2024-4655 (The Ultimate Blocks WordPress plugin before 3.1.9 does not validate a ...) + TODO: check +CVE-2024-40618 (Whale browser before 3.26.244.21 allows an attacker to execute malicio ...) + TODO: check +CVE-2024-39565 (An Improper Neutralization of Data within XPath Expressions ('XPath In ...) + TODO: check +CVE-2024-39562 (A Missing Release of Resource after Effective Lifetime vulnerability t ...) + TODO: check +CVE-2024-39561 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + TODO: check +CVE-2024-39560 (An Improper Handling of Exceptional Conditions vulnerability in the ro ...) + TODO: check +CVE-2024-39559 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + TODO: check +CVE-2024-39558 (An Unchecked Return Value vulnerability in the Routing Protocol Daemon ...) + TODO: check +CVE-2024-39557 (An Uncontrolled Resource Consumption vulnerability in the Layer 2 Ad ...) + TODO: check +CVE-2024-39556 (A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos ...) + TODO: check +CVE-2024-39555 (An Improper Handling of Exceptional Conditions vulnerability in the Ro ...) + TODO: check +CVE-2024-39554 (A Concurrent Execution using Shared Resource with Improper Synchroniza ...) + TODO: check +CVE-2024-39518 (A Heap-based Buffer Overflow vulnerability in the telemetry sensor pro ...) + TODO: check +CVE-2024-39517 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + TODO: check +CVE-2024-39514 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) + TODO: check +CVE-2024-39513 (An Improper Input Validation vulnerability in the Packet Forwarding En ...) + TODO: check +CVE-2024-39512 (An Improper Physical Access Control vulnerability in the console port ...) + TODO: check +CVE-2024-39511 (An Improper Input Validation
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 35c4e614 by security tracker role at 2024-07-10T20:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,113 @@ +CVE-2024-6649 (A vulnerability has been found in SourceCodester Employee and Visitor ...) + TODO: check +CVE-2024-6647 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) + TODO: check +CVE-2024-6646 (A vulnerability was found in Netgear WN604 up to 20240710. It has been ...) + TODO: check +CVE-2024-6645 (A vulnerability was found in WuKongOpenSource Wukong_nocode up to 2023 ...) + TODO: check +CVE-2024-6644 (A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been c ...) + TODO: check +CVE-2024-6642 + REJECTED +CVE-2024-6630 + REJECTED +CVE-2024-6556 (The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plug ...) + TODO: check +CVE-2024-6235 (Sensitive information disclosureinNetScaler Console) + TODO: check +CVE-2024-5913 (An improper input validation vulnerability in Palo Alto Networks PAN-O ...) + TODO: check +CVE-2024-5912 (An improper file signature check in Palo Alto Networks Cortex XDR agen ...) + TODO: check +CVE-2024-5911 (An arbitrary file upload vulnerability in Palo Alto Networks Panorama ...) + TODO: check +CVE-2024-5910 (Missing authentication for a critical function in Palo Alto Networks E ...) + TODO: check +CVE-2024-5492 (Open redirect vulnerability allows a remote unauthenticated attacker t ...) + TODO: check +CVE-2024-5491 (Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler) + TODO: check +CVE-2024-5217 (ServiceNow has addressed an input validation vulnerability that was id ...) + TODO: check +CVE-2024-5178 (ServiceNow has addressed a sensitive file read vulnerability that was ...) + TODO: check +CVE-2024-4879 (ServiceNow has addressed an input validation vulnerability that was id ...) + TODO: check +CVE-2024-40417 (A vulnerability was found in Tenda AX1806 1.0.0.1. Affected by this is ...) + TODO: check +CVE-2024-40412 (Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceLi ...) + TODO: check +CVE-2024-40336 (idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'I ...) + TODO: check +CVE-2024-40334 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-40333 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-40332 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-40331 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-40329 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-40328 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-3799 (Insecure handling of POST header parameter bodyincluded in requests be ...) + TODO: check +CVE-2024-3798 (Insecure handling of GET header parameter fileincluded in requests bei ...) + TODO: check +CVE-2024-3325 (Vulnerability in Jaspersoft JasperReport Servers.This issue affects Ja ...) + TODO: check +CVE-2024-39693 (Next.js is a React framework. A Denial of Service (DoS) condition was ...) + TODO: check +CVE-2024-38354 (CodiMD allows realtime collaborative markdown notes on all platforms. ...) + TODO: check +CVE-2024-38353 (CodiMD allows realtime collaborative markdown notes on all platforms. ...) + TODO: check +CVE-2024-37770 (14Finger v1.1 was discovered to contain a remote command execution (RC ...) + TODO: check +CVE-2024-37504 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-37498 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-37310 (EVerest is an EV charging software stack. An integer overflow in the " ...) + TODO: check +CVE-2024-37270 (Insertion of Sensitive Information into Log File vulnerability in Trus ...) + TODO: check +CVE-2024-37205 (Insertion of Sensitive Information into Log File vulnerability in SERV ...) + TODO: check +CVE-2024-37149 (GLPI is an open-source asset and IT management software package that p ...) + TODO: check +CVE-2024-37148 (GLPI is an open-source asset and IT management software package that p ...) + TODO: check +CVE-2024-37147 (GLPI is an open-source asset and IT management software package that p ...) + TODO: check +CVE-2024-37115 (Exposure of Sensitive Information to an Unauthorized
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6bbc9a94 by security tracker role at 2024-07-10T08:11:43+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,26 +1,210 @@ -CVE-2024-39493 [crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak] +CVE-2024-6550 (The Gravity Forms: Multiple Form Instances plugin for WordPress is vul ...) + TODO: check +CVE-2024-6433 (Relative Path Traversal in GitHub repository stitionai/devika prior to ...) + TODO: check +CVE-2024-6422 (An unauthenticated remote attacker can manipulate the device via Telne ...) + TODO: check +CVE-2024-6421 (An unauthenticated remote attacker can read out sensitive device infor ...) + TODO: check +CVE-2024-6411 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...) + TODO: check +CVE-2024-6410 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...) + TODO: check +CVE-2024-5792 (The Houzez CRM plugin for WordPress is vulnerable to time-based SQL In ...) + TODO: check +CVE-2024-5677 (The Featured Image Generator plugin for WordPress is vulnerable to una ...) + TODO: check +CVE-2024-5664 (The MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by So ...) + TODO: check +CVE-2024-4866 (The UltraAddons \u2013 Elementor Addons (Header Footer Builder, Custom ...) + TODO: check +CVE-2024-39927 (Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. I ...) + TODO: check +CVE-2024-39901 (OpenSearch Observability is collection of plugins and applications tha ...) + TODO: check +CVE-2024-39900 (OpenSearch Dashboards Reports allows \u2018Report Owner\u2019 export a ...) + TODO: check +CVE-2024-39886 (TONE store App version 3.4.2 and earlier contains an issue with unprot ...) + TODO: check +CVE-2024-39883 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of ...) + TODO: check +CVE-2024-39882 (Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied ...) + TODO: check +CVE-2024-39881 (Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied ...) + TODO: check +CVE-2024-39880 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of ...) + TODO: check +CVE-2024-39614 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...) + TODO: check +CVE-2024-39330 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...) + TODO: check +CVE-2024-39329 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...) + TODO: check +CVE-2024-39181 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered ...) + TODO: check +CVE-2024-39072 (AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 is vulnera ...) + TODO: check +CVE-2024-39071 (Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_eve ...) + TODO: check +CVE-2024-39069 (An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows ...) + TODO: check +CVE-2024-39031 (In Silverpeas Core <= 6.3.5, inside of mes agendas a user can create a ...) + TODO: check +CVE-2024-38963 (Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS) via the ...) + TODO: check +CVE-2024-38959 (Cross Site Scripting vulnerability in Creativeitem Academy LMS Learnin ...) + TODO: check +CVE-2024-38875 (An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0 ...) + TODO: check +CVE-2024-38301 (Dell Alienware Command Center, version 5.7.3.0 and prior, contains an ...) + TODO: check +CVE-2024-37865 (An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allo ...) + TODO: check +CVE-2024-37829 (An issue in Outline <= v0.76.1 allows attackers to execute a session h ...) + TODO: check +CVE-2024-36676 (Incorrect access control in BookStack before v24.05.1 allows attackers ...) + TODO: check +CVE-2024-36453 (Cross-site scripting vulnerability exists in session_login.cgi of Webm ...) + TODO: check +CVE-2024-36452 (Cross-site request forgery vulnerability exists in ajaxterm module of ...) + TODO: check +CVE-2024-36451 (Improper handling of insufficient permissions or privileges vulnerabil ...) + TODO: check +CVE-2024-36450 (Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin ver ...) + TODO: check +CVE-2024-35154 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote auth ...) + TODO: check +CVE-2024-34726 (In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code e ...) + TODO: check +CVE-2024-34725 (In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arb ...) + TODO: check +CVE-2024-34724 (In
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f10fbba9 by security tracker role at 2024-07-09T20:12:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,64 +1,734 @@ -CVE-2024-6615 +CVE-2024-6598 (A denial-of-service attack is possible through the execution functiona ...) + TODO: check +CVE-2024-6527 (SQL Injection vulnerability in parameter "w" in file "druk.php" in Meg ...) + TODO: check +CVE-2024-6391 (The oik plugin for WordPress is vulnerable to Stored Cross-Site Script ...) + TODO: check +CVE-2024-6237 (A flaw was found in the 389 Directory Server. This flaw allows an unau ...) + TODO: check +CVE-2024-6222 (In Docker Desktop before v4.29.0, an attacker who has gained access to ...) + TODO: check +CVE-2024-6168 (The Just Custom Fields plugin for WordPress is vulnerable to Cross-Sit ...) + TODO: check +CVE-2024-6167 (The Just Custom Fields plugin for WordPress is vulnerable to unauthori ...) + TODO: check +CVE-2024-6069 (The Registration Forms \u2013 User Registration Forms, Invitation-Base ...) + TODO: check +CVE-2024-5993 (The Cliengo \u2013 Chatbot plugin for WordPress is vulnerable to unaut ...) + TODO: check +CVE-2024-5992 (The Cliengo \u2013 Chatbot plugin for WordPress is vulnerable to unaut ...) + TODO: check +CVE-2024-5946 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vul ...) + TODO: check +CVE-2024-5937 (The Simple Alert Boxes plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-5856 (The Comment Images Reloaded plugin for WordPress is vulnerable to unau ...) + TODO: check +CVE-2024-5810 (The WP2Speed Faster \u2013 Optimize PageSpeed Insights Score 90-100 pl ...) + TODO: check +CVE-2024-5704 (The XPlainer \u2013 WooCommerce Product FAQ [WooCommerce Accordion FAQ ...) + TODO: check +CVE-2024-5669 (The XPlainer \u2013 WooCommerce Product FAQ [WooCommerce Accordion FAQ ...) + TODO: check +CVE-2024-5652 (In Docker Desktop on Windows before v4.31.0allows a user in the docker ...) + TODO: check +CVE-2024-5648 (The LearnDash LMS \u2013 Reports plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5634 (Longse modelLBH30FE200W cameras, as well as products based on this dev ...) + TODO: check +CVE-2024-5633 (Longse modelLBH30FE200W cameras, as well as products based on this dev ...) + TODO: check +CVE-2024-5632 (Longse NVR (Network Video Recorder) modelNVR3608PGE2W, as well as prod ...) + TODO: check +CVE-2024-5631 (Longse NVR (Network Video Recorder) modelNVR3608PGE2W, as well as prod ...) + TODO: check +CVE-2024-5600 (The SCSS Happy Compiler \u2013 Compile SCSS to CSS & Automatic Enqueue ...) + TODO: check +CVE-2024-5479 (The Easy Pixels plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-5457 (The Panda Video plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-5456 (The Panda Video plugin for WordPress is vulnerable to Local File Inclu ...) + TODO: check +CVE-2024-4868 (The Extensions for Elementor plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-4862 (The WPBITS Addons For Elementor Page Builder plugin for WordPress is v ...) + TODO: check +CVE-2024-4102 (The Pricing Table plugin for WordPress is vulnerable to unauthorized a ...) + TODO: check +CVE-2024-4100 (The Pricing Table plugin for WordPress is vulnerable to Cross-Site Req ...) + TODO: check +CVE-2024-40750 (Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 dev ...) + TODO: check +CVE-2024-40742 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40741 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40740 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40739 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40738 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40737 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40736 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40735 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40734 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) + TODO: check +CVE-2024-40733 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 252eefd7 by security tracker role at 2024-07-09T08:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,121 @@ +CVE-2024-6365 (The Product Table by WBW plugin for WordPress is vulnerable to Remote ...) + TODO: check +CVE-2024-6334 (The Easy Table of Contents WordPress plugin before 2.0.67.1 does not s ...) + TODO: check +CVE-2024-6321 (The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site R ...) + TODO: check +CVE-2024-6320 (The ScrollTo Top plugin for WordPress is vulnerable to Cross-Site Requ ...) + TODO: check +CVE-2024-6317 (The Generate PDF using Contact Form 7 plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-6316 (The Generate PDF using Contact Form 7 plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-6314 (The IQ Testimonials plugin for WordPress is vulnerable to arbitrary fi ...) + TODO: check +CVE-2024-6313 (The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary fi ...) + TODO: check +CVE-2024-6310 (The Advanced AJAX Page Loader plugin for WordPress is vulnerable to Cr ...) + TODO: check +CVE-2024-6309 (The Attachment File Icons (AF Icons) plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-6180 (The EventON plugin for WordPress is vulnerable to unauthorized modific ...) + TODO: check +CVE-2024-6171 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-6170 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-6169 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-6166 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-6161 (The Default Thumbnail Plus plugin for WordPress is vulnerable to arbit ...) + TODO: check +CVE-2024-6123 (The Bit Form plugin for WordPress is vulnerable to arbitrary file uplo ...) + TODO: check +CVE-2024-5974 (A buffer overflow in WatchGuard Fireware OS could may allow an authent ...) + TODO: check +CVE-2024-5971 (A vulnerability was found in Undertow, where the chunked response hang ...) + TODO: check +CVE-2024-5881 (The Webico Slider Flatsome Addons plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-5855 (The Media Hygiene: Remove or Delete Unused Images and More! plugin for ...) + TODO: check +CVE-2024-5802 (The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sa ...) + TODO: check +CVE-2024-5793 (The Houzez Theme - Functionality plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5569 (A Denial of Service (DoS) vulnerability exists in the jaraco/zipp libr ...) + TODO: check +CVE-2024-5549 (Origin Validation Error in GitHub repository stitionai/devika prior to ...) + TODO: check +CVE-2024-5488 (The SEOPress WordPress plugin before 7.9 does not properly protect so ...) + TODO: check +CVE-2024-5441 (The Modern Events Calendar plugin for WordPress is vulnerable to arbit ...) + TODO: check +CVE-2024-4944 (A local privilege escalation vlnerability in the WatchGuard Mobile VPN ...) + TODO: check +CVE-2024-4667 (The Blog, Posts and Category Filter for Elementor plugin for WordPress ...) + TODO: check +CVE-2024-3653 (A vulnerability was found in Undertow. This issue requires enabling th ...) + TODO: check +CVE-2024-3410 (The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise ...) + TODO: check +CVE-2024-39600 (Under certain conditions, the memory of SAP GUI for Windows contains t ...) + TODO: check +CVE-2024-39599 (Due to a Protection Mechanism Failure in SAP NetWeaver Application Ser ...) + TODO: check +CVE-2024-39598 (SAP CRM (WebClient UI Framework) allows an authenticated attacker to e ...) + TODO: check +CVE-2024-39597 (In SAP Commerce, a user can misuse the forgotten password functionalit ...) + TODO: check +CVE-2024-39596 (Due to missing authorization checks, SAP Enable Now allows an author t ...) + TODO: check +CVE-2024-39595 (SAP Business Warehouse - Business Planning and Simulation application ...) + TODO: check +CVE-2024-39594 (SAP Business Warehouse - Business Planning and Simulation application ...) + TODO: check +CVE-2024-39593 (SAP Landscape Management allows an authenticated user to read confiden ...) + TODO: check +CVE-2024-39592 (Elements of PDCE does not perform necessary authorization checks for a ...) + TODO: check +CVE-2024-38372 (Undici is an HTTP/1.1 client, written from scratch for Node.js. Depend ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: abb6491b by security tracker role at 2024-07-08T20:12:42+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,101 @@ +CVE-2024-6580 (The /n software IPWorks SSH library SFTPServer component can be induce ...) + TODO: check +CVE-2024-6564 (Buffer overflow in "rcar_dev_init" due to using due to using untruste ...) + TODO: check +CVE-2024-6563 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) + TODO: check +CVE-2024-6227 (A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to c ...) + TODO: check +CVE-2024-6163 (Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < ...) + TODO: check +CVE-2024-4882 (The user may be redirected to an arbitrary site in Sitefinity 15.1.832 ...) + TODO: check +CVE-2024-4341 (Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar ...) + TODO: check +CVE-2024-39896 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2024-39895 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2024-39743 (IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to ...) + TODO: check +CVE-2024-39742 (IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to ...) + TODO: check +CVE-2024-39701 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2024-39699 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2024-39695 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + TODO: check +CVE-2024-39677 (NHibernate is an object-relational mapper for the .NET framework. A SQ ...) + TODO: check +CVE-2024-39312 (Botan is a C++ cryptography library. X.509 certificates can identify e ...) + TODO: check +CVE-2024-39308 (RailsAdmin is a Rails engine that provides an interface for managing d ...) + TODO: check +CVE-2024-39203 (A cross-site scripting (XSS) vulnerability in the Backend Theme Manage ...) + TODO: check +CVE-2024-39202 (D-Link DIR-823X firmware - 240126 was discovered to contain a remote c ...) + TODO: check +CVE-2024-37999 (A vulnerability has been identified in Medicalis Workflow Orchestrator ...) + TODO: check +CVE-2024-34702 (Botan is a C++ cryptography library. X.509 certificates can identify e ...) + TODO: check +CVE-2024-31504 (Buffer Overflow vulnerability in SILA Embedded Solutions GmbH freemodb ...) + TODO: check +CVE-2024-27903 (OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be lo ...) + TODO: check +CVE-2024-27459 (The interactive service in OpenVPN 2.6.9 and earlier allows an attacke ...) + TODO: check +CVE-2024-25639 (Khoj is an application that creates personal AI agents. The Khoj Obsid ...) + TODO: check +CVE-2024-24974 (The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVP ...) + TODO: check +CVE-2024-23562 (A security vulnerability in HCL Domino could allow disclosure of sensi ...) + TODO: check +CVE-2024-21778 (A heap-based buffer overflow vulnerability exists in the configuration ...) + TODO: check +CVE-2024-1305 (tap-windows6 driver version 9.26 and earlier does not properly check ...) + TODO: check +CVE-2023-50383 (Three os command injection vulnerabilities exist in the boa formWsc fu ...) + TODO: check +CVE-2023-50382 (Three os command injection vulnerabilities exist in the boa formWsc fu ...) + TODO: check +CVE-2023-50381 (Three os command injection vulnerabilities exist in the boa formWsc fu ...) + TODO: check +CVE-2023-50330 (A stack-based buffer overflow vulnerability exists in the boa getInfo ...) + TODO: check +CVE-2023-50244 (Two stack-based buffer overflow vulnerabilities exist in the boa formI ...) + TODO: check +CVE-2023-50243 (Two stack-based buffer overflow vulnerabilities exist in the boa formI ...) + TODO: check +CVE-2023-50240 (Two stack-based buffer overflow vulnerabilities exist in the boa set_R ...) + TODO: check +CVE-2023-50239 (Two stack-based buffer overflow vulnerabilities exist in the boa set_R ...) + TODO: check +CVE-2023-49867 (A stack-based buffer overflow vulnerability exists in the boa formWsc ...) + TODO: check +CVE-2023-49595 (A stack-based buffer overflow vulnerability exists in the boa rollback ...) + TODO: check +CVE-2023-49593 (Leftover debug code exists in the boa formSysCmd functionality of Leve ...) + TODO: check +CVE-2023-49073 (A stack-based buffer overflow vulnerability exists in the boa formFilt ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 57087686 by security tracker role at 2024-07-08T08:11:40+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2024-6539 (A vulnerability classified as problematic has been found in heyewei Sp ...) + TODO: check +CVE-2024-5711 (Cross-site Scripting (XSS) - Stored in GitHub repository stitionai/dev ...) + TODO: check +CVE-2024-39723 (IBM FlashSystem 5300 USB ports may be usable even if the port has been ...) + TODO: check +CVE-2024-38330 (IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user ...) + TODO: check +CVE-2024-37528 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...) + TODO: check +CVE-2024-37389 (Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 suppor ...) + TODO: check +CVE-2024-34603 (Improper access control in Samsung Message prior to SMR Jul-2024 Relea ...) + TODO: check +CVE-2024-34602 (Use of implicit intent for sensitive communication in Samsung Messages ...) + TODO: check +CVE-2024-31897 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...) + TODO: check CVE-2024-6229 (A stored cross-site scripting (XSS) vulnerability exists in the 'Uploa ...) TODO: check CVE-2024-40614 (EGroupware before 23.1.20240624 mishandles an ORDER BY clause.) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57087686c5b0b326cb6fef87abc945f5aa180afc -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57087686c5b0b326cb6fef87abc945f5aa180afc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e637032 by security tracker role at 2024-07-07T20:12:10+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-6229 (A stored cross-site scripting (XSS) vulnerability exists in the 'Uploa ...) + TODO: check +CVE-2024-40614 (EGroupware before 23.1.20240624 mishandles an ORDER BY clause.) + TODO: check CVE-2024-40605 (An issue was discovered in the Foreground skin for MediaWiki through 1 ...) NOT-FOR-US: Foreground skin for MediaWiki CVE-2024-40604 (An issue was discovered in the Nimbus skin for MediaWiki through 1.42. ...) @@ -27200,7 +27204,7 @@ CVE-2023-52144 (Improper Limitation of a Pathname to a Restricted Directory ('Pa NOT-FOR-US: WordPress plugin CVE-2024-3508 (A flaw was found in Bombastic, which allows authenticated users to upl ...) NOT-FOR-US: Bombastic's use of bzip2 -CVE-2024-3651 [potential DoS via resource consumption via specially crafted inputs to idna.encode()] +CVE-2024-3651 (A vulnerability was identified in the kjd/idna library, specifically w ...) {DLA-3811-1} - python-idna 3.6-2.1 (bug #1069127) [bookworm] - python-idna 3.3-1+deb12u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e637032c4cb9ecd269e58c326012549f868adb2 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e637032c4cb9ecd269e58c326012549f868adb2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 90451491 by security tracker role at 2024-07-07T08:11:37+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,23 @@ +CVE-2024-40605 (An issue was discovered in the Foreground skin for MediaWiki through 1 ...) + TODO: check +CVE-2024-40604 (An issue was discovered in the Nimbus skin for MediaWiki through 1.42. ...) + TODO: check +CVE-2024-40603 (An issue was discovered in the ArticleRatings extension for MediaWiki ...) + TODO: check +CVE-2024-40602 (An issue was discovered in the Tempo skin for MediaWiki through 1.42.1 ...) + TODO: check +CVE-2024-40601 (An issue was discovered in the MediaWikiChat extension for MediaWiki t ...) + TODO: check +CVE-2024-40600 (An issue was discovered in the Metrolook skin for MediaWiki through 1. ...) + TODO: check +CVE-2024-40599 (An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42 ...) + TODO: check +CVE-2024-40598 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) + TODO: check +CVE-2024-40597 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) + TODO: check +CVE-2024-40596 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) + TODO: check CVE-2024-6095 (A vulnerability in the /models/apply endpoint of mudler/localai versio ...) NOT-FOR-US: mudler/localai CVE-2024-5616 (A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/Loc ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90451491fc1d09ceca92aca2857a8ec3900eb079 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90451491fc1d09ceca92aca2857a8ec3900eb079 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5c7a64c0 by security tracker role at 2024-07-06T20:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,28 @@ -CVE-2024-39486 [drm/drm_file: Fix pid refcounting race] +CVE-2024-6095 (A vulnerability in the /models/apply endpoint of mudler/localai versio ...) + TODO: check +CVE-2024-5616 (A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/Loc ...) + TODO: check +CVE-2024-37554 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37553 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37547 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-37546 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37542 (Missing Authorization vulnerability in WpDevArt Responsive Image Galle ...) + TODO: check +CVE-2024-37541 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37539 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37260 (Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.T ...) + TODO: check +CVE-2024-37234 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in K ...) + TODO: check +CVE-2024-37208 (Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP S ...) + TODO: check +CVE-2024-39486 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c7a64c0c01fc6f2b21215e7bb43629ff7b5cdc9 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c7a64c0c01fc6f2b21215e7bb43629ff7b5cdc9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5a746a0f by security tracker role at 2024-07-06T08:11:45+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2024-40594 (The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the san ...) + TODO: check +CVE-2024-39182 (An information disclosure vulnerability in ISPmanager v6.98.0 allows a ...) + TODO: check +CVE-2024-33862 (A buffer-management vulnerability in OPC Foundation OPCFoundation.NetS ...) + TODO: check CVE-2024-6501 - network-manager [bookworm] - network-manager (Minor issue) @@ -1454,9 +1460,11 @@ CVE-2023-38370 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, un CVE-2023-38368 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could dis ...) NOT-FOR-US: IBM CVE-2024-37371 (In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause inva ...) + {DSA-5726-1} - krb5 1.21.3-1 NOTE: https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef (krb5-1.21.3-final) CVE-2024-37370 (In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the ...) + {DSA-5726-1} - krb5 1.21.3-1 NOTE: https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef (krb5-1.21.3-final) CVE-2024-5535 (Issue summary: Calling the OpenSSL API function SSL_select_next_proto ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a746a0fd0e53e8c70ca4d55f075d93c1e2c7d3d -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a746a0fd0e53e8c70ca4d55f075d93c1e2c7d3d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f16e0e9e by security tracker role at 2024-07-05T20:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,91 @@ +CVE-2024-6526 (A vulnerability classified as problematic has been found in CodeIgnite ...) + TODO: check +CVE-2024-6525 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DA ...) + TODO: check +CVE-2024-6524 (A vulnerability was found in ShopXO up to 6.1.0. It has been declared ...) + TODO: check +CVE-2024-6523 (A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been c ...) + TODO: check +CVE-2024-6505 (A flaw was found in the virtio-net device in QEMU. When enabling the R ...) + TODO: check +CVE-2024-6298 (Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Li ...) + TODO: check +CVE-2024-6209 (Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <= ...) + TODO: check +CVE-2024-5753 (vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some f ...) + TODO: check +CVE-2024-39864 (The CloudStack integration API service allows running its unauthentica ...) + TODO: check +CVE-2024-39696 (Evmos is a decentralized Ethereum Virtual Machine chain on the Cosmos ...) + TODO: check +CVE-2024-39691 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging ...) + TODO: check +CVE-2024-39689 (Certifi is a curated collection of Root Certificates for validating th ...) + TODO: check +CVE-2024-39687 (Fedify is a TypeScript library for building federated server apps powe ...) + TODO: check +CVE-2024-39321 (Traefik is an HTTP reverse proxy and load balancer. Versions prior to ...) + TODO: check +CVE-2024-39210 (Best House Rental Management System v1.0 was discovered to contain an ...) + TODO: check +CVE-2024-39178 (MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary ...) + TODO: check +CVE-2024-39174 (A cross-site scripting (XSS) vulnerability in the Publish Article func ...) + TODO: check +CVE-2024-39150 (vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a c ...) + TODO: check +CVE-2024-39028 (An issue was discovered in SeaCMS <=12.9 which allows remote attackers ...) + TODO: check +CVE-2024-39027 (SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vuln ...) + TODO: check +CVE-2024-39023 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-39022 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-39021 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-39020 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-39019 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-38346 (The CloudStack cluster service runs on unauthenticated port (default 9 ...) + TODO: check +CVE-2024-37903 (Mastodon is a self-hosted, federated microblogging platform. Starting ...) + TODO: check +CVE-2024-37769 (Insecure permissions in 14Finger v1.1 allow attackers to escalate priv ...) + TODO: check +CVE-2024-37768 (14Finger v1.1 was discovered to contain an arbitrary user deletion vul ...) + TODO: check +CVE-2024-37767 (Insecure permissions in the component /api/admin/user of 14Finger v1.1 ...) + TODO: check +CVE-2024-34361 (Pi-hole is a DNS sinkhole that protects devices from unwanted content ...) + TODO: check +CVE-2024-29319 (Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Serve ...) + TODO: check +CVE-2024-29318 (Volmarg Personal Management System 1.4.64 is vulnerable to stored cros ...) + TODO: check +CVE-2024-27717 (Cross Site Request Forgery vulnerability in Eskooly Free Online School ...) + TODO: check +CVE-2024-27716 (Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and be ...) + TODO: check +CVE-2024-27715 (An issue in Eskooly Free Online School management Software v.3.0 and b ...) + TODO: check +CVE-2024-27713 (An issue in Eskooly Free Online School management Software v.3.0 and b ...) + TODO: check +CVE-2024-27712 (An issue in Eskooly Free Online School management Software v.3.0 and b ...) + TODO: check +CVE-2024-27711 (An issue in Eskooly Free Online School management Software v.3.0 and b ...) + TODO: check +CVE-2024-27710 (An issue in Eskooly Free Online School management Software v.3.0 and b ...) + TODO: check +CVE-2024-27709 (SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remo ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 62396743 by security tracker role at 2024-07-05T08:11:37+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,41 @@ +CVE-2024-39943 (rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, an ...) + TODO: check +CVE-2024-39937 (supOS 5.0 allows api/image/download?fileName=../ directory traversal f ...) + TODO: check +CVE-2024-39936 (An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2. ...) + TODO: check +CVE-2024-39935 (jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certifi ...) + TODO: check +CVE-2024-39485 (In the Linux kernel, the following vulnerability has been resolved: m ...) + TODO: check +CVE-2024-39484 (In the Linux kernel, the following vulnerability has been resolved: m ...) + TODO: check +CVE-2024-39483 (In the Linux kernel, the following vulnerability has been resolved: K ...) + TODO: check +CVE-2024-39482 (In the Linux kernel, the following vulnerability has been resolved: b ...) + TODO: check +CVE-2024-39481 (In the Linux kernel, the following vulnerability has been resolved: m ...) + TODO: check +CVE-2024-39480 (In the Linux kernel, the following vulnerability has been resolved: k ...) + TODO: check +CVE-2024-39479 (In the Linux kernel, the following vulnerability has been resolved: d ...) + TODO: check +CVE-2024-39478 (In the Linux kernel, the following vulnerability has been resolved: c ...) + TODO: check +CVE-2024-39477 (In the Linux kernel, the following vulnerability has been resolved: m ...) + TODO: check +CVE-2024-39476 (In the Linux kernel, the following vulnerability has been resolved: m ...) + TODO: check +CVE-2024-39475 (In the Linux kernel, the following vulnerability has been resolved: f ...) + TODO: check +CVE-2024-39474 (In the Linux kernel, the following vulnerability has been resolved: m ...) + TODO: check +CVE-2024-39473 (In the Linux kernel, the following vulnerability has been resolved: A ...) + TODO: check +CVE-2024-39472 (In the Linux kernel, the following vulnerability has been resolved: x ...) + TODO: check +CVE-2024-34481 (drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, cap ...) + TODO: check CVE-2024-6513 REJECTED CVE-2024-6511 (A vulnerability classified as problematic was found in y_project RuoYi ...) @@ -458,7 +496,7 @@ CVE-2023-51776 (Improper privilege management in Jungo WinDriver before 12.1.0 a NOT-FOR-US: Jungo WinDriver CVE-2023-39324 REJECTED -CVE-2024-32498 [OSSA-2024-001: Arbitrary file access through custom QCOW2 external data] +CVE-2024-32498 (An issue was discovered in OpenStack Cinder through 24.0.0, Glance bef ...) - cinder (bug #1074763) - glance 2:28.0.1-3+deb12u1 (bug #1074761) - nova (bug #1074762) @@ -2906,12 +2944,14 @@ CVE-2022-48738 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux 5.10.103-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0 (5.17-rc3) -CVE-2022-48737 (In the Linux kernel, the following vulnerability has been resolved: A ...) +CVE-2022-48737 + REJECTED - linux 5.16.10-1 [bullseye] - linux 5.10.103-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e (5.17-rc3) -CVE-2022-48736 (In the Linux kernel, the following vulnerability has been resolved: A ...) +CVE-2022-48736 + REJECTED - linux 5.16.10-1 [bullseye] - linux 5.10.103-1 [buster] - linux 4.19.232-1 @@ -8343,7 +8383,7 @@ CVE-2024-3200 (The wpForo Forum plugin for WordPress is vulnerable to SQL Inject NOT-FOR-US: WordPress plugin CVE-2024-35636 (Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare Uploadca ...) NOT-FOR-US: WordPress plugin -CVE-2024-36041 [ksmserver: Unauthorized users can access session manager] +CVE-2024-36041 (KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.1 ...) {DSA-5723-1 DLA-3827-1} - plasma-workspace 4:5.27.11.1-1 NOTE: https://kde.org/info/security/advisory-20240531-1.txt @@ -47631,7 +47671,7 @@ CVE-2024-0987 (A vulnerability classified as critical has been found in Sichuan NOT-FOR-US: Sichuan Yougou Technology KuERP CVE-2024-0986 (A vulnerability was found in Issabel PBX 4.0.0. It has been rated as c ...) NOT-FOR-US: Issabel PBX -CVE-2023-52340 [ipv6: remove max_size check inline with ipv4] +CVE-2023-52340 (The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/ ...) {DLA-3841-1 DLA-3840-1}
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 96c7606c by security tracker role at 2024-07-04T20:12:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2024-6513 + REJECTED +CVE-2024-6511 (A vulnerability classified as problematic was found in y_project RuoYi ...) + TODO: check +CVE-2024-6507 (Command injection when ingesting a remote Kaggle dataset due to a lack ...) + TODO: check +CVE-2024-6506 (Information exposure vulnerability in the MRW plugin, in its5.4.3 vers ...) + TODO: check +CVE-2024-6434 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-6319 (The IMGspider plugin for WordPress is vulnerable to arbitrary file upl ...) + TODO: check +CVE-2024-6318 (The IMGspider plugin for WordPress is vulnerable to arbitrary file upl ...) + TODO: check +CVE-2024-5943 (The Nested Pages plugin for WordPress is vulnerable to Cross-Site Requ ...) + TODO: check +CVE-2024-3904 (Incorrect Default Permissions vulnerability in Smart Device Communicat ...) + TODO: check +CVE-2024-39934 (Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., ...) + TODO: check +CVE-2024-39933 (Gogs through 0.13.0 allows argument injection during the tagging of a ...) + TODO: check +CVE-2024-39932 (Gogs through 0.13.0 allows argument injection during the previewing of ...) + TODO: check +CVE-2024-39931 (Gogs through 0.13.0 allows deletion of internal files.) + TODO: check +CVE-2024-39930 (The built-in SSH server of Gogs through 0.13.0 allows argument injecti ...) + TODO: check +CVE-2024-39929 (Exim through 4.97.1 misparses a multiline RFC 2231 header filename, an ...) + TODO: check +CVE-2024-39211 (Kaiten 57.128.8 allows remote attackers to enumerate user accounts via ...) + TODO: check +CVE-2024-39165 (QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pr ...) + TODO: check +CVE-2024-37476 (Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campai ...) + TODO: check +CVE-2024-37474 (Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads al ...) + TODO: check +CVE-2024-37472 (Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows R ...) + TODO: check +CVE-2024-37471 (Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core all ...) + TODO: check +CVE-2024-32754 (Under certain circumstances, when the controller is in factory reset m ...) + TODO: check +CVE-2024-22277 (VMware Cloud Director Availability contains an HTML injection vulnerab ...) + TODO: check +CVE-2024-1574 (Use of Externally-Controlled Input to Select Classes or Code ('Unsafe ...) + TODO: check +CVE-2024-1573 (Improper Authentication vulnerability in the mobile monitoring feature ...) + TODO: check +CVE-2024-1182 (Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 al ...) + TODO: check CVE-2024-6464 REJECTED CVE-2024-6463 @@ -320,7 +372,8 @@ CVE-2024-34586 (Improper access control in KnoxCustomManagerService prior to SMR NOT-FOR-US: Samsung CVE-2024-34585 (Improper access control in launchApp of SystemUI prior to SMR Jul-2024 ...) NOT-FOR-US: Samsung -CVE-2024-34584 (Improper privilege management in SumeNNService prior to SMR Jul-2024 R ...) +CVE-2024-34584 + REJECTED NOT-FOR-US: Samsung CVE-2024-34583 (Improper access control in system property prior to SMR Jul-2024 Relea ...) NOT-FOR-US: Samsung @@ -679,7 +732,7 @@ CVE-2024-0153 (Improper Restriction of Operations within the Bounds of a Memory TODO: check CVE-2023-43554 (Memory corruption while processing IOCTL handler in FastRPC.) NOT-FOR-US: Qualcomm -CVE-2024-39884 +CVE-2024-39884 (A regression in the core of Apache HTTP Server 2.4.60 ignores some use ...) - apache2 2.4.61-1 [bookworm] - apache2 (Vulnerable code not present) [bullseye] - apache2 (Vulnerable code not present) @@ -71258,7 +71311,7 @@ CVE-2023-5063 (The Widget Responsive for Youtube plugin for WordPress is vulnera NOT-FOR-US: WordPress plugin CVE-2023-5062 (The WordPress Charts plugin for WordPress is vulnerable to Stored Cros ...) NOT-FOR-US: WordPress plugin -CVE-2023-4088 (Incorrect Default Permissions vulnerability due to incomplete fix to a ...) +CVE-2023-4088 (Incorrect Default Permissions vulnerability in Mitsubishi Electric Cor ...) NOT-FOR-US: Mitsubishi CVE-2023-43621 (An issue was discovered in Croc through 9.6.5. The shared secret, loca ...) - croc (bug #1017956) View it on GitLab:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ed488fa4 by security tracker role at 2024-07-04T08:11:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,29 @@ +CVE-2024-6464 + REJECTED +CVE-2024-6463 + REJECTED +CVE-2024-6461 + REJECTED +CVE-2024-6383 (The bson_string_append function in MongoDB C Driver may be vulnerable ...) + TODO: check +CVE-2024-6284 (In https://github.com/google/nftables IP addresses were encoded in th ...) + TODO: check +CVE-2024-5641 (The One Click Order Re-Order plugin for WordPress is vulnerable to una ...) + TODO: check +CVE-2024-3639 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-3638 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-38471 (Multiple TP-LINK products allow a network-adjacent attacker with an ad ...) + TODO: check +CVE-2024-38345 (A cross-site request forgery vulnerability exists in Sola Testimonials ...) + TODO: check +CVE-2024-38344 (A cross-site request forgery vulnerability exists in WP Tweet Walls ve ...) + TODO: check +CVE-2024-2926 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-2385 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) + TODO: check CVE-2024-6488 REJECTED CVE-2024-6471 (A vulnerability classified as critical has been found in SourceCodeste ...) @@ -113,6 +139,7 @@ CVE-2023-52168 (The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) NOTE: Since p7zip/16.02+transitional.1 src:p7zip is only a empty source package NOTE: depending on 7zip. Mark this version as fixed version. CVE-2024-39844 (In ZNC before 1.9.1, remote code execution can occur in modtcl via a K ...) + {DSA-5725-1} - znc (bug #1075729) NOTE: Fixed by: https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e (znc-1.9.1) CVE-2024-6453 (A vulnerability was found in itsourcecode Farm Management System 1.0. ...) @@ -235,7 +262,7 @@ CVE-2024-38857 (Improper neutralization of input in Checkmk before versions 2.3. - check-mk CVE-2024-38537 (Fides is an open-source privacy engineering platform. `fides.js`, a cl ...) NOT-FOR-US: Fides -CVE-2024-38519 (`yt-dlp` is a command-line audio/video downloader. Prior to version 20 ...) +CVE-2024-38519 (`yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Pr ...) - yt-dlp 2024.07.01-1 (unimportant) NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j NOTE: https://github.com/yt-dlp/yt-dlp/commit/5ce582448ececb8d9c30c8c31f58330090ced03a (2024.07.01) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed488fa40d1962e5506ff2dc867c2cf73369cad4 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed488fa40d1962e5506ff2dc867c2cf73369cad4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f4f28bc4 by security tracker role at 2024-07-03T20:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,80 @@ -CVE-2024-39844 +CVE-2024-6488 + REJECTED +CVE-2024-6471 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-6470 (A vulnerability was found in playSMS 1.4.3. It has been rated as probl ...) + TODO: check +CVE-2024-6469 (A vulnerability was found in playSMS 1.4.3. It has been declared as pr ...) + TODO: check +CVE-2024-6428 (Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2, 9.5.x <= 9. ...) + TODO: check +CVE-2024-6427 (Uncontrolled Resource Consumption vulnerability in MESbook20221021.03 ...) + TODO: check +CVE-2024-6426 (Information exposure vulnerability in MESbook 20221021.03 version, the ...) + TODO: check +CVE-2024-6126 (A flaw was found in the cockpit package. This flaw allows an authentic ...) + TODO: check +CVE-2024-6052 (Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and ...) + TODO: check +CVE-2024-5887 (Cross-Site Request Forgery (CSRF) in stitionai/devika) + TODO: check +CVE-2024-5821 (Improper Access Control in stitionai/devika) + TODO: check +CVE-2024-5672 (A high privileged remote attacker canexecute arbitrary system commands ...) + TODO: check +CVE-2024-3332 (A malicious BLE device can send a specific order of packet sequence to ...) + TODO: check +CVE-2024-39830 (Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and ...) + TODO: check +CVE-2024-39807 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0fail to properly sanitize ...) + TODO: check +CVE-2024-39683 (ZITADEL is an open-source identity infrastructure tool. ZITADEL provid ...) + TODO: check +CVE-2024-39361 (Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= ...) + TODO: check +CVE-2024-39353 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the Remo ...) + TODO: check +CVE-2024-39248 (A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows atta ...) + TODO: check +CVE-2024-39223 (An authentication bypass in the SSH service of gost v2.11.5 allows att ...) + TODO: check +CVE-2024-39220 (BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, ...) + TODO: check +CVE-2024-37726 (Insecure Permissions vulnerability in Micro-Star International Co., Lt ...) + TODO: check +CVE-2024-37157 (Discourse is an open-source discussion platform. Prior to version 3.2. ...) + TODO: check +CVE-2024-36257 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0,when using shared channel ...) + TODO: check +CVE-2024-36122 (Discourse is an open-source discussion platform. Prior to version 3.2. ...) + TODO: check +CVE-2024-36113 (Discourse is an open-source discussion platform. Prior to version 3.2. ...) + TODO: check +CVE-2024-35234 (Discourse is an open-source discussion platform. Prior to version 3.2. ...) + TODO: check +CVE-2024-35227 (Discourse is an open-source discussion platform. Prior to version 3.2. ...) + TODO: check +CVE-2024-34750 (Improper Handling of Exceptional Conditions, Uncontrolled Resource Con ...) + TODO: check +CVE-2024-32937 (An os command injection vulnerability exists in the CWMP SelfDefinedTi ...) + TODO: check +CVE-2024-31223 (Fides is an open-source privacy engineering platform, and `SERVER_SIDE ...) + TODO: check +CVE-2024-29511 (Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, ha ...) + TODO: check +CVE-2024-29509 (Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFP ...) + TODO: check +CVE-2024-29508 (Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure ...) + TODO: check +CVE-2024-29507 (Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer ...) + TODO: check +CVE-2024-29506 (Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow i ...) + TODO: check +CVE-2023-52169 (The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) conta ...) + TODO: check +CVE-2023-52168 (The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) conta ...) + TODO: check +CVE-2024-39844 (In ZNC before 1.9.1, remote code execution can occur in modtcl via a K ...) - znc NOTE: Fixed by: https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e (znc-1.9.1) CVE-2024-6453 (A vulnerability was found in itsourcecode Farm Management System 1.0. ...) @@ -17752,7 +17828,7 @@ CVE-2023-6682 (An issue has been discovered in GitLab CE/EE affecting all versio - gitlab
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d704235b by security tracker role at 2024-07-03T08:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,47 @@ +CVE-2024-6453 (A vulnerability was found in itsourcecode Farm Management System 1.0. ...) + TODO: check +CVE-2024-6340 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-6263 (The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-4708 (mySCADA myPRO uses a hard-coded password which could allow an attack ...) + TODO: check +CVE-2024-4543 (The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Sit ...) + TODO: check +CVE-2024-4482 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...) + TODO: check +CVE-2024-39920 (The TCP protocol in RFC 9293 has a timing side channel that makes it e ...) + TODO: check +CVE-2024-39326 (SkillTree is a micro-learning gamification platform. Prior to version ...) + TODO: check +CVE-2024-39325 (aimeos/ai-controller-frontend is the Aimeos frontend controller. Prio ...) + TODO: check +CVE-2024-39324 (aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Sta ...) + TODO: check +CVE-2024-39322 (aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administ ...) + TODO: check +CVE-2024-38453 (The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows at ...) + TODO: check +CVE-2024-37082 (Security check loophole in HAProxy release (in combination with routin ...) + TODO: check +CVE-2024-32673 (Improper Validation of Array Index vulnerability in Samsung Open Sourc ...) + TODO: check +CVE-2024-2376 (The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF chec ...) + TODO: check +CVE-2024-2375 (The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and e ...) + TODO: check +CVE-2024-2235 (The Himer WordPress theme before 2.1.1 does not have CSRF checks in so ...) + TODO: check +CVE-2024-2234 (The Himer WordPress theme before 2.1.1 does not sanitise and escape so ...) + TODO: check +CVE-2024-2233 (The Himer WordPress theme before 2.1.1 does not have CSRF checks in so ...) + TODO: check +CVE-2024-2231 (The allows any authenticated user to join a private group due to a mi ...) + TODO: check +CVE-2024-2040 (The Himer WordPress theme before 2.1.1 does not have CSRF checks in so ...) + TODO: check +CVE-2024-24791 (The net/http HTTP/1.1 client mishandled the case where a server respon ...) + TODO: check CVE-2024-6452 (A vulnerability classified as critical was found in linlinjava litemal ...) TODO: check CVE-2024-6441 (A vulnerability was found in ORIPA up to 1.72. It has been declared as ...) @@ -501,7 +545,7 @@ CVE-2024-36387 (Serving WebSocket protocol upgrades over a HTTP/2 connection cou - apache2 2.4.60-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-36387 NOTE: https://github.com/apache/httpd/commit/c69a51bff8157e403121f8436d85dde21ad28bd2 -CVE-2024-6387 (A signal handler race condition was found in OpenSSH's server (sshd), ...) +CVE-2024-6387 (A security regression (CVE-2006-5051) was discovered in OpenSSH's serv ...) {DSA-5724-1} - openssh 1:9.7p1-7 [bullseye] - openssh (Vulnerable code introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d704235bcb3ecab9836d6cb2c119b61090ceee6a -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d704235bcb3ecab9836d6cb2c119b61090ceee6a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3fb3389b by security tracker role at 2024-07-02T20:12:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,183 @@ +CVE-2024-6452 (A vulnerability classified as critical was found in linlinjava litemal ...) + TODO: check +CVE-2024-6441 (A vulnerability was found in ORIPA up to 1.72. It has been declared as ...) + TODO: check +CVE-2024-6440 (A vulnerability was found in SourceCodester Home Owners Collection Man ...) + TODO: check +CVE-2024-6439 (A vulnerability was found in SourceCodester Home Owners Collection Man ...) + TODO: check +CVE-2024-6438 (A vulnerability has been found in Hitout Carsale 1.0 and classified as ...) + TODO: check +CVE-2024-6382 (Incorrect handling of certain string inputs may result in MongoDB Rust ...) + TODO: check +CVE-2024-6381 (The bson_strfreev function in the MongoDB C driver library may be susc ...) + TODO: check +CVE-2024-6341 + REJECTED +CVE-2024-6264 (The Post Meta Data Manager plugin for WordPress is vulnerable to Store ...) + TODO: check +CVE-2024-6099 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-6088 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-6012 (The Cost Calculator Builder plugin for WordPress is vulnerable to unau ...) + TODO: check +CVE-2024-6011 (The Cost Calculator Builder plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2024-5866 (Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The ...) + TODO: check +CVE-2024-5865 (Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The ...) + TODO: check +CVE-2024-5260 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) + TODO: check +CVE-2024-4897 (parisneo/lollms-webui, in its latest version, is vulnerable to remote ...) + TODO: check +CVE-2024-4836 (Web services managed by Edito CMS (Content Management System) in versi ...) + TODO: check +CVE-2024-4467 (A flaw was found in the QEMU disk image utility (qemu-img) 'info' comm ...) + TODO: check +CVE-2024-4268 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPres ...) + TODO: check +CVE-2024-3826 (In versions of Akana in versions prior to and including 2022.1.3 valid ...) + TODO: check +CVE-2024-39894 (OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks aga ...) + TODO: check +CVE-2024-39891 (In the Twilio Authy API, accessed by Authy Android before 25.1.0 and A ...) + TODO: check +CVE-2024-39323 (aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Sta ...) + TODO: check +CVE-2024-39316 (Rack is a modular Ruby web server interface. Starting in version 3.1.0 ...) + TODO: check +CVE-2024-39315 (Pomerium is an identity and context-aware access proxy. Prior to versi ...) + TODO: check +CVE-2024-39206 (An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 all ...) + TODO: check +CVE-2024-39143 (A stored cross-site scripting (XSS) vulnerability exists in ResidenceC ...) + TODO: check +CVE-2024-39119 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-38857 (Improper neutralization of input in Checkmk before versions 2.3.0p8, 2 ...) + TODO: check +CVE-2024-38537 (Fides is an open-source privacy engineering platform. `fides.js`, a cl ...) + TODO: check +CVE-2024-38519 (`yt-dlp` is a command-line audio/video downloader. Prior to version 20 ...) + TODO: check +CVE-2024-37185 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...) + TODO: check +CVE-2024-37077 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...) + TODO: check +CVE-2024-37030 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...) + TODO: check +CVE-2024-36404 (GeoTools is an open source Java library that provides tools for geospa ...) + TODO: check +CVE-2024-36278 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...) + TODO: check +CVE-2024-36260 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...) + TODO: check +CVE-2024-36243 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...) + TODO: check +CVE-2024-34601 (Improper verification of intent by broadcast receiver vulnerability in ...) + TODO: check +CVE-2024-34600 (Improper verification of intent by broadcast receiver vulnerability in ...) + TODO: check +CVE-2024-34599 (Improper input validation in Tips prior to version 6.2.9.4
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1faa5f9c by security tracker role at 2024-07-02T08:11:50+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,111 @@ +CVE-2024-6172 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) + TODO: check +CVE-2024-5938 (The Boot Store theme for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-5767 (The sitetweet WordPress plugin through 0.2 does not have CSRF check in ...) + TODO: check +CVE-2024-5606 (The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vul ...) + TODO: check +CVE-2024-5545 (The Motors \u2013 Car Dealer, Classifieds & Listing plugin for WordPre ...) + TODO: check +CVE-2024-5544 (The Media Library Assistant plugin for WordPress is vulnerable to Refl ...) + TODO: check +CVE-2024-5504 (The Rife Elementor Extensions & Templates plugin for WordPress is vuln ...) + TODO: check +CVE-2024-5419 (The Void Contact Form 7 Widget For Elementor Page Builder plugin for W ...) + TODO: check +CVE-2024-5349 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) + TODO: check +CVE-2024-5322 (The N-central server is vulnerable to session rebinding of already aut ...) + TODO: check +CVE-2024-5219 (The Easy Google Maps plugin for WordPress is vulnerable to Stored Cros ...) + TODO: check +CVE-2024-4679 (Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible ...) + TODO: check +CVE-2024-4627 (The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise a ...) + TODO: check +CVE-2024-3999 (The EazyDocs WordPress plugin before 2.5.0 does not sanitise and esca ...) + TODO: check +CVE-2024-3513 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPres ...) + TODO: check +CVE-2024-39314 (toy-blog is a headless content management system implementation. Start ...) + TODO: check +CVE-2024-39313 (toy-blog is a headless content management system implementation. Start ...) + TODO: check +CVE-2024-39310 (The Basil recipe theme for WordPress is vulnerable to Persistent Cross ...) + TODO: check +CVE-2024-39309 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2024-39305 (Envoy is a cloud-native, open source edge and service proxy. Prior to ...) + TODO: check +CVE-2024-38368 (trunk.cocoapods.org is the authentication server for the CoacoaPods de ...) + TODO: check +CVE-2024-38367 (trunk.cocoapods.org is the authentication server for the CoacoaPods de ...) + TODO: check +CVE-2024-38366 (trunk.cocoapods.org is the authentication server for the CoacoaPods de ...) + TODO: check +CVE-2024-37765 (Machform up to version 19 is affected by an authenticated Blind SQL in ...) + TODO: check +CVE-2024-37764 (MachForm up to version 19 is affected by an authenticated stored cross ...) + TODO: check +CVE-2024-37763 (MachForm up to version 19 is affected by an unauthenticated stored cro ...) + TODO: check +CVE-2024-37762 (MachForm up to version 21 is affected by an authenticated unrestricted ...) + TODO: check +CVE-2024-37479 (Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit ...) + TODO: check +CVE-2024-37134 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an impr ...) + TODO: check +CVE-2024-37133 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an impr ...) + TODO: check +CVE-2024-37132 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an inco ...) + TODO: check +CVE-2024-37126 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an impr ...) + TODO: check +CVE-2024-32854 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an impr ...) + TODO: check +CVE-2024-32853 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an exec ...) + TODO: check +CVE-2024-32852 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of ...) + TODO: check +CVE-2024-32230 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size- ...) + TODO: check +CVE-2024-32229 (FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandsh ...) + TODO: check +CVE-2024-32228 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavc ...) + TODO: check +CVE-2024-2819 (Incorrect Default Permissions, Improper Preservation of Permissions vu ...) + TODO: check +CVE-2024-28200 (The N-central server is vulnerable to an authentication bypass of the ...) + TODO: check +CVE-2024-23737 (Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ee21cac6 by security tracker role at 2024-07-01T20:12:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,29 +1,196 @@ -CVE-2024-39573 +CVE-2024-6425 (Incorrect Provision of Specified Functionality vulnerability in MESboo ...) + TODO: check +CVE-2024-6424 (External server-side request vulnerability in MESbook 20221021.03 vers ...) + TODO: check +CVE-2024-6376 (MongoDB Compass may be susceptible to code injection due to insufficie ...) + TODO: check +CVE-2024-6375 (A command for refining a collection shard key is missing an authorizat ...) + TODO: check +CVE-2024-6050 (Improper Neutralization of Input During Web Page Generation vulnerabil ...) + TODO: check +CVE-2024-4007 (Default credential in install package in ABB ASPECT; NEXUS Series; MAT ...) + TODO: check +CVE-2024-39879 (In JetBrains TeamCity before 2024.03.3 application token could be expo ...) + TODO: check +CVE-2024-39878 (In JetBrains TeamCity before 2024.03.3 private key could be exposed vi ...) + TODO: check +CVE-2024-39853 (adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype p ...) + TODO: check +CVE-2024-39430 (In faceid servive, there is a possible out of bounds write due to a mi ...) + TODO: check +CVE-2024-39429 (In faceid servive, there is a possible out of bounds write due to a mi ...) + TODO: check +CVE-2024-39428 (In trusty service, there is a possible out of bounds write due to a mi ...) + TODO: check +CVE-2024-39427 (In trusty service, there is a possible out of bounds write due to a mi ...) + TODO: check +CVE-2024-39303 (Weblate is a web based localization tool. Prior to version 5.6.2, Webl ...) + TODO: check +CVE-2024-39251 (An issue in the component ControlCenter.sys/ControlCenter64.sys of Thu ...) + TODO: check +CVE-2024-39249 (Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expressio ...) + TODO: check +CVE-2024-39236 (Gradio v4.36.1 was discovered to contain a code injection vulnerabilit ...) + TODO: check +CVE-2024-39018 (harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a pr ...) + TODO: check +CVE-2024-39017 (agreejs shared v0.0.1 was discovered to contain a prototype pollution ...) + TODO: check +CVE-2024-39016 (che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pol ...) + TODO: check +CVE-2024-39015 (cafebazaar hod v0.4.14 was discovered to contain a prototype pollution ...) + TODO: check +CVE-2024-39014 (ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pol ...) + TODO: check +CVE-2024-39013 (2o3t-utility v0.1.2 was discovered to contain a prototype pollution vi ...) + TODO: check +CVE-2024-39008 (robinweser fast-loops v1.1.3 was discovered to contain a prototype pol ...) + TODO: check +CVE-2024-39003 (amoyjs amoy common v1.0.10 was discovered to contain a prototype pollu ...) + TODO: check +CVE-2024-39002 (rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pol ...) + TODO: check +CVE-2024-39001 (ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollu ...) + TODO: check +CVE-2024-39000 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype ...) + TODO: check +CVE-2024-38999 (jrburke requirejs v2.3.6 was discovered to contain a prototype polluti ...) + TODO: check +CVE-2024-38998 (jrburke requirejs v2.3.6 was discovered to contain a prototype polluti ...) + TODO: check +CVE-2024-38997 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype ...) + TODO: check +CVE-2024-38996 (ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discover ...) + TODO: check +CVE-2024-38994 (amoyjs amoy common v1.0.10 was discovered to contain a prototype pollu ...) + TODO: check +CVE-2024-38993 (rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pol ...) + TODO: check +CVE-2024-38992 (airvertco frappejs v0.0.11 was discovered to contain a prototype pollu ...) + TODO: check +CVE-2024-38991 (akbr patch-into v1.0.1 was discovered to contain a prototype pollution ...) + TODO: check +CVE-2024-38990 (Tada5hi sp-common v0.5.4 was discovered to contain a prototype polluti ...) + TODO: check +CVE-2024-38987 (aofl cli-lib v3.14.0 was discovered to contain a prototype pollution v ...) + TODO: check +CVE-2024-38953 (phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in t ...) + TODO: check +CVE-2024-38513 (Fiber is an Express-inspired web framework written in Go A vulnerabili ...) + TODO: check +CVE-2024-37298 (gorilla/schema converts structs to and from form values.
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bd533afd by security tracker role at 2024-07-01T08:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,35 @@ +CVE-2024-6419 (A vulnerability classified as critical was found in SourceCodester Med ...) + TODO: check +CVE-2024-6418 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-6417 (A vulnerability was found in SourceCodester Simple Online Bidding Syst ...) + TODO: check +CVE-2024-6416 (A vulnerability was found in SeaCMS 12.9. It has been declared as crit ...) + TODO: check +CVE-2024-6130 (The Form Maker by 10Web WordPress plugin before 1.15.26 does not sani ...) + TODO: check +CVE-2024-4934 (The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does n ...) + TODO: check +CVE-2024-3123 (CHANGING Mobile One Time Password's uploading function in a hidden pag ...) + TODO: check +CVE-2024-3122 (CHANGING Mobile One Time Password does not properly filter parameters ...) + TODO: check +CVE-2024-38480 ("Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard ...) + TODO: check +CVE-2024-34703 (Botan is a C++ cryptography library. X.509 certificates can identify e ...) + TODO: check +CVE-2024-20081 (In gnss service, there is a possible out of bounds write due to improp ...) + TODO: check +CVE-2024-20080 (In gnss service, there is a possible escalation of privilege due to im ...) + TODO: check +CVE-2024-20079 (In gnss service, there is a possible out of bounds write due to improp ...) + TODO: check +CVE-2024-20078 (In venc, there is a possible out of bounds write due to type confusion ...) + TODO: check +CVE-2024-20077 (In Modem, there is a possible system crash due to incorrect error hand ...) + TODO: check +CVE-2024-20076 (In Modem, there is a possible system crash due to incorrect error hand ...) + TODO: check CVE-2024-5062 (A reflected Cross-Site Scripting (XSS) vulnerability was identified in ...) NOT-FOR-US: zenml CVE-2024-35119 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) @@ -25662,6 +25694,7 @@ CVE-2024-1456 (An S3 bucket takeover vulnerability was identified in the h2oai/h CVE-2024-1183 (An SSRF (Server-Side Request Forgery) vulnerability exists in the grad ...) NOT-FOR-US: Gradio CVE-2024-1135 (Gunicorn fails to properly validate Transfer-Encoding headers, leading ...) + {DLA-3851-1} - gunicorn 22.0.0-1 (bug #1069126) [bookworm] - gunicorn (Minor issue) [bullseye] - gunicorn (Minor issue) @@ -43440,7 +43473,7 @@ CVE-2023-49721 (An insecure default to allow UEFI Shell in EDK2 was left enabled NOTE: https://www.openwall.com/lists/oss-security/2024/02/14/4 NOTE: https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 CVE-2023-48733 (An insecure default to allow UEFI Shell in EDK2 was left enabled in Ub ...) - {DSA-5624-1} + {DSA-5624-1 DLA-3852-1} - edk2 2023.11-7 NOTE: https://www.openwall.com/lists/oss-security/2024/02/14/4 NOTE: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 @@ -286141,6 +286174,7 @@ CVE-2020-25831 CVE-2020-25830 (An issue was discovered in MantisBT before 2.24.3. Improper escaping o ...) - mantis CVE-2020-25829 (An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x befo ...) + {DLA-3855-1} - pdns-recursor 4.3.5-1 (bug #972159) [buster] - pdns-recursor (Minor issue) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html @@ -313183,6 +313217,7 @@ CVE-2020-14198 (Bitcoin Core 0.20.0 allows remote denial of service.) CVE-2020-14197 RESERVED CVE-2020-14196 (In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1 ...) + {DLA-3855-1} - pdns-recursor 4.3.2-1 (low; bug #964103) [buster] - pdns-recursor (Minor issue, fix along in next DSA) NOTE: https://www.openwall.com/lists/oss-security/2020/07/01/1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd533afda8c5c23ea4a9c07bfcb64445448ead8a -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd533afda8c5c23ea4a9c07bfcb64445448ead8a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 73b9c503 by security tracker role at 2024-06-30T20:12:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,29 @@ +CVE-2024-5062 (A reflected Cross-Site Scripting (XSS) vulnerability was identified in ...) + TODO: check +CVE-2024-35119 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) + TODO: check +CVE-2024-31902 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site req ...) + TODO: check +CVE-2024-31898 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) + TODO: check +CVE-2024-28798 (IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-s ...) + TODO: check +CVE-2024-28797 (IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-s ...) + TODO: check +CVE-2024-28795 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + TODO: check +CVE-2024-28794 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + TODO: check +CVE-2023-50964 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + TODO: check +CVE-2023-50954 (IBM InfoSphere Information Server 11.7 returns sensitive information i ...) + TODO: check +CVE-2023-50953 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) + TODO: check +CVE-2023-50952 (IBM InfoSphere Information Server 11.7 is vulnerable to server-side re ...) + TODO: check +CVE-2023-35022 (IBM InfoSphere Information Server 11.7 could allow a local user to upd ...) + TODO: check CVE-2024-6415 (A vulnerability classified as problematic was found in Ingenico Estate ...) NOT-FOR-US: ngenico Estate Manager CVE-2024-6414 (A vulnerability classified as problematic has been found in Parsec Aut ...) @@ -3503,17 +3529,17 @@ CVE-2024-38448 (htags in GNU Global through 6.6.12 allows code execution in situ NOTE: https://lists.gnu.org/archive/html/bug-global/2024-05/msg9.html CVE-2024-38443 (C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3 ...) NOT-FOR-US: The Algorithms - C -CVE-2024-38441 (Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer ...) +CVE-2024-38441 (Netatalk before 3.2.1 has an off-by-one error and resultant heap-based ...) - netatalk (bug #1074475) NOTE: https://github.com/Netatalk/netatalk/issues/1098 NOTE: https://netatalk.io/security/CVE-2024-38441 NOTE: https://github.com/Netatalk/netatalk/commit/77b5d99007cfef4d73d76fd6f0c26584891608e5 (netatalk-3-2-1) -CVE-2024-38440 (Netatalk 3.2.0 has an off-by-one error, and resultant heap-based buffe ...) +CVE-2024-38440 (Netatalk before 3.2.1 has an off-by-one error, and resultant heap-base ...) - netatalk (bug #1074474) NOTE: https://github.com/Netatalk/netatalk/issues/1097 NOTE: https://netatalk.io/security/CVE-2024-38440 NOTE: https://github.com/Netatalk/netatalk/commit/77b5d99007cfef4d73d76fd6f0c26584891608e5 (netatalk-3-2-1) -CVE-2024-38439 (Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer ...) +CVE-2024-38439 (Netatalk before 3.2.1 has an off-by-one error and resultant heap-based ...) - netatalk (bug #1074473) NOTE: https://github.com/Netatalk/netatalk/issues/1096 NOTE: https://netatalk.io/security/CVE-2024-38439 @@ -22515,7 +22541,7 @@ CVE-2024-27282 (An issue was discovered in Ruby 3.x through 3.3.0. If attacker-s NOTE: https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/ NOTE: https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a CVE-2024-33602 (nscd: netgroup cache assumes NSS callback uses in-buffer strings The ...) - {DSA-5678-1} + {DSA-5678-1 DLA-3850-1} - glibc 2.37-19 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31680 NOTE: https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fwei...@redhat.com/ @@ -22523,7 +22549,7 @@ CVE-2024-33602 (nscd: netgroup cache assumes NSS callback uses in-buffer strings NOTE: https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008 NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=c04a21e050d64a1193a6daab872bca2528bda44b CVE-2024-33601 (nscd: netgroup cache may terminate daemon on memory allocation failure ...) - {DSA-5678-1} + {DSA-5678-1 DLA-3850-1} - glibc 2.37-19 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31679 NOTE: https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fwei...@redhat.com/ @@ -22531,7 +22557,7 @@ CVE-2024-33601 (nscd:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 11e7bb32 by security tracker role at 2024-06-30T08:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2024-6415 (A vulnerability classified as problematic was found in Ingenico Estate ...) + TODO: check +CVE-2024-6414 (A vulnerability classified as problematic has been found in Parsec Aut ...) + TODO: check +CVE-2024-5926 (Path Traversal: '\..\filename' in GitHub repository stitionai/devika p ...) + TODO: check +CVE-2024-39848 (Internet2 Grouper before 5.6 allows authentication bypass when LDAP au ...) + TODO: check +CVE-2024-39846 (NewPass before 1.2.0 stores passwords (rather than password hashes) di ...) + TODO: check CVE-2024-5819 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) NOT-FOR-US: WordPress plugin CVE-2024-39840 (Factorio before 1.1.101 allows a crafted server to execute arbitrary c ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11e7bb329e63a51520435cc49e502d26ad24e317 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11e7bb329e63a51520435cc49e502d26ad24e317 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c0b1e43 by security tracker role at 2024-06-29T20:11:49+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2024-5819 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) + TODO: check +CVE-2024-39840 (Factorio before 1.1.101 allows a crafted server to execute arbitrary c ...) + TODO: check +CVE-2024-2386 (The WordPress Plugin for Google Maps \u2013 WP MAPS plugin for WordPre ...) + TODO: check +CVE-2024-25943 (iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50. ...) + TODO: check +CVE-2023-4017 (The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scr ...) + TODO: check CVE-2024-6405 (The Floating Social Buttons plugin for WordPress is vulnerable to Cros ...) NOT-FOR-US: WordPress plugin CVE-2024-6363 (The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Si ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c0b1e438a14e458872ee4481bb7ebbb9b636038 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c0b1e438a14e458872ee4481bb7ebbb9b636038 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b9d74556 by security tracker role at 2024-06-29T08:12:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,37 @@ +CVE-2024-6405 (The Floating Social Buttons plugin for WordPress is vulnerable to Cros ...) + TODO: check +CVE-2024-6363 (The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check +CVE-2024-6265 (The UsersWP \u2013 Front-end login form, User Registration, User Profi ...) + TODO: check +CVE-2024-5942 (The Page and Post Clone plugin for WordPress is vulnerable to Insecure ...) + TODO: check +CVE-2024-5889 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...) + TODO: check +CVE-2024-5790 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-5666 (The Extensions for Elementor plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-5598 (The Advanced File Manager plugin for WordPress is vulnerable to Sensit ...) + TODO: check +CVE-2024-5192 (The Funnel Builder for WordPress by FunnelKit \u2013 Customize WooComm ...) + TODO: check +CVE-2024-39828 (R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modifi ...) + TODO: check +CVE-2024-39307 (Kavita is a cross platform reading server. Opening an ebook with malic ...) + TODO: check +CVE-2024-39302 (BigBlueButton is an open-source virtual classroom designed to help tea ...) + TODO: check +CVE-2024-38533 (ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scal ...) + TODO: check +CVE-2024-38532 (The NXP Data Co-Processor (DCP) is a built-in hardware module for spec ...) + TODO: check +CVE-2024-38525 (dd-trace-cpp is the Datadog distributed tracing for C++. When the libr ...) + TODO: check +CVE-2024-38518 (BigBlueButton is an open-source virtual classroom designed to help tea ...) + TODO: check +CVE-2019-25211 (parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandle ...) + TODO: check CVE-2024-6403 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-6402 (A vulnerability classified as critical was found in Tenda A301 15.13.0 ...) @@ -313,7 +347,7 @@ CVE-2024-38523 (Hush Line is a free and open-source, anonymous-tip-line-as-a-ser NOT-FOR-US: Hush Line CVE-2024-38515 REJECTED -CVE-2024-35260 (Microsoft Dataverse Remote Code Execution Vulnerability) +CVE-2024-35260 (An authenticated attacker can exploit an Untrusted Search Path vulnera ...) NOT-FOR-US: Microsoft CVE-2024-35153 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...) NOT-FOR-US: IBM @@ -358,10 +392,10 @@ CVE-2023-38370 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, un NOT-FOR-US: IBM CVE-2023-38368 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could dis ...) NOT-FOR-US: IBM -CVE-2024-37371 +CVE-2024-37371 (In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause inva ...) - krb5 1.21.3-1 NOTE: https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef (krb5-1.21.3-final) -CVE-2024-37370 +CVE-2024-37370 (In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the ...) - krb5 1.21.3-1 NOTE: https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef (krb5-1.21.3-final) CVE-2024-5535 (Issue summary: Calling the OpenSSL API function SSL_select_next_proto ...) @@ -1256,7 +1290,7 @@ CVE-2024-6268 (A vulnerability, which was classified as critical, has been found CVE-2024-4841 (A Path Traversal vulnerability exists in the parisneo/lollms-webui, sp ...) NOT-FOR-US: parisneo/lollms-webui CVE-2024-39331 (In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a % ...) - {DSA-5719-1 DSA-5718-1} + {DSA-5719-1 DSA-5718-1 DLA-3849-1 DLA-3848-1} - emacs 1:29.4+1-1 (bug #1074137) - org-mode 9.7.5+dfsg-1 (bug #1074136) [bookworm] - org-mode (Produces only a dependency binary package) @@ -21503,7 +21537,7 @@ CVE-2023-38002 (IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authent CVE-2023-36268 (An issue in The Document Foundation Libreoffice v.7.4.7 allows a remot ...) - libreoffice (unimportant) NOTE: Resource overload in desktop app, no security impact -CVE-2024-29040 +CVE-2024-29040 (This repository hosts source code implementing the Trusted Computing G ...) - tpm2-tss 4.1.0-1 (bug #1070140) [bookworm] - tpm2-tss (Minor issue) [bullseye] - tpm2-tss (Minor issue) View it on GitLab:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e1d22b1c by security tracker role at 2024-06-28T20:12:57+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,81 @@ +CVE-2024-6403 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-6402 (A vulnerability classified as critical was found in Tenda A301 15.13.0 ...) + TODO: check +CVE-2024-5972 + REJECTED +CVE-2024-5925 (The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-5922 (The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-5827 (Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration ...) + TODO: check +CVE-2024-5737 (Script afGdStream.php inAdmirorFrames Joomla! extension doesn\u2019t s ...) + TODO: check +CVE-2024-5736 (Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joom ...) + TODO: check +CVE-2024-5735 (Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension ...) + TODO: check +CVE-2024-5712 (Cross-Site Request Forgery (CSRF) in stitionai/devika) + TODO: check +CVE-2024-5662 (The Ultimate Post Kit Addons For Elementor \u2013 (Post Grid, Post Car ...) + TODO: check +CVE-2024-5424 (The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTub ...) + TODO: check +CVE-2024-3995 (In Helix ALM versions prior to 2024.2.0, a local command injection was ...) + TODO: check +CVE-2024-3816 (Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a ...) + TODO: check +CVE-2024-3801 (Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to R ...) + TODO: check +CVE-2024-3800 (Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to R ...) + TODO: check +CVE-2024-39704 (Soft Circle French-Bread Melty Blood: Actress Again: Current Code thro ...) + TODO: check +CVE-2024-38531 (Nix is a package manager for Linux and other Unix systems that makes p ...) + TODO: check +CVE-2024-38528 (nptd-rs is a tool for synchronizing your computer's clock, implementin ...) + TODO: check +CVE-2024-38522 (Hush Line is a free and open-source, anonymous-tip-line-as-a-service f ...) + TODO: check +CVE-2024-38521 (Hush Line is a free and open-source, anonymous-tip-line-as-a-service f ...) + TODO: check +CVE-2024-38514 (NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side ...) + TODO: check +CVE-2024-38374 (The CycloneDX core module provides a model representation of the SBOM ...) + TODO: check +CVE-2024-38371 (authentik is an open-source Identity Provider. Access restrictions ass ...) + TODO: check +CVE-2024-38322 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent us ...) + TODO: check +CVE-2024-37905 (authentik is an open-source Identity Provider that emphasizes flexibil ...) + TODO: check +CVE-2024-37741 (OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile ...) + TODO: check +CVE-2024-35156 (IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sens ...) + TODO: check +CVE-2024-35155 (IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote ...) + TODO: check +CVE-2024-35139 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could all ...) + TODO: check +CVE-2024-35137 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could all ...) + TODO: check +CVE-2024-35116 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to ...) + TODO: check +CVE-2024-31919 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain confi ...) + TODO: check +CVE-2024-31912 (IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalat ...) + TODO: check +CVE-2024-27629 (An issue in dc2niix before v.1.0.20240202 allows a local attacker to e ...) + TODO: check +CVE-2024-27628 (Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to e ...) + TODO: check +CVE-2024-25053 (IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 1 ...) + TODO: check +CVE-2024-25041 (IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 1 ...) + TODO: check +CVE-2024-25031 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an ...) + TODO: check CVE-2024-6296 (The Stackable \u2013 Page Builder Gutenberg Blocks plugin for WordPres ...) NOT-FOR-US: WordPress plugin CVE-2024-6288 (The Conversios \u2013 Google Analytics 4 (GA4), Meta Pixel & more Via ...) @@ -17985,10 +18063,12 @@ CVE-2024-34511 CVE-2024-34510 (Gradio before 4.20 allows credential
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a9218f0 by security tracker role at 2024-06-28T08:11:45+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,95 @@ +CVE-2024-6296 (The Stackable \u2013 Page Builder Gutenberg Blocks plugin for WordPres ...) + TODO: check +CVE-2024-6288 (The Conversios \u2013 Google Analytics 4 (GA4), Meta Pixel & more Via ...) + TODO: check +CVE-2024-6071 (PTC Creo Elements/Direct License Server exposes a web interface which ...) + TODO: check +CVE-2024-5864 (The Easy Affiliate Links plugin for WordPress is vulnerable to unautho ...) + TODO: check +CVE-2024-5863 (The Easy Image Collage plugin for WordPress is vulnerable to unauthori ...) + TODO: check +CVE-2024-5796 (The Infinite theme for WordPress is vulnerable to Stored Cross-Site Sc ...) + TODO: check +CVE-2024-5788 (The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scr ...) + TODO: check +CVE-2024-5730 (The Pagerank tools WordPress plugin through 1.1.5 does not sanitise an ...) + TODO: check +CVE-2024-5729 (The Simple AL Slider WordPress plugin through 1.2.10 does not sanitise ...) + TODO: check +CVE-2024-5728 (The Animated AL List WordPress plugin through 1.0.6 does not sanitise ...) + TODO: check +CVE-2024-5727 (The Widget4Call WordPress plugin through 1.0.7 does not sanitise and e ...) + TODO: check +CVE-2024-5642 (CPython 3.9 and earlier doesn't disallow configuring an empty list ("[ ...) + TODO: check +CVE-2024-5570 (The Simple Photoswipe WordPress plugin through 0.1 does not have autho ...) + TODO: check +CVE-2024-4395 (The XPC service within the audit functionality of Jamf Compliance Edit ...) + TODO: check +CVE-2024-39708 (An issue was discovered in the Agent in Delinea Privilege Manager (for ...) + TODO: check +CVE-2024-39705 (NLTK through 3.8.1 allows remote code execution if untrusted packages ...) + TODO: check +CVE-2024-39352 (A vulnerability regarding incorrect authorization is found in the firm ...) + TODO: check +CVE-2024-39351 (A vulnerability regarding improper neutralization of special elements ...) + TODO: check +CVE-2024-39350 (A vulnerability regarding authentication bypass by spoofing is found i ...) + TODO: check +CVE-2024-39349 (A vulnerability regarding buffer copy without checking size of input ( ...) + TODO: check +CVE-2024-39348 (Download of code without integrity check vulnerability in AirPrint fun ...) + TODO: check +CVE-2024-39347 (Incorrect default permissions vulnerability in firewall functionality ...) + TODO: check +CVE-2024-39209 (luci-app-sms-tool v1.9-6 was discovered to contain a command injection ...) + TODO: check +CVE-2024-39134 (A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attac ...) + TODO: check +CVE-2024-39132 (A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allo ...) + TODO: check +CVE-2024-37282 (It was identified that under certain specific preconditions, an API ke ...) + TODO: check +CVE-2024-37137 (Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptogra ...) + TODO: check +CVE-2024-36755 (D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when ...) + TODO: check +CVE-2024-36075 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify thr ...) + TODO: check +CVE-2024-36074 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify thr ...) + TODO: check +CVE-2024-36073 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify thr ...) + TODO: check +CVE-2024-36072 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify thr ...) + TODO: check +CVE-2024-36059 (Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart u ...) + TODO: check +CVE-2024-30135 (HCL DRYiCE AEX is potentially impacted by disclosure of sensitive info ...) + TODO: check +CVE-2024-30111 (HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerabi ...) + TODO: check +CVE-2024-30110 (HCL DRYiCE AEX product is impacted by lack of input validation vulnera ...) + TODO: check +CVE-2024-30109 (HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the ...) + TODO: check +CVE-2024-2973 (An Authentication Bypass Using an Alternate Path or Channel vulnerabil ...) + TODO: check +CVE-2024-2795 (The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information ...) + TODO: check +CVE-2024-22276 (VMware Cloud Director Object Storage Extension contains an Insertion o ...) + TODO: check +CVE-2024-22272 (VMware Cloud Director contains an Improper Privilege Management vulner ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 088fde68 by security tracker role at 2024-06-27T20:12:32+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,10 +1,162 @@ +CVE-2024-6388 (Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, be ...) + TODO: check +CVE-2024-6374 (A vulnerability was found in lahirudanushka School Management System 1 ...) + TODO: check +CVE-2024-6373 (A vulnerability has been found in itsourcecode Online Food Ordering Sy ...) + TODO: check +CVE-2024-6372 (A vulnerability, which was classified as critical, was found in itsour ...) + TODO: check +CVE-2024-6371 (A vulnerability, which was classified as critical, has been found in i ...) + TODO: check +CVE-2024-6370 (A vulnerability classified as problematic was found in LabVantage LIMS ...) + TODO: check +CVE-2024-6369 (A vulnerability classified as problematic has been found in LabVantage ...) + TODO: check +CVE-2024-6368 (A vulnerability was found in LabVantage LIMS 2017. It has been rated a ...) + TODO: check +CVE-2024-6367 (A vulnerability was found in LabVantage LIMS 2017. It has been declare ...) + TODO: check +CVE-2024-6262 (The Portfolio Gallery \u2013 Image Gallery Plugin plugin for WordPress ...) + TODO: check +CVE-2024-6250 (An absolute path traversal vulnerability exists in parisneo/lollms-web ...) + TODO: check +CVE-2024-6139 (A path traversal vulnerability exists in the XTTS server of the parisn ...) + TODO: check +CVE-2024-6127 (BC Security Empire before 5.9.3 is vulnerable to a path traversal issu ...) + TODO: check +CVE-2024-6090 (A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt ve ...) + TODO: check +CVE-2024-6086 (In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardle ...) + TODO: check +CVE-2024-6085 (A path traversal vulnerability exists in the XTTS server included in t ...) + TODO: check +CVE-2024-6038 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...) + TODO: check +CVE-2024-5980 (A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-l ...) + TODO: check +CVE-2024-5979 (In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` ...) + TODO: check +CVE-2024-5936 (An open redirect vulnerability exists in imartinez/privategpt version ...) + TODO: check +CVE-2024-5935 (A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of ...) + TODO: check +CVE-2024-5933 (A Cross-site Scripting (XSS) vulnerability exists in the chat function ...) + TODO: check +CVE-2024-5885 (stangirard/quivr version 0.0.236 contains a Server-Side Request Forger ...) + TODO: check +CVE-2024-5826 (In the latest version of vanna-ai/vanna, the `vanna.ask` function is v ...) + TODO: check +CVE-2024-5824 (A path traversal vulnerability in the `/set_personality_config` endpoi ...) + TODO: check +CVE-2024-5822 (A Server-Side Request Forgery (SSRF) vulnerability exists in the uploa ...) + TODO: check +CVE-2024-5820 (Missing Authorization in stitionai/devika) + TODO: check +CVE-2024-5755 (In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email v ...) + TODO: check +CVE-2024-5751 (BerriAI/litellm version v1.35.8 contains a vulnerability where an atta ...) + TODO: check +CVE-2024-5714 (In lunary-ai/lunary version 1.2.4, an improper access control vulnerab ...) + TODO: check +CVE-2024-5710 (berriai/litellm version 1.34.34 is vulnerable to improper access contr ...) + TODO: check +CVE-2024-5548 (Path Traversal in GitHub repository stitionai/devika prior to -.) + TODO: check +CVE-2024-5547 (Relative Path Traversal in GitHub repository stitionai/devika prior to ...) + TODO: check +CVE-2024-5334 (External Control of File Name or Path in GitHub repository stitionai/d ...) + TODO: check +CVE-2024-4983 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...) + TODO: check +CVE-2024-4578 (This Advisory describes an issue that impacts Arista Wireless Access P ...) + TODO: check +CVE-2024-3331 (Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server E ...) + TODO: check +CVE-2024-3330 (Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, ...) + TODO: check +CVE-2024-3043 (An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can ...) + TODO: check +CVE-2024-3017 (In a Silicon Labsmulti-protocol gateway, a corrupt pointer to buffer ...) + TODO: check +CVE-2024-39669 (In the Console in Soffid IAM before 3.5.39, necessary checks were not ...) + TODO: check +CVE-2024-39376 (TELSAT marKoni FM Transmitters are
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 536d20c0 by security tracker role at 2024-06-27T08:11:59+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,75 @@ +CVE-2024-6355 (A vulnerability was found in Genexis Tilgin Fiber Home Gateway HG1522 ...) + TODO: check +CVE-2024-6323 (Improper authorization in global search in GitLab EE affecting all ver ...) + TODO: check +CVE-2024-6283 (The DethemeKit For Elementor plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-6054 (The Auto Featured Image plugin for WordPress is vulnerable to arbitrar ...) + TODO: check +CVE-2024-5655 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-5601 (The Create by Mediavine plugin for WordPress is vulnerable to Stored C ...) + TODO: check +CVE-2024-5430 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-5289 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) + TODO: check +CVE-2024-4901 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-4704 (The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect ...) + TODO: check +CVE-2024-4664 (The WP Chat App WordPress plugin before 3.6.5 does not sanitise and es ...) + TODO: check +CVE-2024-4570 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-4569 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-4557 (Multiple Denial of Service (DoS) conditions has been discovered in Git ...) + TODO: check +CVE-2024-4011 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-3959 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-3115 (An issue was discovered in GitLab EE affecting all versions starting f ...) + TODO: check +CVE-2024-3111 (The Interactive Content WordPress plugin before 1.15.8 does not valid ...) + TODO: check +CVE-2024-37734 (An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privile ...) + TODO: check +CVE-2024-37571 (Buffer Overflow vulnerability in SAS Broker 9.2 build 1495 allows atta ...) + TODO: check +CVE-2024-37248 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-37247 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-36829 (Incorrect access control in Teldat M1 v11.00.05.50.01 allows attackers ...) + TODO: check +CVE-2024-2191 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-28984 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 10 ...) + TODO: check +CVE-2024-28983 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 10 ...) + TODO: check +CVE-2024-28982 (Hitachi Vantara Pentaho Business Analytics Server versions before 10.1 ...) + TODO: check +CVE-2024-23767 (An issue was discovered on HMS Anybus X-Gateway AB7832-F firmware vers ...) + TODO: check +CVE-2024-23766 (An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. Th ...) + TODO: check +CVE-2024-23765 (An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. Th ...) + TODO: check +CVE-2024-22232 (A specially crafted url can be created which leads to a directory trav ...) + TODO: check +CVE-2024-22231 (Syndic cache directory creation is vulnerable to a directory traversal ...) + TODO: check +CVE-2024-1839 (Intrado 911 Emergency Gateway login form is vulnerable to an unauthent ...) + TODO: check +CVE-2024-1816 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-1493 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-1330 (The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent ...) + TODO: check CVE-2024- [RUSTSEC-2024-0345] - rust-sequoia-openpgp (bug #1074352) [bookworm] - rust-sequoia-openpgp (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/536d20c0af9cd144aafa5dfe9e7728cb3d40c36c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/536d20c0af9cd144aafa5dfe9e7728cb3d40c36c You're receiving this email because of your account on
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e55cfd5 by security tracker role at 2024-06-26T20:12:30+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2024-6354 (Improper access control in PAM dashboard in Devolutions Remote Desktop ...) + TODO: check +CVE-2024-6349 + REJECTED +CVE-2024-6344 (A vulnerability, which was classified as problematic, was found in ZKT ...) + TODO: check +CVE-2024-4604 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in M ...) + TODO: check +CVE-2024-4228 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-39460 (Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier p ...) + TODO: check +CVE-2024-39459 (In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 an ...) + TODO: check +CVE-2024-39458 (When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to c ...) + TODO: check +CVE-2024-39243 (An issue discovered in skycaiji 2.8 allows attackers to run arbitrary ...) + TODO: check +CVE-2024-39242 (A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows att ...) + TODO: check +CVE-2024-39241 (Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attack ...) + TODO: check +CVE-2024-38950 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attacker ...) + TODO: check +CVE-2024-38949 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attacker ...) + TODO: check +CVE-2024-38527 (ZenUML is JavaScript-based diagramming tool that requires no server, u ...) + TODO: check +CVE-2024-38520 (SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Pro ...) + TODO: check +CVE-2024-38375 (@fastly/js-compute is a JavaScript SDK and runtime for building Fastly ...) + TODO: check +CVE-2024-38272 (There exists a vulnerability in Quickshare/Nearby where an attacker ca ...) + TODO: check +CVE-2024-38271 (There exists a vulnerability in Quickshare/Nearby where an attacker ca ...) + TODO: check +CVE-2024-37252 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-37098 (Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes Blo ...) + TODO: check +CVE-2024-35545 (MAP-OS v4.45.0 and earlier was discovered to contain a cross-site scri ...) + TODO: check +CVE-2024-33329 (A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows att ...) + TODO: check +CVE-2024-33328 (A cross-site scripting (XSS) vulnerability in the component main.jsp o ...) + TODO: check +CVE-2024-33327 (A cross-site scripting (XSS) vulnerability in the component UrlAccessi ...) + TODO: check +CVE-2024-33326 (A cross-site scripting (XSS) vulnerability in the component XsltResult ...) + TODO: check +CVE-2024-25637 (October is a self-hosted CMS platform based on the Laravel PHP Framewo ...) + TODO: check CVE-2024-6060 (An information disclosure vulnerability in Phloc Webscopes 7.0.0 allow ...) NOT-FOR-US: Phloc Webscopes CVE-2024-5573 (The Easy Table of Contents WordPress plugin before 2.0.66 does not san ...) @@ -60,7 +112,7 @@ CVE-2024-37855 (An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN NOT-FOR-US: Nepstech Wifi Router CVE-2024-37843 (Craft CMS up to v3.7.31 was discovered to contain a SQL injection vuln ...) NOT-FOR-US: Craft CMS -CVE-2024-37742 (An issue in Safe Exam Browser for Windows before 3.6 allows an attacke ...) +CVE-2024-37742 (Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on Windows. ...) NOT-FOR-US: Safe Exam Browser CVE-2024-37141 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...) NOT-FOR-US: Dell @@ -6622,7 +6674,7 @@ CVE-2024-5171 (Integer overflow in libaom internal functionimg_alloc_helper can NOTE: https://aomedia.googlesource.com/aom/+/19d9966572a410804349e1a8ee2017fed49a6dab NOTE: https://aomedia.googlesource.com/aom/+/8156fb76d88845d716867d20333fd27001be47a8 CVE-2024-5197 (There exists interger overflows in libvpx in versions prior to 1.14.1. ...) - {DLA-3830-1} + {DSA-5722-1 DLA-3830-1} - libvpx 1.14.1-1 NOTE: https://issues.chromium.org/issues/332382766 NOTE: https://github.com/webmproject/libvpx/commit/c5640e3300690705c336966e2a8bb346a388c829 @@ -14824,6 +14876,7 @@ CVE-2024-32636 (A vulnerability has been identified in Parasolid V35.1 (All vers CVE-2024-32635 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2024-32465 (Git is a revision control system. The Git project recommends to
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eef40b59 by security tracker role at 2024-06-26T08:11:55+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,121 @@ +CVE-2024-6060 (An information disclosure vulnerability in Phloc Webscopes 7.0.0 allow ...) + TODO: check +CVE-2024-5573 (The Easy Table of Contents WordPress plugin before 2.0.66 does not san ...) + TODO: check +CVE-2024-5473 (The Simple Photoswipe WordPress plugin through 0.1 does not sanitise a ...) + TODO: check +CVE-2024-5460 (A vulnerability in the default configuration of the Simple Network Ma ...) + TODO: check +CVE-2024-5332 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-5215 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) + TODO: check +CVE-2024-5199 (The Spotify Play Button WordPress plugin through 1.0 does not validate ...) + TODO: check +CVE-2024-5181 (A command injection vulnerability exists in the mudler/localai version ...) + TODO: check +CVE-2024-5173 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) + TODO: check +CVE-2024-5169 (The Video Widget WordPress plugin through 1.2.3 does not sanitise and ...) + TODO: check +CVE-2024-5071 (The Bookster WordPress plugin through 1.1.0 allows adding sensitive p ...) + TODO: check +CVE-2024-5019 (In WhatsUp Gold versions released before 2023.1.3, an unauthenticated ...) + TODO: check +CVE-2024-5018 (In WhatsUp Gold versions released before 2023.1.3, an unauthenticated ...) + TODO: check +CVE-2024-5017 (In WhatsUp Gold versions released before 2023.1.3, a path traversal vu ...) + TODO: check +CVE-2024-5016 (In WhatsUp Gold versions released before 2023.1.3, Distributed Edition ...) + TODO: check +CVE-2024-5015 (In WhatsUp Gold versions released before 2023.1.3,an authenticated SSR ...) + TODO: check +CVE-2024-5014 (In WhatsUp Gold versions released before 2023.1.3, a Server Side Reque ...) + TODO: check +CVE-2024-5013 (In WhatsUp Gold versions released before 2023.1.3,an unauthenticated D ...) + TODO: check +CVE-2024-5012 (In WhatsUp Gold versions released before 2023.1.3, there is amissing a ...) + TODO: check +CVE-2024-4959 (The Frontend Checklist WordPress plugin through 2.3.2 does not sanitis ...) + TODO: check +CVE-2024-4957 (The Frontend Checklist WordPress plugin through 2.3.2 does not sanitis ...) + TODO: check +CVE-2024-4869 (The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPre ...) + TODO: check +CVE-2024-4758 (The Muslim Prayer Time BD WordPress plugin through 2.4 does not have C ...) + TODO: check +CVE-2024-4106 (A vulnerability has been found in FAST/TOOLS and CI Server. The affect ...) + TODO: check +CVE-2024-4105 (A vulnerability has been found in FAST/TOOLS and CI Server. The affect ...) + TODO: check +CVE-2024-3633 (The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitis ...) + TODO: check +CVE-2024-38526 (pdoc provides API Documentation for Python Projects. Documentation gen ...) + TODO: check +CVE-2024-38516 (ai-client-html is an Aimeos e-commerce HTML client component. Debug in ...) + TODO: check +CVE-2024-38364 (DSpace is an open source software is a turnkey repository application ...) + TODO: check +CVE-2024-37855 (An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hard ...) + TODO: check +CVE-2024-37843 (Craft CMS up to v3.7.31 was discovered to contain a SQL injection vuln ...) + TODO: check +CVE-2024-37742 (An issue in Safe Exam Browser for Windows before 3.6 allows an attacke ...) + TODO: check +CVE-2024-37141 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...) + TODO: check +CVE-2024-37140 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...) + TODO: check +CVE-2024-37139 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...) + TODO: check +CVE-2024-37138 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...) + TODO: check +CVE-2024-36802 + REJECTED +CVE-2024-35527 (An arbitrary file upload vulnerability in /fileupload/upload.cfm in Da ...) + TODO: check +CVE-2024-35526 (An issue in Daemon PTY Limited FarCry Core framework before 7.2.14 all ...) + TODO: check +CVE-2024-34581 (The W3C XML Signature Syntax and Processing (XMLDsig) specification, s ...) + TODO: check +CVE-2024-34580 (Apache XML Security for C++ through 2.0.4 implements the XML Signature ...) + TODO: check +CVE-2024-34400 (An issue was discovered in VirtoSoftware Virto Kanban Board
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 09fb2f83 by security tracker role at 2024-06-25T20:12:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = The diff for this file was not included because it is too large. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09fb2f833240101f9c97ed9c0fa56d782f9ec7f3 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09fb2f833240101f9c97ed9c0fa56d782f9ec7f3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ba15c604 by security tracker role at 2024-06-25T08:12:39+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,16 +1,138 @@ -CVE-2024-6293 +CVE-2024-6297 (Several plugins for WordPress hosted on WordPress.org have been compro ...) + TODO: check +CVE-2024-6295 (udn News Android APP stores the unencrypted user session in the local ...) + TODO: check +CVE-2024-6294 (udn News Android APP stores the user session in logcat file when user ...) + TODO: check +CVE-2024-5431 (The WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and ...) + TODO: check +CVE-2024-4759 (The Mime Types Extended WordPress plugin through 0.11 does not sanitis ...) + TODO: check +CVE-2024-4757 (The Logo Manager For Enamad WordPress plugin through 0.7.0 does not ha ...) + TODO: check +CVE-2024-4197 (An unrestrictedfile upload vulnerability in Avaya IP Officewas discove ...) + TODO: check +CVE-2024-4196 (An improper input validation vulnerability was discovered in Avaya IP ...) + TODO: check +CVE-2024-3249 (The Zita Elementor Site Library plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-38903 (H3C Magic R230 V100R002's udpserver opens port 9034, allowing attacker ...) + TODO: check +CVE-2024-38902 (H3C Magic R230 V100R002 was discovered to contain a hardcoded password ...) + TODO: check +CVE-2024-38897 (WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive ...) + TODO: check +CVE-2024-38896 (WAVLINK WN551K1 found a command injection vulnerability through the st ...) + TODO: check +CVE-2024-38895 (WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive r ...) + TODO: check +CVE-2024-38894 (WAVLINK WN551K1 found a command injection vulnerability through the IP ...) + TODO: check +CVE-2024-38892 (An issue in Wavlink WN551K1 allows a remote attacker to obtain sensiti ...) + TODO: check +CVE-2024-37759 (DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring E ...) + TODO: check +CVE-2024-37007 (A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL th ...) + TODO: check +CVE-2024-37006 (A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll throu ...) + TODO: check +CVE-2024-37005 (A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL th ...) + TODO: check +CVE-2024-37004 (A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll thro ...) + TODO: check +CVE-2024-37003 (A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dl ...) + TODO: check +CVE-2024-37002 (A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthroug ...) + TODO: check +CVE-2024-37001 ([A maliciously crafted 3DM file, when parsed in opennurbs.dll through ...) + TODO: check +CVE-2024-37000 (A maliciously crafted X_B file, when parsed in pskernel.DLL through Au ...) + TODO: check +CVE-2024-36999 (A maliciously crafted 3DM file, when parsed in opennurbs.dll through A ...) + TODO: check +CVE-2024-36683 (SQL injection vulnerability in the module "Products Alert" (productsal ...) + TODO: check +CVE-2024-36682 (In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promok ...) + TODO: check +CVE-2024-36681 (SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7 ...) + TODO: check +CVE-2024-34992 (SQL Injection vulnerability in the module "Help Desk - Customer Suppor ...) + TODO: check +CVE-2024-34991 (In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique ...) + TODO: check +CVE-2024-34988 (SQL injection vulnerability in the module "Complete for Create a Quote ...) + TODO: check +CVE-2024-33898 (Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorre ...) + TODO: check +CVE-2024-32855 (Dell Client Platform BIOS contains an Out-of-bounds Write vulnerabilit ...) + TODO: check +CVE-2024-23159 (A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll t ...) + TODO: check +CVE-2024-23158 (A maliciously crafted IGES file, when parsed in ASMImport229A.dll thro ...) + TODO: check +CVE-2024-23157 (A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL. ...) + TODO: check +CVE-2024-23156 (A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMke ...) + TODO: check +CVE-2024-23155 (A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll ...) + TODO: check +CVE-2024-23154 (A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll throug ...) + TODO: check +CVE-2024-23153 (A maliciously crafted MODEL file, when parsed in libodx.dll
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4692c63d by security tracker role at 2024-06-24T20:12:03+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,69 +1,149 @@ -CVE-2024-39292 [um: Add winch to winch_handlers before registering winch IRQ] +CVE-2024-6287 (Incorrect Calculation vulnerability in Renesas arm-trusted-firmware al ...) + TODO: check +CVE-2024-6285 (Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-tr ...) + TODO: check +CVE-2024-6160 (SQL Injection vulnerability in MegaBIP software allows attacker to dis ...) + TODO: check +CVE-2024-6104 (go-retryablehttp prior to 0.7.7 did not sanitize urls when writing the ...) + TODO: check +CVE-2024-5862 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) + TODO: check +CVE-2024-5683 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-4839 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Serve ...) + TODO: check +CVE-2024-4754 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-4748 (The CRUDDIY project is vulnerable to shell command injection via sendi ...) + TODO: check +CVE-2024-3264 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia ...) + TODO: check +CVE-2024-38373 (FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS ...) + TODO: check +CVE-2024-38369 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check +CVE-2024-37825 (An issue in EnvisionWare Computer Access & Reservation Control SelfChe ...) + TODO: check +CVE-2024-37732 (Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a rem ...) + TODO: check +CVE-2024-37681 (An issue the background management system of Shanxi Internet Chuangxia ...) + TODO: check +CVE-2024-37680 (Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is af ...) + TODO: check +CVE-2024-37679 (Cross Site Scripting vulnerability in Hangzhou Meisoft Information Tec ...) + TODO: check +CVE-2024-37678 (Cross Site Scripting vulnerability in Hangzhou Meisoft Information Tec ...) + TODO: check +CVE-2024-37677 (An issue in Shenzhen Weitillage Industrial Co., Ltd the access managem ...) + TODO: check +CVE-2024-37233 (Improper Authentication vulnerability in Play.Ht allows Accessing Func ...) + TODO: check +CVE-2024-37231 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-37228 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-37111 (Missing Authorization vulnerability in Membership Software WishList Me ...) + TODO: check +CVE-2024-37109 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-37107 (Improper Privilege Management vulnerability in Membership Software Wis ...) + TODO: check +CVE-2024-37092 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-37091 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + TODO: check +CVE-2024-37089 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-36497 (The decrypted configuration file contains the password in cleartext w ...) + TODO: check +CVE-2024-36496 (The configuration file is encrypted with a static key derived from a ...) + TODO: check +CVE-2024-36495 (The application Faronics WINSelect (Standard + Enterprise)saves its co ...) + TODO: check +CVE-2024-36038 (Zoho ManageEngine ITOM products versions from128234 to 128248 are affe ...) + TODO: check +CVE-2024-34313 (An issue in VPL Jail System up to v4.0.2 allows attackers to execute a ...) + TODO: check +CVE-2024-34312 (Virtual Programming Lab for Moodle up to v4.2.3 was discovered to cont ...) + TODO: check +CVE-2024-33881 (An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5. ...) + TODO: check +CVE-2024-33880 (An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5. ...) + TODO: check +CVE-2024-33879 (An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5. ...) + TODO: check +CVE-2024-33687 (Insufficient verification of data authenticity issue exists in NJ Seri ...) + TODO: check +CVE-2024-33278 (Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware ve ...) + TODO: check +CVE-2023-49793 (CodeChecker is an analyzer tooling, defect database and viewer extensi ...) + TODO: check +CVE-2024-39292
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 98d6f9df by security tracker role at 2024-06-24T08:12:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,46 @@ +CVE-2024-6280 (A vulnerability was found in SourceCodester Simple Online Bidding Syst ...) + TODO: check +CVE-2024-6279 (A vulnerability was found in lahirudanushka School Management System 1 ...) + TODO: check +CVE-2024-6278 (A vulnerability has been found in lahirudanushka School Management Sys ...) + TODO: check +CVE-2024-6277 (A vulnerability, which was classified as critical, was found in lahiru ...) + TODO: check +CVE-2024-6276 (A vulnerability, which was classified as critical, has been found in l ...) + TODO: check +CVE-2024-6275 (A vulnerability classified as critical was found in lahirudanushka Sch ...) + TODO: check +CVE-2024-6274 (A vulnerability classified as critical has been found in lahirudanushk ...) + TODO: check +CVE-2024-6273 (A vulnerability was found in SourceCodester Clinic Queuing System 1.0. ...) + TODO: check +CVE-2024-4900 (The SEOPress WordPress plugin before 7.8 does not validate and escape ...) + TODO: check +CVE-2024-4899 (The SEOPress WordPress plugin before 7.8 does not sanitise and escape ...) + TODO: check +CVE-2024-4499 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS s ...) + TODO: check +CVE-2024-4460 (A denial of service (DoS) vulnerability exists in zenml-io/zenml versi ...) + TODO: check +CVE-2024-3121 (A remote code execution vulnerability exists in the create_conda_env f ...) + TODO: check +CVE-2024-39337 (Click Studios Passwordstate Core before 9.8 build 9858 allows Authenti ...) + TODO: check +CVE-2024-39334 (MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a ...) + TODO: check +CVE-2024-24554 (Bludit uses predictable methods in combination with the MD5 hashing al ...) + TODO: check +CVE-2024-24553 (Bludit uses the SHA-1 hashing algorithm to compute password hashes. Th ...) + TODO: check +CVE-2024-24552 (A session fixation vulnerability in Bludit allows an attacker to bypas ...) + TODO: check +CVE-2024-24551 (A security vulnerability has been identified in Bludit, allowing authe ...) + TODO: check +CVE-2024-24550 (A security vulnerability has been identified in Bludit, allowing attac ...) + TODO: check CVE-2024-29868 NOT-FOR-US: Apache StreamPipes -CVE-2024-27136 +CVE-2024-27136 (XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the atta ...) - jspwiki CVE-2024-28882 - openvpn @@ -16,7 +56,7 @@ CVE-2024-6268 (A vulnerability, which was classified as critical, has been found NOT-FOR-US: lahirudanushka School Management System CVE-2024-4841 (A Path Traversal vulnerability exists in the parisneo/lollms-webui, sp ...) NOT-FOR-US: parisneo/lollms-webui -CVE-2024-39331 [org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code] +CVE-2024-39331 (In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a % ...) - emacs (bug #1074137) - org-mode (bug #1074136) [bookworm] - org-mode (Produces only a dependency binary package) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d6f9df74414a5a4f8790e47cf77ec5c2ad884f -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d6f9df74414a5a4f8790e47cf77ec5c2ad884f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e17d3c97 by security tracker role at 2024-06-23T20:12:03+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2024-6269 (A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as ...) + TODO: check +CVE-2024-6268 (A vulnerability, which was classified as critical, has been found in l ...) + TODO: check +CVE-2024-4841 (A Path Traversal vulnerability exists in the parisneo/lollms-webui, sp ...) + TODO: check CVE-2024- [org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code] - emacs (bug #1074137) - org-mode (bug #1074136) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e17d3c97a24189fbc87bbb98ec8e9b286caa16ef -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e17d3c97a24189fbc87bbb98ec8e9b286caa16ef You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ed94ee7d by security tracker role at 2024-06-23T08:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-6267 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2024-6266 (A vulnerability classified as critical has been found in Pear Admin Bo ...) + TODO: check CVE-2024-6253 (A vulnerability was found in itsourcecode Online Food Ordering System ...) NOT-FOR-US: itsourcecode Online Food Ordering System CVE-2024-6252 (A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed94ee7d98ed6bd6da2e061639bd7965671a8ef4 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed94ee7d98ed6bd6da2e061639bd7965671a8ef4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d20bbf4 by security tracker role at 2024-06-22T20:11:56+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,15 @@ +CVE-2024-6253 (A vulnerability was found in itsourcecode Online Food Ordering System ...) + TODO: check +CVE-2024-6252 (A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classi ...) + TODO: check +CVE-2024-6251 (A vulnerability, which was classified as problematic, was found in pla ...) + TODO: check +CVE-2024-5443 (CVE-2024-4320 describes a vulnerability in the parisneo/lollms softwar ...) + TODO: check +CVE-2024-38379 (Apache Allura's neighborhood settings are vulnerable to a stored XSS a ...) + TODO: check +CVE-2024-38319 (IBM Security SOAR 51.0.2.0 could allow an authenticated user to execut ...) + TODO: check CVE-2024-6120 (The Sparkle Demo Importer plugin for WordPress is vulnerable to unauth ...) NOT-FOR-US: WordPress plugin CVE-2024-5966 (The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d20bbf4a3aec6bfca0eb4296d987e7323780b7c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d20bbf4a3aec6bfca0eb4296d987e7323780b7c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aa0c1d80 by security tracker role at 2024-06-22T08:11:45+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,47 @@ +CVE-2024-6120 (The Sparkle Demo Importer plugin for WordPress is vulnerable to unauth ...) + TODO: check +CVE-2024-5966 (The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-5965 (The Mosaic theme for WordPress is vulnerable to Stored Cross-Site Scri ...) + TODO: check +CVE-2024-5791 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...) + TODO: check +CVE-2024-5596 (The ARMember Premium plugin for WordPress is vulnerable to Cross-Site ...) + TODO: check +CVE-2024-5346 (The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Sc ...) + TODO: check +CVE-2024-4940 (An open redirect vulnerability exists in the gradio-app/gradio, affect ...) + TODO: check +CVE-2024-4874 (The Bricks Builder plugin for WordPress is vulnerable to Insecure Dire ...) + TODO: check +CVE-2024-4313 (The Table Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-3593 (The UberMenu plugin for WordPress is vulnerable to Cross-Site Request ...) + TODO: check +CVE-2024-37694 (ArcGIS Enterprise Server 10.8.0 allows a remote attacker to obtain sen ...) + TODO: check +CVE-2024-37654 (An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01B ...) + TODO: check +CVE-2024-36532 (Insecure permissions in kruise v1.6.2 allows attackers to access sensi ...) + TODO: check +CVE-2024-34989 (In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from ...) + TODO: check +CVE-2024-34452 (CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document.) + TODO: check +CVE-2024-2484 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...) + TODO: check +CVE-2024-21519 (This affects versions of the package opencart/opencart from 4.0.0.0. A ...) + TODO: check +CVE-2024-21518 (This affects versions of the package opencart/opencart from 4.0.0.0. A ...) + TODO: check +CVE-2024-21517 (This affects versions of the package opencart/opencart from 4.0.0.0. A ...) + TODO: check +CVE-2024-21516 (This affects versions of the package opencart/opencart from 4.0.0.0. A ...) + TODO: check +CVE-2024-21515 (This affects versions of the package opencart/opencart from 4.0.0.0. A ...) + TODO: check +CVE-2024-21514 (This affects versions of the package opencart/opencart from 0.0.0. An ...) + TODO: check CVE-2024-6241 (A vulnerability was found in Pear Admin Boot up to 2.0.2 and classifie ...) NOT-FOR-US: Pear Admin Boot CVE-2024-6240 (Improper privilege management vulnerability in Parallels Desktop Softw ...) @@ -133776,8 +133820,8 @@ CVE-2022-42976 RESERVED CVE-2022-42975 (socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin w ...) NOT-FOR-US: Phoenix -CVE-2022-42974 - RESERVED +CVE-2022-42974 (In Kostal PIKO 1.5-1 MP plus HMI OEM p 1.0.1, the web application for ...) + TODO: check CVE-2022-42973 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...) NOT-FOR-US: Schneider CVE-2022-42972 (A CWE-732: Incorrect Permission Assignment for Critical Resource vulne ...) @@ -571208,8 +571252,8 @@ CVE-2014-8770 (Unrestricted file upload vulnerability in magmi/web/magmi.php in NOT-FOR-US: Magento CVE-2012-6665 (Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 ...) NOT-FOR-US: phpMoneyBooks -CVE-2012-6664 - RESERVED +CVE-2012-6664 (Multiple directory traversal vulnerabilities in the TFTP Server in Dis ...) + TODO: check CVE-2012-6663 (General Electric D20ME devices are not properly configured and reveal ...) NOT-FOR-US: General Electric D20ME devices CVE-2014-8988 (MantisBT before 1.2.18 allows remote authenticated users to bypass the ...) @@ -579271,8 +579315,8 @@ CVE-2014-5474 RESERVED CVE-2014-5473 RESERVED -CVE-2014-5470 - RESERVED +CVE-2014-5470 (Actual Analyzer through 2014-08-29 allows code execution via shell met ...) + TODO: check CVE-2014-5469 RESERVED CVE-2014-5468 (A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa0c1d80221c16e899f4690f87c6e522a0dd5b4f -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa0c1d80221c16e899f4690f87c6e522a0dd5b4f You're receiving this email because of your
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ddb87ab8 by security tracker role at 2024-06-21T20:12:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,169 +1,263 @@ -CVE-2024-39277 [dma-mapping: benchmark: handle NUMA_NO_NODE correctly] +CVE-2024-6241 (A vulnerability was found in Pear Admin Boot up to 2.0.2 and classifie ...) + TODO: check +CVE-2024-6240 (Improper privilege management vulnerability in Parallels Desktop Softw ...) + TODO: check +CVE-2024-6239 (A flaw was found in the Poppler's Pdfinfo utility. This issue occurs w ...) + TODO: check +CVE-2024-6027 (The Themify \u2013 WooCommerce Product Filter plugin for WordPress is ...) + TODO: check +CVE-2024-5859 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...) + TODO: check +CVE-2024-5059 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-5058 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-3036 (Improper Input Validation vulnerability in ABB 800xA Base. An attacker ...) + TODO: check +CVE-2024-37790 + REJECTED +CVE-2024-37675 (Cross Site Scripting vulnerability in Tessi Docubase Document Manageme ...) + TODO: check +CVE-2024-37673 (Cross Site Scripting vulnerability in Tessi Docubase Document Manageme ...) + TODO: check +CVE-2024-37672 (Cross Site Scripting vulnerability in Tessi Docubase Document Manageme ...) + TODO: check +CVE-2024-37671 (Cross Site Scripting vulnerability in Tessi Docubase Document Manageme ...) + TODO: check +CVE-2024-37230 (Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Lan ...) + TODO: check +CVE-2024-37227 (Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newslette ...) + TODO: check +CVE-2024-37212 (Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lit ...) + TODO: check +CVE-2024-37198 (Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital ...) + TODO: check +CVE-2024-37118 (Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny ...) + TODO: check +CVE-2024-35781 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-35779 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35778 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-35776 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-35774 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35772 (Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Huem ...) + TODO: check +CVE-2024-35771 (Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Cust ...) + TODO: check +CVE-2024-35770 (Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeograp ...) + TODO: check +CVE-2024-35769 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35768 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35767 (Unrestricted Upload of File with Dangerous Type vulnerability in Bogda ...) + TODO: check +CVE-2024-35766 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35764 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35763 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35762 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35761 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35760 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35759 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35758 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35757 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35537 (TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 wa ...) + TODO: check +CVE-2024-31890 (IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for ...) + TODO: check +CVE-2023-51375 (Missing Authorization vulnerability in WPDeveloper EmbedPress.This iss ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7bb77fdf by security tracker role at 2024-06-21T08:11:47+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,109 @@ +CVE-2024-6225 (The Booking for Appointments and Events Calendar \u2013 Amelia plugin ...) + TODO: check +CVE-2024-6218 (A vulnerability, which was classified as critical, has been found in i ...) + TODO: check +CVE-2024-6217 (A vulnerability classified as critical was found in SourceCodester Foo ...) + TODO: check +CVE-2024-6216 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-6215 (A vulnerability was found in SourceCodester Food Ordering Management S ...) + TODO: check +CVE-2024-6214 (A vulnerability was found in SourceCodester Food Ordering Management S ...) + TODO: check +CVE-2024-6213 (A vulnerability was found in SourceCodester Food Ordering Management S ...) + TODO: check +CVE-2024-6212 (A vulnerability was found in SourceCodester Simple Student Attendance ...) + TODO: check +CVE-2024-6154 (Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege ...) + TODO: check +CVE-2024-6153 (Parallels Desktop Updater Protection Mechanism Failure Software Downgr ...) + TODO: check +CVE-2024-6147 (Poly Plantronics Hub Link Following Local Privilege Escalation Vulnera ...) + TODO: check +CVE-2024-5945 (The WP SVG Images plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-5756 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) + TODO: check +CVE-2024-5746 (A Server-Side Request Forgery vulnerability was identified in GitHub E ...) + TODO: check +CVE-2024-5639 (The User Profile Picture plugin for WordPress is vulnerable to Insecur ...) + TODO: check +CVE-2024-5503 (The WP Blog Post Layouts plugin for WordPress is vulnerable to Local F ...) + TODO: check +CVE-2024-5455 (The Plus Addons for Elementor Page Builder plugin for WordPress is vul ...) + TODO: check +CVE-2024-5448 (The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordP ...) + TODO: check +CVE-2024-5447 (The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordP ...) + TODO: check +CVE-2024-5344 (The The Plus Addons for Elementor Page Builder plugin for WordPress is ...) + TODO: check +CVE-2024-5191 (The Branda \u2013 White Label WordPress, Custom Login Page Customizer ...) + TODO: check +CVE-2024-4970 (The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and ...) + TODO: check +CVE-2024-4969 (The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4755 (The Google CSE WordPress plugin through 1.0.7 does not sanitise and es ...) + TODO: check +CVE-2024-4616 (The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and ...) + TODO: check +CVE-2024-4477 (The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and ...) + TODO: check +CVE-2024-4475 (The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF che ...) + TODO: check +CVE-2024-4474 (The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF che ...) + TODO: check +CVE-2024-4384 (The CSSable Countdown WordPress plugin through 1.5 does not sanitise a ...) + TODO: check +CVE-2024-4382 (The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF c ...) + TODO: check +CVE-2024-4381 (The CB (legacy) WordPress plugin through 0.9.4.18 does not sanitise an ...) + TODO: check +CVE-2024-4377 (The DOP Shortcodes WordPress plugin through 1.2 does not validate and ...) + TODO: check +CVE-2024-3961 (The ConvertKit \u2013 Email Newsletter, Email Marketing, Subscribers a ...) + TODO: check +CVE-2024-3610 (The WP Child Theme Generator plugin for WordPress is vulnerable to una ...) + TODO: check +CVE-2024-38874 (An issue was discovered in the events2 (aka Events 2) extension before ...) + TODO: check +CVE-2024-38873 (An issue was discovered in the friendlycaptcha_official (aka Integrati ...) + TODO: check +CVE-2024-38361 (Spicedb is an Open Source, Google Zanzibar-inspired permissions databa ...) + TODO: check +CVE-2024-38359 (The Lightning Network Daemon (lnd) - is a complete implementation of a ...) + TODO: check +CVE-2024-38093 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + TODO: check +CVE-2024-38082 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + TODO: check +CVE-2024-37899 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check +CVE-2024-37183 (Plain text credentials and
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 79387d27 by security tracker role at 2024-06-20T20:12:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,310 +1,408 @@ -CVE-2023-52883 [drm/amdgpu: Fix possible null pointer dereference] +CVE-2024-6196 (A vulnerability was found in itsourcecode Banking Management System 1. ...) + TODO: check +CVE-2024-6195 (A vulnerability has been found in itsourcecode Tailoring Management Sy ...) + TODO: check +CVE-2024-6194 (A vulnerability, which was classified as critical, was found in itsour ...) + TODO: check +CVE-2024-6193 (A vulnerability, which was classified as critical, has been found in i ...) + TODO: check +CVE-2024-6192 (A vulnerability classified as critical was found in itsourcecode Loan ...) + TODO: check +CVE-2024-6191 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-6190 (A vulnerability was found in itsourcecode Farm Management System 1.0. ...) + TODO: check +CVE-2024-6189 (A vulnerability was found in Tenda A301 15.13.08.12. It has been class ...) + TODO: check +CVE-2024-6188 (A vulnerability was found in Parsec Automation TrackSYS 11.x.x and cla ...) + TODO: check +CVE-2024-6187 (A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as ...) + TODO: check +CVE-2024-6186 (A vulnerability, which was classified as critical, was found in Ruijie ...) + TODO: check +CVE-2024-6185 (A vulnerability, which was classified as critical, has been found in R ...) + TODO: check +CVE-2024-6184 (A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. ...) + TODO: check +CVE-2024-6183 (A vulnerability classified as problematic has been found in EZ-Suite E ...) + TODO: check +CVE-2024-6182 (A vulnerability was found in LabVantage LIMS 2017. It has been rated a ...) + TODO: check +CVE-2024-6181 (A vulnerability was found in LabVantage LIMS 2017. It has been declare ...) + TODO: check +CVE-2024-6162 (A vulnerability was found in Undertow. URL-encoded request path inform ...) + TODO: check +CVE-2024-5886 + REJECTED +CVE-2024-5156 (The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Sc ...) + TODO: check +CVE-2024-5036 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) + TODO: check +CVE-2024-37897 (SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S ...) + TODO: check +CVE-2024-37818 (Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery ...) + TODO: check +CVE-2024-37699 (An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Inj ...) + TODO: check +CVE-2024-37676 (An issue in htop-dev htop v.2.20 allows a local attacker to cause an o ...) + TODO: check +CVE-2024-37674 (Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote ...) + TODO: check +CVE-2024-37626 (A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 fir ...) + TODO: check +CVE-2024-37532 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity ...) + TODO: check +CVE-2024-37352 (There is a cross-site scripting vulnerability in the management UI of ...) + TODO: check +CVE-2024-37351 (There is a cross-site scripting vulnerability in the management UI of ...) + TODO: check +CVE-2024-37350 (There is a cross-site scripting vulnerability in the policy management ...) + TODO: check +CVE-2024-37349 (There is a cross-site scripting vulnerability in the management UI of ...) + TODO: check +CVE-2024-37348 (There is a cross-site scripting vulnerability in the management UI of ...) + TODO: check +CVE-2024-37347 (There is a cross-site scripting vulnerability in the pool configuratio ...) + TODO: check +CVE-2024-37346 (There is an insufficient input validation vulnerability in the Warehou ...) + TODO: check +CVE-2024-37345 (There is a cross-site scripting vulnerability in the Secure Access adm ...) + TODO: check +CVE-2024-37344 (There is a cross-site scripting vulnerability in the Policy management ...) + TODO: check +CVE-2024-37343 (There is a cross-site scripting vulnerability in the Secure Access adm ...) + TODO: check +CVE-2024-37222 (Cross Site Scripting (XSS) vulnerability in Averta Master Slider allow ...) + TODO: check +CVE-2024-34693 (Improper Input Validation vulnerability in Apache Superset, allows for ...) + TODO: check +CVE-2024-5 (SQL Injection vulnerability in H3C SeaSQL DWS v.2.0 allows a remote at ...) + TODO: check +CVE-2024-29013 (Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ae81d36 by security tracker role at 2024-06-20T08:12:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,74 @@ -CVE-2024-38619 [usb-storage: alauda: Check whether the media is initialized] +CVE-2024-6179 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-6178 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-6177 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-6176 (Allocation of Resources Without Limits or Throttling vulnerability in ...) + TODO: check +CVE-2024-6113 (A vulnerability was found in itsourcecode Monbela Tourist Inn Online R ...) + TODO: check +CVE-2024-5686 (The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPr ...) + TODO: check +CVE-2024-5605 (The Media Library Assistant plugin for WordPress is vulnerable to time ...) + TODO: check +CVE-2024-5522 (The HTML5 Video Player WordPress plugin before 2.5.27 does not saniti ...) + TODO: check +CVE-2024-5475 (The Responsive video embed WordPress plugin before 0.5.1 does not vali ...) + TODO: check +CVE-2024-5432 (The Lifeline Donation plugin for WordPress is vulnerable to authentica ...) + TODO: check +CVE-2024-5213 (In mintplex-labs/anything-llm versions up to and including 1.5.3, an i ...) + TODO: check +CVE-2024-5182 (A path traversal vulnerability exists in mudler/localai version 2.14.0 ...) + TODO: check +CVE-2024-4742 (The Youzify \u2013 BuddyPress Community, User Profile, Social Network ...) + TODO: check +CVE-2024-4626 (The JetWidgets For Elementor plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-4565 (The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced ...) + TODO: check +CVE-2024-4390 (The Slider and Carousel slider by Depicter plugin for WordPress is vul ...) + TODO: check +CVE-2024-4098 (The Shariff Wrapper plugin for WordPress is vulnerable to Local File I ...) + TODO: check +CVE-2024-3627 (The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin ...) + TODO: check +CVE-2024-3605 (The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injecti ...) + TODO: check +CVE-2024-3602 (The Pop ups, Exit intent popups, email popups, banners, bars, countdow ...) + TODO: check +CVE-2024-3597 (The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-3562 (The Custom Field Suite plugin for WordPress is vulnerable to PHP Code ...) + TODO: check +CVE-2024-3561 (The Custom Field Suite plugin for WordPress is vulnerable to SQL Injec ...) + TODO: check +CVE-2024-3558 (The Custom Field Suite plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-38620 (In the Linux kernel, the following vulnerability has been resolved: B ...) + TODO: check +CVE-2024-36684 (In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu ...) + TODO: check +CVE-2024-36680 (In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for Pre ...) + TODO: check +CVE-2024-36679 (In the module "Module Live Chat Pro (All in One Messaging)" (livechatp ...) + TODO: check +CVE-2024-36678 (In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promok ...) + TODO: check +CVE-2024-36677 (In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from ...) + TODO: check +CVE-2024-34994 (In the module "Channable" (channable) up to version 3.2.1 from Channab ...) + TODO: check +CVE-2024-34990 (In the module "Help Desk - Customer Support Management System" (helpde ...) + TODO: check +CVE-2024-33836 (In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 fro ...) + TODO: check +CVE-2024-1168 (The SEOPress \u2013 On-site SEO plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2023-3204 (The Materialis theme for WordPress is vulnerable to limited arbitrary ...) + TODO: check +CVE-2024-38619 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux NOTE: https://git.kernel.org/linus/16637fea001ab3c8df528a8995b3211906165a30 (6.10-rc4) CVE-2024- [RUSTSEC-2024-0344] @@ -817,22 +887,22 @@ CVE-2024-21685 (This High severity Information Disclosure vulnerability was intr NOT-FOR-US: Atlassian CVE-2023-47726 (IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pa ...) NOT-FOR-US: IBM -CVE-2024-6103 +CVE-2024-6103 (Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowe ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c3c47b23 by security tracker role at 2024-06-19T20:12:34+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,548 +1,662 @@ -CVE-2021-47616 [RDMA: Fix use-after-free in rxe_queue_cleanup] +CVE-2024-5676 (The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to ...) + TODO: check +CVE-2024-4632 (The WooCommerce Checkout & Funnel Builder by CartFlows \u2013 Create H ...) + TODO: check +CVE-2024-38358 (Wasmer is a web assembly (wasm) Runtime supporting WASIX, WASI and Ems ...) + TODO: check +CVE-2024-38357 (TinyMCE is an open source rich text editor. A cross-site scripting (XS ...) + TODO: check +CVE-2024-38356 (TinyMCE is an open source rich text editor. A cross-site scripting (XS ...) + TODO: check +CVE-2024-38355 (Socket.IO is an open source, real-time, bidirectional, event-based, co ...) + TODO: check +CVE-2024-38352 + REJECTED +CVE-2024-38329 (IBM Storage Protect for Virtual Environments: Data Protection for VMwa ...) + TODO: check +CVE-2024-36117 (Reposilite is an open source, lightweight and easy-to-use repository m ...) + TODO: check +CVE-2024-36116 (Reposilite is an open source, lightweight and easy-to-use repository m ...) + TODO: check +CVE-2024-36115 (Reposilite is an open source, lightweight and easy-to-use repository m ...) + TODO: check +CVE-2024-35780 (Deserialization of Untrusted Data vulnerability in Live Composer Team ...) + TODO: check +CVE-2024-35765 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34993 (In the module "Bulk Export products to Google Merchant-Google Shopping ...) + TODO: check +CVE-2024-3 (Missing Authorization vulnerability in ThemePunch OHG Slider Revolutio ...) + TODO: check +CVE-2024-34443 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-32030 (Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka U ...) + TODO: check +CVE-2024-22263 (Spring Cloud Data Flow is a microservices-based Streaming and Batch da ...) + TODO: check +CVE-2024-0383 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2023-6495 (The YARPP \u2013 Yet Another Related Posts Plugin plugin for WordPress ...) + TODO: check +CVE-2023-50900 (Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slide ...) + TODO: check +CVE-2023-48761 (Missing Authorization vulnerability in Crocoblock JetElements For Elem ...) + TODO: check +CVE-2023-48760 (Missing Authorization vulnerability in Crocoblock JetElements For Elem ...) + TODO: check +CVE-2023-48759 (Missing Authorization vulnerability in Crocoblock JetElements For Elem ...) + TODO: check +CVE-2023-47788 (Missing Authorization vulnerability in Automattic Jetpack.This issue a ...) + TODO: check +CVE-2023-47783 (Missing Authorization vulnerability in Thrive Themes Thrive Theme Buil ...) + TODO: check +CVE-2023-47771 (Missing Authorization vulnerability in ThemePunch OHG Essential Grid.T ...) + TODO: check +CVE-2023-47770 (Missing Authorization vulnerability in Muffin Group Betheme.This issue ...) + TODO: check +CVE-2023-47681 (Missing Authorization vulnerability in QuadLayers WooCommerce Checkout ...) + TODO: check +CVE-2023-46148 (Missing Authorization vulnerability in Themify Themify Ultra.This issu ...) + TODO: check +CVE-2023-46146 (Missing Authorization vulnerability in Themify Themify Ultra.This issu ...) + TODO: check +CVE-2023-45658 (Missing Authorization vulnerability in POSIMYTH Nexter.This issue affe ...) + TODO: check +CVE-2023-44151 (Missing Authorization vulnerability in Brainstorm Force Pre-Publish Ch ...) + TODO: check +CVE-2023-44148 (Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edi ...) + TODO: check +CVE-2023-41805 (Missing Authorization vulnerability in Brainstorm Force Premium Starte ...) + TODO: check +CVE-2023-40608 (Missing Authorization vulnerability in Paid Memberships Pro Paid Membe ...) + TODO: check +CVE-2023-40004 (Missing Authorization vulnerability in ServMask All-in-One WP Migratio ...) + TODO: check +CVE-2023-39998 (Missing Authorization vulnerability in Muffingroup Betheme.This issue ...) + TODO: check +CVE-2023-39993 (Missing Authorization vulnerability in Wpmet Elements kit Elementor ad ...) + TODO: check +CVE-2023-39990 (Missing Authorization vulnerability in Paid Memberships Pro.This issue ...) + TODO: check +CVE-2023-39922 (Missing Authorization vulnerability in ThemeFusion Avada.This issue af ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 984c4d8a by security tracker role at 2024-06-19T08:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,79 @@ +CVE-2024-6146 (Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overf ...) + TODO: check +CVE-2024-6145 (Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerab ...) + TODO: check +CVE-2024-6144 (Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remo ...) + TODO: check +CVE-2024-6143 (Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Exec ...) + TODO: check +CVE-2024-6142 (Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Exe ...) + TODO: check +CVE-2024-6132 (The Pexels: Free Stock Photos plugin for WordPress is vulnerable to ar ...) + TODO: check +CVE-2024-6129 (A vulnerability, which was classified as problematic, was found in spa ...) + TODO: check +CVE-2024-6128 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-6125 (The Login with phone number plugin for WordPress is vulnerable to unau ...) + TODO: check +CVE-2024-5970 (The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-5853 (The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress ...) + TODO: check +CVE-2024-5768 (The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-5724 (The Photo Video Gallery Master plugin for WordPress is vulnerable to P ...) + TODO: check +CVE-2024-5649 (The Universal Slider plugin for WordPress is vulnerable to PHP Object ...) + TODO: check +CVE-2024-5574 (The WP Magazine Modules Lite plugin for WordPress is vulnerable to Loc ...) + TODO: check +CVE-2024-5343 (The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for Word ...) + TODO: check +CVE-2024-5208 (An uncontrolled resource consumption vulnerability exists in the `uplo ...) + TODO: check +CVE-2024-5021 (The WordPress Picture / Portfolio / Media Gallery plugin for WordPress ...) + TODO: check +CVE-2024-4873 (The Replace Image plugin for WordPress is vulnerable to Insecure Direc ...) + TODO: check +CVE-2024-4787 (The Cost Calculator Builder PRO for WordPress is vulnerable to arbitra ...) + TODO: check +CVE-2024-4663 (The OSM Map Widget for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4623 (The Blogmentor \u2013 Blog Layouts for Elementor plugin for WordPress ...) + TODO: check +CVE-2024-4541 (The Custom Product List Table plugin for WordPress is vulnerable to Cr ...) + TODO: check +CVE-2024-4450 (The AliExpress Dropshipping with AliNext Lite plugin for WordPress is ...) + TODO: check +CVE-2024-3984 (The EmbedSocial \u2013 Social Media Feeds, Reviews and Galleries plugi ...) + TODO: check +CVE-2024-3894 (The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for Word ...) + TODO: check +CVE-2024-3229 (The Salon booking system plugin for WordPress is vulnerable to arbitra ...) + TODO: check +CVE-2024-37881 (SiteGuard WP Plugin provides a functionality to customize the path to ...) + TODO: check +CVE-2024-37387 (Use of potentially dangerous function issue exists in Ricoh Streamline ...) + TODO: check +CVE-2024-37124 (Use of potentially dangerous function issue exists in Ricoh Streamline ...) + TODO: check +CVE-2024-36978 (In the Linux kernel, the following vulnerability has been resolved: n ...) + TODO: check +CVE-2024-36480 (Use of hard-coded credentials issue exists in Ricoh Streamline NX PC C ...) + TODO: check +CVE-2024-36252 (Improper restriction of communication channel to intended endpoints is ...) + TODO: check +CVE-2024-35298 (Improper authorization in handler for custom URL scheme issue in 'ZOZO ...) + TODO: check +CVE-2024-2381 (The AliExpress Dropshipping with AliNext Lite plugin for WordPress is ...) + TODO: check +CVE-2024-1407 (The Paid Memberships Pro \u2013 Content Restriction, User Registration ...) + TODO: check +CVE-2024-0789 (The WP Maintenance plugin for WordPress is vulnerable to IP Address Sp ...) + TODO: check +CVE-2023-6692 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPres ...) + TODO: check CVE-2024-6116 (A vulnerability, which was classified as critical, has been found in i ...) NOT-FOR-US: itsourcecode Simple Online Hotel Reservation System CVE-2024-6115 (A vulnerability classified as critical was found in itsourcecode Simpl ...) @@ -2229,11 +2305,13 @@ CVE-2024-36302 (An origin validation vulnerability in the Trend
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cfed6309 by security tracker role at 2024-06-18T20:12:42+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,73 @@ +CVE-2024-6116 (A vulnerability, which was classified as critical, has been found in i ...) + TODO: check +CVE-2024-6115 (A vulnerability classified as critical was found in itsourcecode Simpl ...) + TODO: check +CVE-2024-6114 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-6112 (A vulnerability classified as critical was found in itsourcecode Pool ...) + TODO: check +CVE-2024-6111 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-6110 (A vulnerability was found in itsourcecode Magbanua Beach Resort Online ...) + TODO: check +CVE-2024-6109 (A vulnerability was found in itsourcecode Tailoring Management System ...) + TODO: check +CVE-2024-6108 (A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03 ...) + TODO: check +CVE-2024-5967 (A vulnerability was found in Keycloak. The LDAP testing endpoint allow ...) + TODO: check +CVE-2024-5953 (A denial of service vulnerability was found in the 389-ds-base LDAP se ...) + TODO: check +CVE-2024-5899 (When Bazel Plugin in intellij imports a project (either using "import ...) + TODO: check +CVE-2024-5750 + REJECTED +CVE-2024-5275 (A hard-coded password in the FileCatalyst TransferAgent can be found w ...) + TODO: check +CVE-2024-38507 (In JetBrains Hub before 2024.2.34646 stored XSS via project descriptio ...) + TODO: check +CVE-2024-38506 (In JetBrains YouTrack before 2024.2.34646 user without appropriate per ...) + TODO: check +CVE-2024-38505 (In JetBrains YouTrack before 2024.2.34646 user access token was sent t ...) + TODO: check +CVE-2024-38504 (In JetBrains YouTrack before 2024.2.34646 the Guest User Account was e ...) + TODO: check +CVE-2024-38351 (Pocketbase is an open source web backend written in go. In affected ve ...) + TODO: check +CVE-2024-38348 (CodeProjects Health Care hospital Management System v1.0 was discovere ...) + TODO: check +CVE-2024-38347 (CodeProjects Health Care hospital Management System v1.0 was discovere ...) + TODO: check +CVE-2024-38277 (A unique key should be generated for a user's QR login key and their a ...) + TODO: check +CVE-2024-38276 (Incorrect CSRF token checks resulted in multiple CSRF risks.) + TODO: check +CVE-2024-38275 (The cURL wrapper in Moodle retained the original request headers when ...) + TODO: check +CVE-2024-38274 (Insufficient escaping of calendar event titles resulted in a stored XS ...) + TODO: check +CVE-2024-38273 (Insufficient capability checks meant it was possible for users to gain ...) + TODO: check +CVE-2024-37904 (Minder is an open source Software Supply Chain Security Platform. Mind ...) + TODO: check +CVE-2024-37821 (An arbitrary file upload vulnerability in the Upload Template function ...) + TODO: check +CVE-2024-37803 (Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProj ...) + TODO: check +CVE-2024-37802 (CodeProjects Health Care hospital Management System v1.0 was discovere ...) + TODO: check +CVE-2024-37800 (CodeProjects Restaurant Reservation System v1.0 was discovered to cont ...) + TODO: check +CVE-2024-37799 (CodeProjects Restaurant Reservation System v1.0 was discovered to cont ...) + TODO: check +CVE-2024-37791 (DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability ...) + TODO: check +CVE-2024-22002 (CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged u ...) + TODO: check +CVE-2024-21685 (This High severity Information Disclosure vulnerability was introduced ...) + TODO: check +CVE-2023-47726 (IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pa ...) + TODO: check CVE-2024-6103 - chromium [bullseye] - chromium (see #1061268) @@ -14,20 +84,20 @@ CVE-2024-6100 - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-36977 [usb: dwc3: Wait unconditionally after issuing EndXfer command] +CVE-2024-36977 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.8.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1d26ba0944d398f88aaf997bda3544646cf21945 (6.10-rc1) -CVE-2024-36976 [Revert "media: v4l2-ctrls: show all owned controls in log_status"] +CVE-2024-36976 (In the Linux kernel, the
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: adb4fafb by security tracker role at 2024-06-18T08:11:50+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,65 @@ +CVE-2024-6084 (A vulnerability has been found in itsourcecode Pool of Bethesda Online ...) + TODO: check +CVE-2024-6083 (A vulnerability, which was classified as critical, was found in PHPVib ...) + TODO: check +CVE-2024-6082 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-6080 (A vulnerability classified as critical was found in Intelbras InContro ...) + TODO: check +CVE-2024-6067 (A vulnerability classified as critical was found in SourceCodester Mus ...) + TODO: check +CVE-2024-6066 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-6065 (A vulnerability was found in itsourcecode Bakery Online Ordering Syste ...) + TODO: check +CVE-2024-6064 (A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It ...) + TODO: check +CVE-2024-6063 (A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It ...) + TODO: check +CVE-2024-5860 (The Tickera \u2013 WordPress Event Ticketing plugin for WordPress is v ...) + TODO: check +CVE-2024-5541 (The Ibtana \u2013 WordPress Website Builder plugin for WordPress is vu ...) + TODO: check +CVE-2024-5533 (The Divi theme for WordPress is vulnerable to Stored Cross-Site Script ...) + TODO: check +CVE-2024-5172 (The Expert Invoice WordPress plugin through 1.0.2 does not sanitise an ...) + TODO: check +CVE-2024-4375 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress ...) + TODO: check +CVE-2024-4094 (The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not ...) + TODO: check +CVE-2024-3276 (The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2 ...) + TODO: check +CVE-2024-37828 (A stored cross-site scripting (XSS) in Vermeg Agile Reporter v23.2.1 a ...) + TODO: check +CVE-2024-37798 (Cross-site scripting (XSS) vulnerability in search-appointment.php in ...) + TODO: check +CVE-2024-37081 (The vCenter Server contains multiple local privilege escalation vulner ...) + TODO: check +CVE-2024-37080 (vCenter Server contains a heap-overflow vulnerability in the implement ...) + TODO: check +CVE-2024-37079 (vCenter Server contains a heap-overflow vulnerability in the implement ...) + TODO: check +CVE-2024-34833 (Sourcecodester Payroll Management System v1.0 is vulnerable to File Up ...) + TODO: check +CVE-2024-34024 (Observable response discrepancy issue exists in ID Link Manager and FU ...) + TODO: check +CVE-2024-33622 (Missing authentication for critical function vulnerability exists in I ...) + TODO: check +CVE-2024-33620 (Absolute path traversal vulnerability exists in ID Link Manager and FU ...) + TODO: check +CVE-2024-1634 (The Scheduling Plugin \u2013 Online Booking for WordPress plugin for W ...) + TODO: check +CVE-2024-0845 (The PDF Viewer for Elementor plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-0066 (Johan Fagerstr\xf6m, member of the AXIS OS Bug Bounty Program, has fou ...) + TODO: check +CVE-2023-5527 (The Business Directory Plugin plugin for WordPress is vulnerable to CS ...) + TODO: check +CVE-2023-37058 (Insecure Permissions vulnerability in JLINK Unionman Technology Co. Lt ...) + TODO: check +CVE-2023-37057 (An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allow ...) + TODO: check CVE-2024-6062 (A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and ...) - gpac NOTE: https://github.com/gpac/gpac/issues/2872 @@ -321912,7 +321974,7 @@ CVE-2020-10138 (Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSS NOT-FOR-US: Acronis CVE-2020-10137 (Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do n ...) NOT-FOR-US: Z-Wave devices -CVE-2020-10136 (Multiple products that implement the IP Encapsulation within IP standa ...) +CVE-2020-10136 (IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2 ...) NOT-FOR-US: Cisco CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication in Blueto ...) NOTE: Bluetooth protocol issue View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adb4fafb0053344432a5bccfb7dbe264b0539ff1 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adb4fafb0053344432a5bccfb7dbe264b0539ff1 You're
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61865d31 by security tracker role at 2024-06-17T20:11:59+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,104 @@ -CVE-2024-36973 [misc: microchip: pci1: fix double free in the error handling of gp_aux_bus_probe()] +CVE-2024-6062 (A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and ...) + TODO: check +CVE-2024-6061 (A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-maste ...) + TODO: check +CVE-2024-6059 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-6058 (A vulnerability classified as problematic has been found in LabVantage ...) + TODO: check +CVE-2024-6057 (Improper authentication in the vault password feature in Devolutions R ...) + TODO: check +CVE-2024-6056 (A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. I ...) + TODO: check +CVE-2024-6055 (Improper removal of sensitive information in data source export featur ...) + TODO: check +CVE-2024-5741 (Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2. ...) + TODO: check +CVE-2024-4032 (The \u201cipaddress\u201d module contained incorrect information about ...) + TODO: check +CVE-2024-38470 (zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site ...) + TODO: check +CVE-2024-38469 (zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site ...) + TODO: check +CVE-2024-38449 (A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316 ...) + TODO: check +CVE-2024-37902 (DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in ...) + TODO: check +CVE-2024-37896 (Gin-vue-admin is a backstage management system based on vue and gin. G ...) + TODO: check +CVE-2024-37895 (Lobe Chat is an open-source LLMs/AI chat framework. In affected versio ...) + TODO: check +CVE-2024-37893 (Firefly III is a free and open source personal finance manager. In aff ...) + TODO: check +CVE-2024-37891 (urllib3 is a user-friendly HTTP client library for Python. When using ...) + TODO: check +CVE-2024-37890 (ws is an open source WebSocket client and server for Node.js. A reques ...) + TODO: check +CVE-2024-37848 (SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 al ...) + TODO: check +CVE-2024-37840 (SQL injection vulnerability in processscore.php in Itsourcecode Learni ...) + TODO: check +CVE-2024-37795 (A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a ...) + TODO: check +CVE-2024-37794 (Improper input validation in CVC5 Solver v1.1.3 allows attackers to ca ...) + TODO: check +CVE-2024-37664 (Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attack ...) + TODO: check +CVE-2024-37663 (Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect messag ...) + TODO: check +CVE-2024-37662 (TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attac ...) + TODO: check +CVE-2024-37661 (TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect messa ...) + TODO: check +CVE-2024-37625 (zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site ...) + TODO: check +CVE-2024-37624 (Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site s ...) + TODO: check +CVE-2024-37623 (Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site s ...) + TODO: check +CVE-2024-37622 (Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site s ...) + TODO: check +CVE-2024-37621 (StrongShop v1.0 was discovered to contain a Server-Side Template Injec ...) + TODO: check +CVE-2024-37620 (PHPVOD v4.0 was discovered to contain a reflected cross-site scripting ...) + TODO: check +CVE-2024-37619 (StrongShop v1.0 was discovered to contain a reflected cross-site scrip ...) + TODO: check +CVE-2024-37305 (oqs-provider is a provider for the OpenSSL 3 cryptography library that ...) + TODO: check +CVE-2024-37159 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. ...) + TODO: check +CVE-2024-37158 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. ...) + TODO: check +CVE-2024-36583 (A Prototype Pollution issue in byondreal accessor <= 1.0.0 allows an a ...) + TODO: check +CVE-2024-36582 (alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollut ...) + TODO: check +CVE-2024-36581 (A Prototype Pollution issue in abw badger-database 1.2.1 allows an att ...) + TODO: check +CVE-2024-36580 (A Prototype Pollution issue in cdr0 sg 1.0.10 allows an attacker to ex ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0406ed0a by security tracker role at 2024-06-17T08:11:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,39 @@ +CVE-2024-6048 (Openfind's MailGates and MailAudit fail to properly filter user input ...) + TODO: check +CVE-2024-6047 (Certain EOL GeoVision devices fail to properly filter user input for t ...) + TODO: check +CVE-2024-6046 (SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not pr ...) + TODO: check +CVE-2024-6045 (Certain models of D-Link wireless routers contain an undisclosed facto ...) + TODO: check +CVE-2024-6044 (Certain models of D-Link wireless routers have a path traversal vulner ...) + TODO: check +CVE-2024-6043 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-6042 (A vulnerability was found in itsourcecode Real Estate Management Syste ...) + TODO: check +CVE-2024-6041 (A vulnerability was found in itsourcecode Gym Management System 1.0. I ...) + TODO: check +CVE-2024-6039 (A vulnerability, which was classified as critical, was found in Feng O ...) + TODO: check +CVE-2024-5650 (DLL Hijacking vulnerability has been found in CENTUM CAMS Log server p ...) + TODO: check +CVE-2024-5163 (Improper permission settings for mobile applications (com.transsion.ca ...) + TODO: check +CVE-2024-4305 (The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress pl ...) + TODO: check +CVE-2024-3236 (The Popup Builder WordPress plugin before 1.1.33 does not sanitise and ...) + TODO: check +CVE-2024-38396 (An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use o ...) + TODO: check +CVE-2024-36289 (Reusing a nonce, key pair in encryption issue exists in "FreeFrom - th ...) + TODO: check +CVE-2024-36279 (Reliance on obfuscation or encryption of security-relevant inputs with ...) + TODO: check +CVE-2024-36277 (Improper verification of cryptographic signature issue exists in "Free ...) + TODO: check +CVE-2024-34451 (Ghost through 5.85.1 allows remote attackers to bypass an authenticati ...) + TODO: check CVE-2024-38468 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorize ...) NOT-FOR-US: Shenzhen Guoxin Synthesis image system CVE-2024-38467 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorize ...) @@ -3723,6 +3759,7 @@ CVE-2024-5171 (Integer overflow in libaom internal functionimg_alloc_helper can NOTE: https://aomedia.googlesource.com/aom/+/19d9966572a410804349e1a8ee2017fed49a6dab NOTE: https://aomedia.googlesource.com/aom/+/8156fb76d88845d716867d20333fd27001be47a8 CVE-2024-5197 (There exists interger overflows in libvpx in versions prior to 1.14.1. ...) + {DLA-3830-1} - libvpx 1.14.1-1 NOTE: https://issues.chromium.org/issues/332382766 NOTE: https://github.com/webmproject/libvpx/commit/c5640e3300690705c336966e2a8bb346a388c829 @@ -95617,8 +95654,8 @@ CVE-2023-27638 (An issue was discovered in the tshirtecommerce (aka Custom Produ NOT-FOR-US: tshirtecommerce CVE-2023-27637 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...) NOT-FOR-US: tshirtecommerce -CVE-2023-27636 - RESERVED +CVE-2023-27636 (Progress Sitefinity before 15.0.0 allows XSS by authenticated users vi ...) + TODO: check CVE-2023-1184 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: ECshop CVE-2023-1183 (A flaw was found in the Libreoffice package. An attacker can craft an ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0406ed0a3e748d9de5f1998b8824fe14c857c2c8 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0406ed0a3e748d9de5f1998b8824fe14c857c2c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a3ed1a6a by security tracker role at 2024-06-16T20:11:56+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,37 @@ +CVE-2024-38468 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorize ...) + TODO: check +CVE-2024-38467 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorize ...) + TODO: check +CVE-2024-38466 (Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw def ...) + TODO: check +CVE-2024-38465 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows username en ...) + TODO: check +CVE-2024-38462 (iRODS before 4.3.2 provides an msiSendMail function with a problematic ...) + TODO: check +CVE-2024-38461 (irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use ...) + TODO: check +CVE-2024-38460 (In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated usi ...) + TODO: check +CVE-2024-38459 (langchain_experimental (aka LangChain Experimental) before 0.0.61 for ...) + TODO: check +CVE-2024-38458 (Xenforo before 2.2.16 allows code injection.) + TODO: check +CVE-2024-38457 (Xenforo before 2.2.16 allows CSRF.) + TODO: check +CVE-2024-38454 (ExpressionEngine before 7.4.11 allows XSS.) + TODO: check +CVE-2024-38448 (htags in GNU Global through 6.6.12 allows code execution in situations ...) + TODO: check +CVE-2024-38443 (C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3 ...) + TODO: check +CVE-2024-38441 (Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer ...) + TODO: check +CVE-2024-38440 (Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer ...) + TODO: check +CVE-2024-38439 (Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer ...) + TODO: check +CVE-2024-36397 (Vantiva - MediaAccess DGA2232v19.4 -CWE-79: Improper Neutralization of ...) + TODO: check CVE-2024-38428 (url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo ...) - wget (bug #1073523) [bookworm] - wget (Minor issue) @@ -3999,6 +4033,7 @@ CVE-2023-6382 (The Master Slider \u2013 Responsive Touch Slider plugin for WordP CVE-2024-5565 (The Vanna library uses a prompt function to present the user with visu ...) NOT-FOR-US: Vanna CVE-2024-5564 (A vulnerability was found in libndp. This flaw allows a local maliciou ...) + {DSA-5713-1} - libndp 1.8-2 (bug #1072366) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2284122 NOTE: https://github.com/jpirko/libndp/issues/26 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3ed1a6a099703f3cd44b1beae2514141c138cdf -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3ed1a6a099703f3cd44b1beae2514141c138cdf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: af84318a by security tracker role at 2024-06-16T08:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2024-38428 (url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo ...) + TODO: check +CVE-2024-38427 (In International Color Consortium DemoIccMAX before 85ce74e, a logic f ...) + TODO: check +CVE-2024-38395 (In iTerm2 before 3.5.2, the "Terminal may report window title" setting ...) + TODO: check +CVE-2024-38394 (Mismatches in interpreting USB authorization policy between GNOME Sett ...) + TODO: check CVE-2024-6016 (A vulnerability, which was classified as critical, has been found in i ...) NOT-FOR-US: itsourcecode Online Laundry Management System CVE-2024-6015 (A vulnerability classified as critical was found in itsourcecode Onlin ...) @@ -18577,6 +18585,7 @@ CVE-2024-1789 (The WP SMTP plugin for WordPress is vulnerable to SQL Injection v CVE-2024-0740 (Eclipse Target Management: Terminal and Remote System Explorer (RSE) v ...) NOT-FOR-US: Eclipse Target Management: Terminal and Remote System Explorer CVE-2023-51794 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...) + {DSA-5712-1} [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) @@ -19862,6 +19871,7 @@ CVE-2024-1065 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver CVE-2024-0671 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm ...) NOT-FOR-US: Arm CVE-2023-51798 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...) + {DSA-5712-1} [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) @@ -19885,6 +19895,7 @@ CVE-2023-51796 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 al NOTE: https://trac.ffmpeg.org/ticket/10753 NOTE: Fixed in https://github.com/ffmpeg/FFmpeg/commit/61e73851a33f0b4cb7662f8578a4695e77bd3c19 (n7.0) CVE-2023-51795 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...) + {DSA-5712-1} [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bullseye] - ffmpeg (Vulnerable code not present) @@ -19893,6 +19904,7 @@ CVE-2023-51795 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 al NOTE: Fixed in https://github.com/FFmpeg/FFmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06 (n7.0) NOTE: Introduced in https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80 (n5.1) CVE-2023-51793 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...) + {DSA-5712-1} [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) @@ -19917,6 +19929,7 @@ CVE-2023-51791 (Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 al CVE-2023-50260 (Wazuh is a free and open source platform used for threat prevention, d ...) NOT-FOR-US: Wazuh CVE-2023-50010 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a ...) + {DSA-5712-1} [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) @@ -20430,6 +20443,7 @@ CVE-2024-32161 (jizhiCMS 2.5 suffers from a File upload vulnerability.) CVE-2024-32130 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31585 (FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Er ...) + {DSA-5712-1} [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bullseye] - ffmpeg (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af84318aa7d443edde8341f6b05e10c16fca456d -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af84318aa7d443edde8341f6b05e10c16fca456d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f3b5155 by security tracker role at 2024-06-15T20:12:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,39 @@ +CVE-2024-6016 (A vulnerability, which was classified as critical, has been found in i ...) + TODO: check +CVE-2024-6015 (A vulnerability classified as critical was found in itsourcecode Onlin ...) + TODO: check +CVE-2024-6014 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-6013 (A vulnerability was found in itsourcecode Online Book Store 1.0. It ha ...) + TODO: check +CVE-2024-6009 (A vulnerability has been found in itsourcecode Event Calendar 1.0 and ...) + TODO: check +CVE-2024-6008 (A vulnerability, which was classified as critical, was found in itsour ...) + TODO: check +CVE-2024-6007 (A vulnerability classified as critical has been found in Netentsec NS- ...) + TODO: check +CVE-2024-6006 (A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It h ...) + TODO: check +CVE-2024-6005 (A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It h ...) + TODO: check +CVE-2024-5858 (The AI Infographic Maker plugin for WordPress is vulnerable to unautho ...) + TODO: check +CVE-2024-5611 (The Stratum \u2013 Elementor Widgets plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-4551 (The Video Gallery \u2013 YouTube Playlist, Channel Gallery by YotuWP p ...) + TODO: check +CVE-2024-4258 (The Video Gallery \u2013 YouTube Playlist, Channel Gallery by YotuWP p ...) + TODO: check +CVE-2024-4095 (The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cros ...) + TODO: check +CVE-2024-3105 (The Woody code snippets \u2013 Insert Header Footer Code, AdSense Ads ...) + TODO: check +CVE-2024-31870 (IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table funct ...) + TODO: check +CVE-2024-2695 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-27275 (IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vul ...) + TODO: check CVE-2024-6003 (A vulnerability was found in Guangdong Baolun Electronics IP Network B ...) NOT-FOR-US: Guangdong Baolun Electronics IP Network Broadcasting Service Platform CVE-2024-6000 (The FooEvents for WooCommerce plugin for WordPress is vulnerable to un ...) @@ -1620,7 +1656,7 @@ CVE-2023-38533 (A vulnerability has been identified in TIA Administrator (All ve CVE-2023-33922 (Missing Authorization vulnerability in Elementor Elementor Website Bui ...) NOT-FOR-US: WordPress plugin CVE-2024-5702 (Memory corruption in the networking stack could have led to a potentia ...) - {DSA-5709-1 DLA-3825-1} + {DSA-5711-1 DSA-5709-1 DLA-3825-1} - firefox-esr 115.12.0esr-1 - thunderbird 1:115.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702 @@ -1629,7 +1665,7 @@ CVE-2024-5701 (Memory safety bugs present in Firefox 126. Some of these bugs sho - firefox 127.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5701 CVE-2024-5700 (Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thu ...) - {DSA-5709-1 DLA-3825-1} + {DSA-5711-1 DSA-5709-1 DLA-3825-1} - firefox 127.0-1 - firefox-esr 115.12.0esr-1 - thunderbird 1:115.12.0-1 @@ -1646,7 +1682,7 @@ CVE-2024-5697 (A website was able to detect when a user took a screenshot of a p - firefox 127.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5697 CVE-2024-5696 (By manipulating the text in an `input` tag, an attacker could ...) - {DSA-5709-1 DLA-3825-1} + {DSA-5711-1 DSA-5709-1 DLA-3825-1} - firefox 127.0-1 - firefox-esr 115.12.0esr-1 - thunderbird 1:115.12.0-1 @@ -1660,7 +1696,7 @@ CVE-2024-5694 (An attacker could have caused a use-after-free in the JavaScript - firefox 127.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5694 CVE-2024-5693 (Offscreen Canvas did not properly track cross-origin tainting, which c ...) - {DSA-5709-1 DLA-3825-1} + {DSA-5711-1 DSA-5709-1 DLA-3825-1} - firefox 127.0-1 - firefox-esr 115.12.0esr-1 - thunderbird 1:115.12.0-1 @@ -1675,7 +1711,7 @@ CVE-2024-5692 (On Windows 10, when using the 'Save As' functionality, an attacke NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5692 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5692 CVE-2024-5691 (By tricking
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fd611beb by security tracker role at 2024-06-15T08:12:00+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,35 @@ +CVE-2024-6003 (A vulnerability was found in Guangdong Baolun Electronics IP Network B ...) + TODO: check +CVE-2024-6000 (The FooEvents for WooCommerce plugin for WordPress is vulnerable to un ...) + TODO: check +CVE-2024-5871 (The WooCommerce - Social Login plugin for WordPress is vulnerable to P ...) + TODO: check +CVE-2024-5868 (The WooCommerce - Social Login plugin for WordPress is vulnerable to E ...) + TODO: check +CVE-2024-5263 (The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-4479 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-3815 (The Newspaper theme for WordPress is vulnerable to Stored Cross-Site S ...) + TODO: check +CVE-2024-3814 (The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-3813 (The tagDiv Composer plugin for WordPress is vulnerable to Local File I ...) + TODO: check +CVE-2024-30120 (HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in ...) + TODO: check +CVE-2024-30119 (HCL DRYiCE Optibot Reset Stationis impacted by a missing Strict Transp ...) + TODO: check +CVE-2024-2875 + REJECTED +CVE-2024-2544 (The Popup Builder plugin for WordPress is vulnerable to unauthorized m ...) + TODO: check +CVE-2024-21988 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0. ...) + TODO: check +CVE-2024-1399 (The Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservati ...) + TODO: check +CVE-2023-6696 (The Popup Builder \u2013 Create highly converting, mobile friendly mar ...) + TODO: check CVE-2024-5996 (The notification emails sent by Soar Cloud HR Portal contain a link wi ...) NOT-FOR-US: Soar Cloud HR Portal CVE-2024-5934 @@ -3853,6 +3885,7 @@ CVE-2024-3200 (The wpForo Forum plugin for WordPress is vulnerable to SQL Inject CVE-2024-35636 (Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare Uploadca ...) NOT-FOR-US: WordPress plugin CVE-2024-36041 [ksmserver: Unauthorized users can access session manager] + {DLA-3827-1} - plasma-workspace 4:5.27.11.1-1 NOTE: https://kde.org/info/security/advisory-20240531-1.txt NOTE: Fixed by: https://invent.kde.org/plasma/plasma-workspace/-/commit/da843d3fdb143ed44094c8e6246cfb8305f6f09f @@ -37670,7 +37703,7 @@ CVE-2024-23136 (A maliciously crafted STP file in ASMKERN228A.dll when parsed th NOT-FOR-US: Autodesk CVE-2024-23135 (A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed throu ...) NOT-FOR-US: Autodesk -CVE-2024-23134 (A maliciously crafted IGS file in tbb.dll when parsed through Autodesk ...) +CVE-2024-23134 (A maliciously crafted IGS or IGES file in tbb.dll when parsed through ...) NOT-FOR-US: Autodesk CVE-2024-23133 (A maliciously crafted STP file in ASMDATAX228A.dll when parsed through ...) NOT-FOR-US: Autodesk @@ -37696,9 +37729,9 @@ CVE-2024-23123 (A maliciously crafted CATPART file in CC5Dll.dll or ASMBASE228A. NOT-FOR-US: Autodesk CVE-2024-23122 (A maliciously crafted 3DM file in opennurbs.dll when parsed through Au ...) NOT-FOR-US: Autodesk -CVE-2024-23121 (A maliciously crafted MODEL file in libodxdll.dll when parsed through ...) +CVE-2024-23121 (A maliciously crafted MODEL file when parsed in libodxdll.dll through ...) NOT-FOR-US: Autodesk -CVE-2024-23120 (A maliciously crafted STP file in ASMIMPORT228A.dll when parsed throug ...) +CVE-2024-23120 (A maliciously crafted STP and STEP file when parsed in ASMIMPORT228A.d ...) NOT-FOR-US: Autodesk CVE-2024-1053 (The Event Tickets and Registration plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin @@ -43420,7 +43453,7 @@ CVE-2023-7227 (SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are v CVE-2023-6282 (IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, w ...) NOT-FOR-US: IceHrm CVE-2023-52076 (Atril Document Viewer is the default document reader of the MATE deskt ...) - {DSA-5688-1} + {DSA-5688-1 DLA-3828-1} - atril 1.26.2-1 (bug #1061522) NOTE: https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37 NOTE: https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50 @@ -49388,6 +49421,7 @@ CVE-2023-51766 (Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/C NOTE:
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f5f71b5 by security tracker role at 2024-06-14T20:14:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,113 @@ +CVE-2024-5996 (The notification emails sent by Soar Cloud HR Portal contain a link wi ...) + TODO: check +CVE-2024-5934 + REJECTED +CVE-2024-5731 (A vulnerability in the IPS Manager, Central Manager, and Local Manager ...) + TODO: check +CVE-2024-5685 (Users with "User:edit" and "Self:api" permissionscan promote or demote ...) + TODO: check +CVE-2024-5671 (Insecure Deserialization in some workflows of the IPS Manager allows u ...) + TODO: check +CVE-2024-5659 (Rockwell Automation was made aware of a vulnerability that causes all ...) + TODO: check +CVE-2024-4863 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) + TODO: check +CVE-2024-3912 (Certain models of ASUS routers have an arbitrary firmware upload vulne ...) + TODO: check +CVE-2024-37889 (MyFinances is a web application for managing finances. MyFinances has ...) + TODO: check +CVE-2024-37888 (The Open Link is a CKEditor plugin, extending context menu with a poss ...) + TODO: check +CVE-2024-37887 (Nextcloud Server is a self hosted personal cloud system. Private share ...) + TODO: check +CVE-2024-37886 (user_oidc app is an OpenID Connect user backend for Nextcloud. An atta ...) + TODO: check +CVE-2024-37885 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) + TODO: check +CVE-2024-37884 (Nextcloud Server is a self hosted personal cloud system. A malicious u ...) + TODO: check +CVE-2024-37883 (Nextcloud Deck is a kanban style organization tool aimed at personal p ...) + TODO: check +CVE-2024-37882 (Nextcloud Server is a self hosted personal cloud system. A recipient o ...) + TODO: check +CVE-2024-37831 (Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Inject ...) + TODO: check +CVE-2024-37645 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack o ...) + TODO: check +CVE-2024-37644 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcod ...) + TODO: check +CVE-2024-37643 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack o ...) + TODO: check +CVE-2024-37642 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command ...) + TODO: check +CVE-2024-37641 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack o ...) + TODO: check +CVE-2024-37640 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37639 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37637 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37369 (A privilege escalation vulnerability exists in the affected product. T ...) + TODO: check +CVE-2024-37368 (A user authentication vulnerability exists in the Rockwell AutomationF ...) + TODO: check +CVE-2024-37367 (A user authentication vulnerability exists in the Rockwell Automation ...) + TODO: check +CVE-2024-37317 (The Nextcloud Notes app is a distraction free notes taking app for Nex ...) + TODO: check +CVE-2024-37316 (Nextcloud Calendar is a calendar app for Nextcloud. Authenticated user ...) + TODO: check +CVE-2024-37315 (Nextcloud Server is a self hosted personal cloud system. An attacker w ...) + TODO: check +CVE-2024-37314 (Nextcloud Photos is a photo management app. Users can remove photos fr ...) + TODO: check +CVE-2024-37313 (Nextcloud server is a self hosted personal cloud system. Under some ci ...) + TODO: check +CVE-2024-37312 (user_oidc app is an OpenID Connect user backend for Nextcloud. Missing ...) + TODO: check +CVE-2024-37182 (Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for p ...) + TODO: check +CVE-2024-36656 (In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript c ...) + TODO: check +CVE-2024-36600 (Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to ...) + TODO: check +CVE-2024-36599 (A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows a ...) + TODO: check +CVE-2024-36598 (An arbitrary file upload vulnerability in Aegon Life v1.0 allows attac ...) + TODO: check +CVE-2024-36597 (Aegon Life v1.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-36459 (A CRLF cross-site scripting vulnerability has been identified in certa ...) + TODO: check +CVE-2024-36287 (Mattermost Desktop App versions <=5.7.0 fail
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 77194603 by security tracker role at 2024-06-14T08:14:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,323 @@ +CVE-2024-5995 (The notification emails sent by Soar Cloud HR Portal contain a link wi ...) + TODO: check +CVE-2024-5994 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) + TODO: check +CVE-2024-5985 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-5984 (A vulnerability was found in itsourcecode Online Bookstore 1.0. It has ...) + TODO: check +CVE-2024-5983 (A vulnerability was found in itsourcecode Online Bookstore 1.0. It has ...) + TODO: check +CVE-2024-5981 (A vulnerability was found in itsourcecode Online House Rental System 1 ...) + TODO: check +CVE-2024-5976 (A vulnerability was found in SourceCodester Employee and Visitor Gate ...) + TODO: check +CVE-2024-5961 (Improper neutralization of input during web page generation vulnerabil ...) + TODO: check +CVE-2024-5577 (The Where I Was, Where I Will Be plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5551 (The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-5465 (Function vulnerabilities in the Calendar module Impact: Successful exp ...) + TODO: check +CVE-2024-5464 (Vulnerability of insufficient permission verification in the NearLink ...) + TODO: check +CVE-2024-5155 (The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF che ...) + TODO: check +CVE-2024-4936 (The Canto plugin for WordPress is vulnerable to Remote File Inclusion ...) + TODO: check +CVE-2024-4751 (The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF che ...) + TODO: check +CVE-2024-4480 (The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF che ...) + TODO: check +CVE-2024-4404 (The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side ...) + TODO: check +CVE-2024-4271 (The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file ...) + TODO: check +CVE-2024-4270 (The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file c ...) + TODO: check +CVE-2024-4005 (The Social Pixel WordPress plugin through 2.1 does not sanitise and es ...) + TODO: check +CVE-2024-3993 (The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check ...) + TODO: check +CVE-2024-3992 (The Amen WordPress plugin through 3.3.1 does not sanitise and escape s ...) + TODO: check +CVE-2024-3978 (The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not va ...) + TODO: check +CVE-2024-3977 (The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sa ...) + TODO: check +CVE-2024-3972 (The Similarity WordPress plugin through 3.0 does not have CSRF check i ...) + TODO: check +CVE-2024-3971 (The Similarity WordPress plugin through 3.0 does not have CSRF check i ...) + TODO: check +CVE-2024-3966 (The Pray For Me WordPress plugin through 1.0.4 does not sanitise and e ...) + TODO: check +CVE-2024-3965 (The Pray For Me WordPress plugin through 1.0.4 does not have CSRF chec ...) + TODO: check +CVE-2024-3754 (The Alemha watermarker WordPress plugin through 1.3.1 does not sanitis ...) + TODO: check +CVE-2024-3498 (Attackers can then execute malicious files by enabling certain service ...) + TODO: check +CVE-2024-3497 (Path traversal vulnerability in the web server of the Toshiba printer ...) + TODO: check +CVE-2024-3496 (Attackers can bypass the web login authentication process to gain acce ...) + TODO: check +CVE-2024-3080 (Certain ASUS router models have authentication bypass vulnerability, a ...) + TODO: check +CVE-2024-3079 (Certain models of ASUS routers have buffer overflow vulnerabilities, a ...) + TODO: check +CVE-2024-36503 (Memory management vulnerability in the Gralloc module Impact: Successf ...) + TODO: check +CVE-2024-36502 (Out-of-bounds read vulnerability in the audio module Impact: Successfu ...) + TODO: check +CVE-2024-36501 (Memory management vulnerability in the boottime module Impact: Success ...) + TODO: check +CVE-2024-36500 (Privilege escalation vulnerability in the AMS module Impact: Successfu ...) + TODO: check +CVE-2024-36499 (Vulnerability of unauthorized screenshot capturing in the WMS module I ...) + TODO: check +CVE-2024-33253 (Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learnin ...) + TODO: check +CVE-2024-32930 (In plugin_ipc_handler of slc_plugin.c, there is a possible information ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dcc96146 by security tracker role at 2024-06-13T20:14:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,193 @@ +CVE-2024-5952 (Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-S ...) + TODO: check +CVE-2024-5951 (Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denia ...) + TODO: check +CVE-2024-5950 (Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffe ...) + TODO: check +CVE-2024-5949 (Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of ...) + TODO: check +CVE-2024-5948 (Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Over ...) + TODO: check +CVE-2024-5947 (Deep Sea Electronics DSE855 Configuration Backup Missing Authenticatio ...) + TODO: check +CVE-2024-5927 + REJECTED +CVE-2024-5924 (Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. T ...) + TODO: check +CVE-2024-4696 (A privilege escalation vulnerability was reported in Lenovo Service Br ...) + TODO: check +CVE-2024-4371 (The CoDesigner WooCommerce Builder for Elementor \u2013 Customize Chec ...) + TODO: check +CVE-2024-4176 (An Cross site scripting vulnerability in the EDR XConsole before this ...) + TODO: check +CVE-2024-3073 (The Easy WP SMTP by SendLayer \u2013 WordPress SMTP and Email Log Plug ...) + TODO: check +CVE-2024-38313 (In certain scenarios a malicious website could attempt to display a fa ...) + TODO: check +CVE-2024-38312 (When browsing private tabs, some data related to location history or w ...) + TODO: check +CVE-2024-38285 (Logs storing credentials are insufficiently protected and can be decod ...) + TODO: check +CVE-2024-38284 (Transmitted data is logged between the device and the backend service. ...) + TODO: check +CVE-2024-38283 (Sensitive customer information is stored in the device without encrypt ...) + TODO: check +CVE-2024-38282 (Utilizing default credentials, an attacker is able to log into the cam ...) + TODO: check +CVE-2024-38281 (An attacker can access the maintenance console using hard coded creden ...) + TODO: check +CVE-2024-38280 (An unauthorized user is able to gain access to sensitive data, includi ...) + TODO: check +CVE-2024-38279 (The affected product is vulnerable to an attacker modifying the bootlo ...) + TODO: check +CVE-2024-38083 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + TODO: check +CVE-2024-37877 (UERANSIM before 3.2.6 allows out-of-bounds read when a RLS packet is s ...) + TODO: check +CVE-2024-37849 (A SQL Injection vulnerability in itsourcecode Billing System 1.0 allow ...) + TODO: check +CVE-2024-37635 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37634 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37633 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37632 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37631 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37630 (D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded passwor ...) + TODO: check +CVE-2024-37309 (CrateDB is a distributed SQL database. A high-risk vulnerability has b ...) + TODO: check +CVE-2024-37308 (The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent ...) + TODO: check +CVE-2024-37307 (Cilium is a networking, observability, and security solution with an e ...) + TODO: check +CVE-2024-37306 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...) + TODO: check +CVE-2024-37164 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...) + TODO: check +CVE-2024-37131 (SCG Policy Manager, all versions, contains an overly permissive Cross- ...) + TODO: check +CVE-2024-37029 (Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based ...) + TODO: check +CVE-2024-37022 (Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-boun ...) + TODO: check +CVE-2024-36760 (A stack overflow vulnerability was found in version 1.18.0 of rhai. Th ...) + TODO: check +CVE-2024-36647 (A stored cross-site scripting (XSS) vulnerability in Church CRM v5.8.0 ...) + TODO: check +CVE-2024-36589 (An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2 ...) + TODO: check +CVE-2024-36588 (An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bd01a430 by security tracker role at 2024-06-13T08:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,339 @@ +CVE-2024-5787 (The PowerPack Addons for Elementor (Free Widgets, Extensions and Templ ...) + TODO: check +CVE-2024-5757 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-5661 (An issue has been identified in both XenServer 8 and Citrix Hypervisor ...) + TODO: check +CVE-2024-5265 (The WPBakery Visual Composer plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-4615 (The Elespare \u2013 Blog, Magazine and Newspaper Addons for Elementor ...) + TODO: check +CVE-2024-4576 (The component listed above contains a vulnerability that allows an att ...) + TODO: check +CVE-2024-4201 (A cross-site scripting issue has been discovered in GitLab affecting a ...) + TODO: check +CVE-2024-4149 (The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, ...) + TODO: check +CVE-2024-4145 (The Search & Replace WordPress plugin before 3.2.2 does not sanitize a ...) + TODO: check +CVE-2024-3922 (The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via ...) + TODO: check +CVE-2024-3552 (The Web Directory Free WordPress plugin before 1.7.0 does not sanitise ...) + TODO: check +CVE-2024-3468 (There is a vulnerability in AVEVA PI Web API that could allow maliciou ...) + TODO: check +CVE-2024-3467 (There is a vulnerability in AVEVA PI Asset Framework Client that could ...) + TODO: check +CVE-2024-3032 (Themify Builder WordPress plugin before 7.5.8 does not validate a para ...) + TODO: check +CVE-2024-38295 (ALCASAR before 3.6.1 allows still_connected.php remote code execution.) + TODO: check +CVE-2024-38294 (ALCASAR before 3.6.1 allows email_registration_back.php remote code ex ...) + TODO: check +CVE-2024-38293 (ALCASAR before 3.6.1 allows CSRF and remote code execution in activity ...) + TODO: check +CVE-2024-37665 (An access control issue in Wvp GB28181 Pro 2.0 allows authenticated at ...) + TODO: check +CVE-2024-36523 (An access control issue in Wvp GB28181 Pro 2.0 allows users to continu ...) + TODO: check +CVE-2024-36239 (Adobe Experience Manager versions 6.5.20 and earlier Answer: are affec ...) + TODO: check +CVE-2024-36238 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36236 (Adobe Experience Manager versions 6.5.20 and earlier Answer: are affec ...) + TODO: check +CVE-2024-36235 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36234 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36233 (Adobe Experience Manager versions 6.5.20 and earlier Answer: are affec ...) + TODO: check +CVE-2024-36232 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36231 (Adobe Experience Manager versions 6.5.20 and earlier Answer: are affec ...) + TODO: check +CVE-2024-36230 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36229 (Adobe Experience Manager versions 6.5.20 and earlier Answer: are affec ...) + TODO: check +CVE-2024-36228 (Adobe Experience Manager versions 6.5.20 and earlier Answer: are affec ...) + TODO: check +CVE-2024-36227 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36226 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36225 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36224 (Adobe Experience Manager versions 6.5.20 and earlier Answer: are affec ...) + TODO: check +CVE-2024-36222 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36221 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36220 (Adobe Experience Manager versions 6.5.20 and earlier Answer: are affec ...) + TODO: check +CVE-2024-36219 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36218 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36217 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) + TODO: check +CVE-2024-36216 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: df97ab30 by security tracker role at 2024-06-12T20:12:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,169 @@ +CVE-2024-5909 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...) + TODO: check +CVE-2024-5908 (A problem with the Palo Alto Networks GlobalProtect app can result in ...) + TODO: check +CVE-2024-5907 (A privilege escalation (PE) vulnerability in the Palo Alto Networks Co ...) + TODO: check +CVE-2024-5906 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prism ...) + TODO: check +CVE-2024-5905 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...) + TODO: check +CVE-2024-5898 (A vulnerability was found in itsourcecode Payroll Management System 1. ...) + TODO: check +CVE-2024-5897 (A vulnerability has been found in SourceCodester Employee and Visitor ...) + TODO: check +CVE-2024-5896 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-5895 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-5894 (A vulnerability classified as critical was found in SourceCodester Onl ...) + TODO: check +CVE-2024-5893 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-5891 (A vulnerability was found in Quay. If an attacker can obtain the clien ...) + TODO: check +CVE-2024-5798 (Vault and Vault Enterprise did not properly validate the JSON Web Toke ...) + TODO: check +CVE-2024-5759 (An improper privilege management vulnerability exists in Tenable Secur ...) + TODO: check +CVE-2024-5674 (The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-5560 (CWE-125: Out-of-bounds Read vulnerability exists that could cause deni ...) + TODO: check +CVE-2024-5559 (CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabilit ...) + TODO: check +CVE-2024-5558 (CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerabili ...) + TODO: check +CVE-2024-5557 (CWE-532: Insertion of Sensitive Information into Log File vulnerabilit ...) + TODO: check +CVE-2024-5468 (The WordPress Header Builder Plugin \u2013 Pearl plugin for WordPress ...) + TODO: check +CVE-2024-5313 (CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists th ...) + TODO: check +CVE-2024-5266 (The Download Manager Pro plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-5211 (A path traversal vulnerability in mintplex-labs/anything-llm allowed a ...) + TODO: check +CVE-2024-5056 (CWE-552: Files or Directories Accessible to External Parties vulnerabi ...) + TODO: check +CVE-2024-4898 (The InstaWP Connect \u2013 1-click WP Staging & Migration plugin for W ...) + TODO: check +CVE-2024-4845 (The Icegram Express plugin for WordPress is vulnerable to SQL Injectio ...) + TODO: check +CVE-2024-3492 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...) + TODO: check +CVE-2024-37878 (Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote at ...) + TODO: check +CVE-2024-37629 (SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the ...) + TODO: check +CVE-2024-37304 (NuGet Gallery is a package repository that powers nuget.org. The NuGet ...) + TODO: check +CVE-2024-37300 (OAuthenticator is software that allows OAuth2 identity providers to be ...) + TODO: check +CVE-2024-37297 (WooCommerce is an open-source e-commerce platform built on WordPress. ...) + TODO: check +CVE-2024-37040 (CWE-120: Buffer Copy without Checking Size of Input (\u2018Classic Buf ...) + TODO: check +CVE-2024-37039 (CWE-252: Unchecked Return Value vulnerability exists that could cause ...) + TODO: check +CVE-2024-37038 (CWE-276: Incorrect Default Permissions vulnerability exists that could ...) + TODO: check +CVE-2024-37037 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\ ...) + TODO: check +CVE-2024-37036 (CWE-787: Out-of-bounds Write vulnerability exists that could result in ...) + TODO: check +CVE-2024-36840 (SQL Injection vulnerability in Boelter Blue System Management v.1.3 al ...) + TODO: check +CVE-2024-36761 (naga v0.14.0 was discovered to contain a stack overflow via the compon ...) + TODO: check +CVE-2024-36699 (GNU Debugger v8.2 to v14.2 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2024-36691 (Insecure permissions in the AdminController.AjaxSave() method of PPGo_ ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 702c090a by security tracker role at 2024-06-12T08:12:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,74 +1,134 @@ +CVE-2024-5892 (The Divi Torque Lite \u2013 Divi Theme and Extra Theme plugin for Word ...) + TODO: check +CVE-2024-5873 + REJECTED +CVE-2024-5783 + REJECTED +CVE-2024-5782 + REJECTED +CVE-2024-5781 + REJECTED +CVE-2024-5780 + REJECTED +CVE-2024-5779 + REJECTED +CVE-2024-5778 + REJECTED +CVE-2024-5777 + REJECTED +CVE-2024-5776 + REJECTED +CVE-2024-5739 (The in-app browser of LINE iOS versions below 14.9.0 contains a Univer ...) + TODO: check +CVE-2024-5646 (The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-5553 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5543 (The Slideshow Gallery LITE plugin for WordPress is vulnerable to time- ...) + TODO: check +CVE-2024-4924 (The Social Sharing Plugin WordPress plugin before 3.3.63 does not san ...) + TODO: check +CVE-2024-4892 (The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-4669 (The Events Addon for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-4564 (The CoDesigner WooCommerce Builder for Elementor \u2013 Customize Chec ...) + TODO: check +CVE-2024-4315 (parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI ...) + TODO: check +CVE-2024-3925 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) + TODO: check +CVE-2024-3559 (The Custom Field Suite plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-36856 (RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Servic ...) + TODO: check +CVE-2024-36454 (Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x ...) + TODO: check +CVE-2024-36103 (OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlie ...) + TODO: check +CVE-2024-35225 (Jupyter Server Proxy allows users to run arbitrary external processes ...) + TODO: check +CVE-2024-33606 (An attacker could retrieve sensitive files (medical images) as well as ...) + TODO: check +CVE-2024-28970 (Dell Client BIOS contains an Out-of-bounds Write vulnerability. A loca ...) + TODO: check +CVE-2024-28877 (MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow ...) + TODO: check +CVE-2024-0427 (The ARForms - Premium WordPress Form Builder Plugin WordPress plugin b ...) + TODO: check +CVE-2024-0160 (Dell Client Platform contains an incorrect authorization vulnerability ...) + TODO: check CVE-2024-25131 NOT-FOR-US: MustGather.managed.openshift.io Custom Defined Resource (CRD) -CVE-2024-5847 +CVE-2024-5847 (Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allow ...) - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-5846 +CVE-2024-5846 (Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allow ...) - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-5845 +CVE-2024-5845 (Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowe ...) - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-5844 +CVE-2024-5844 (Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478 ...) - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-5843 +CVE-2024-5843 (Inappropriate implementation in Downloads in Google Chrome prior to 12 ...) - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-5842 +CVE-2024-5842 (Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 a ...) - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-5841 +CVE-2024-5841 (Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a ...) - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-5840 +CVE-2024-5840 (Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed ...) - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-5839 +CVE-2024-5839 (Inappropriate Implementation in Memory Allocator in Google Chrome prio ...) - chromium
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 03ea5981 by security tracker role at 2024-06-11T20:12:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,66 +1,370 @@ -CVE-2024-5702 +CVE-2024-5851 (A vulnerability classified as problematic has been found in playSMS up ...) + TODO: check +CVE-2024-5829 (A vulnerability classified as problematic was found in smallweigit Avu ...) + TODO: check +CVE-2024-5825 + REJECTED +CVE-2024-5813 (A medium severity vulnerability in BIPS has been identified where an a ...) + TODO: check +CVE-2024-5812 (A low severity vulnerability in BIPS has been identified where an atta ...) + TODO: check +CVE-2024-5584 (The WordPress Online Booking and Scheduling Plugin \u2013 Bookly plugi ...) + TODO: check +CVE-2024-5531 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-5398 + REJECTED +CVE-2024-5189 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-4387 + REJECTED +CVE-2024-4206 + REJECTED +CVE-2024-4190 (Stored Cross-Site Scripting (XSS) vulnerabilities have been identified ...) + TODO: check +CVE-2024-4155 + REJECTED +CVE-2024-37325 (Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerabil ...) + TODO: check +CVE-2024-37301 (Document Merge Service is a document template merge service providing ...) + TODO: check +CVE-2024-37296 (The Aimeos HTML client provides Aimeos HTML components for e-commerce ...) + TODO: check +CVE-2024-37295 (Aimeos is an Open Source e-commerce framework for online shops. Starti ...) + TODO: check +CVE-2024-37294 (Aimeos is an Open Source e-commerce framework for online shops. All Sa ...) + TODO: check +CVE-2024-37293 (The AWS Deployment Framework (ADF) is a framework to manage and deploy ...) + TODO: check +CVE-2024-37161 (MeterSphere is an open source continuous testing platform. Prior to ve ...) + TODO: check +CVE-2024-36821 (Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 a ...) + TODO: check +CVE-2024-36702 (libiec61850 v1.5 was discovered to contain a heap overflow via the Ber ...) + TODO: check +CVE-2024-36650 (TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1 ...) + TODO: check +CVE-2024-36266 (A vulnerability has been identified in PowerSys (All versions < V3.11) ...) + TODO: check +CVE-2024-35716 (Missing Authorization vulnerability in Copymatic Copymatic \u2013 AI C ...) + TODO: check +CVE-2024-35692 (Missing Authorization vulnerability in Termly Cookie Consent.This issu ...) + TODO: check +CVE-2024-35685 (Missing Authorization vulnerability in Anders Nor\xe9n Radcliffe 2.Thi ...) + TODO: check +CVE-2024-35683 (Missing Authorization vulnerability in Teplitsa of social technologies ...) + TODO: check +CVE-2024-35671 (Missing Authorization vulnerability in Minoji MJ Update History.This i ...) + TODO: check +CVE-2024-35667 (Missing Authorization vulnerability in WP EasyCart.This issue affects ...) + TODO: check +CVE-2024-35665 (Missing Authorization vulnerability in namithjawahar Insert Post Ads.T ...) + TODO: check +CVE-2024-35663 (Missing Authorization vulnerability in HahnCreativeGroup WP Translate. ...) + TODO: check +CVE-2024-35628 (Missing Authorization vulnerability in Photo Gallery Team Photo Galler ...) + TODO: check +CVE-2024-35303 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...) + TODO: check +CVE-2024-35292 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 ( ...) + TODO: check +CVE-2024-35265 (Windows Perception Service Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-35263 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerabil ...) + TODO: check +CVE-2024-35255 (Azure Identity Libraries and Microsoft Authentication Library Elevatio ...) + TODO: check +CVE-2024-35254 (Azure Monitor Agent Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-35253 (Microsoft Azure File Sync Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-35252 (Azure Storage Movement Client Library Denial of Service Vulnerability) + TODO: check +CVE-2024-35250 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-35249 (Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerab ...) + TODO: check +CVE-2024-35248 (Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnera ...) + TODO: check +CVE-2024-35213 (An improper input validation vulnerability in the SGI Image Codec of Q
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dba58818 by security tracker role at 2024-06-11T08:12:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,185 @@ +CVE-2024-5530 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) + TODO: check +CVE-2024-5090 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-4319 (The Advanced Contact form 7 DB plugin for WordPress is vulnerable to u ...) + TODO: check +CVE-2024-4266 (The MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder f ...) + TODO: check +CVE-2024-3723 (The Advanced Contact form 7 DB plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-3549 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...) + TODO: check +CVE-2024-37289 (An improper access control vulnerability in Trend Micro Apex One could ...) + TODO: check +CVE-2024-37178 (SAP Financial Consolidation does not sufficiently encode user-controll ...) + TODO: check +CVE-2024-37177 (SAP Financial Consolidation allows data to enter a Web application thr ...) + TODO: check +CVE-2024-37176 (SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an ...) + TODO: check +CVE-2024-37169 (@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior ...) + TODO: check +CVE-2024-37168 (@grpc/grps-js implements the core functionality of gRPC purely in Java ...) + TODO: check +CVE-2024-37166 (ghtml is software that uses tagged templates for template engine funct ...) + TODO: check +CVE-2024-37130 (Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, con ...) + TODO: check +CVE-2024-36473 (Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerabl ...) + TODO: check +CVE-2024-36471 (Import functionality is vulnerable to DNS rebinding attacks between ve ...) + TODO: check +CVE-2024-36419 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36418 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36416 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36360 (OS command injection vulnerability exists in awkblog v0.0.1 (commit ha ...) + TODO: check +CVE-2024-36359 (A cross-site scripting (XSS) vulnerability in Trend Micro InterScan We ...) + TODO: check +CVE-2024-36358 (A link following vulnerability in Trend Micro Deep Security 20.x agent ...) + TODO: check +CVE-2024-36307 (A security agent link following vulnerability in Trend Micro Apex One ...) + TODO: check +CVE-2024-36306 (A link following vulnerability in the Trend Micro Apex One and Apex On ...) + TODO: check +CVE-2024-36305 (A security agent link following vulnerability in Trend Micro Apex One ...) + TODO: check +CVE-2024-36304 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One ...) + TODO: check +CVE-2024-36303 (An origin validation vulnerability in the Trend Micro Apex One securit ...) + TODO: check +CVE-2024-36302 (An origin validation vulnerability in the Trend Micro Apex One securit ...) + TODO: check +CVE-2024-35329 (libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_do ...) + TODO: check +CVE-2024-35242 (Composer is a dependency manager for PHP. On the 2.x branch prior to v ...) + TODO: check +CVE-2024-35241 (Composer is a dependency manager for PHP. On the 2.x branch prior to v ...) + TODO: check +CVE-2024-34691 (Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform ...) + TODO: check +CVE-2024-34690 (SAP Student Life Cycle Management (SLcM) fails to conduct proper autho ...) + TODO: check +CVE-2024-34688 (Due to unrestricted access to the Meta Model Repository services in SA ...) + TODO: check +CVE-2024-34686 (Due to insufficient input validation, SAP CRM WebClient UI allows an u ...) + TODO: check +CVE-2024-34684 (On Unix, SAP BusinessObjects Business Intelligence Platform (Schedulin ...) + TODO: check +CVE-2024-34683 (An authenticated attacker can upload malicious file to SAP Document Bu ...) + TODO: check +CVE-2024-33850 (Pexip Infinity before 34.1 has Improper Access Control for persons in ...) + TODO: check +CVE-2024-33001 (SAP NetWeaver and ABAP platform allows an attacker to impede performan ...) + TODO: check +CVE-2024-32849 (Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Esca ...) + TODO: check +CVE-2024-31404 (Insertion of sensitive information into sent data issue exists in Cybo ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d4ef0e4a by security tracker role at 2024-06-10T20:12:35+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,141 @@ -CVE-2024-36972 [af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.] +CVE-2024-5786 (Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1_v ...) + TODO: check +CVE-2024-5785 (Command injection vulnerability in Comtrend router WLD71-T1_v2.0.20182 ...) + TODO: check +CVE-2024-5597 (Fuji Electric Monitouch V-SFTis vulnerable to a type confusion, which ...) + TODO: check +CVE-2024-5102 (A sym-linked file accessed via the repair function in Avast Antivirus ...) + TODO: check +CVE-2024-4745 (Missing Authorization vulnerability in RafflePress Giveaways and Conte ...) + TODO: check +CVE-2024-4744 (Missing Authorization vulnerability in Avirtum iPages Flipbook.This is ...) + TODO: check +CVE-2024-4403 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the restar ...) + TODO: check +CVE-2024-3850 (Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting ...) + TODO: check +CVE-2024-3700 (Use of hard-coded password to the patients' database allows an attacke ...) + TODO: check +CVE-2024-3699 (Use of hard-coded password to the patients' database allows an attacke ...) + TODO: check +CVE-2024-37393 (Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA befor ...) + TODO: check +CVE-2024-37051 (GitHub access token could be exposed to third-party sites in JetBrains ...) + TODO: check +CVE-2024-37014 (Langflow through 0.6.19 allows remote code execution if untrusted user ...) + TODO: check +CVE-2024-36531 (nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vu ...) + TODO: check +CVE-2024-36528 (nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a ...) + TODO: check +CVE-2024-36417 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36415 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36414 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36413 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36412 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36411 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36410 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36409 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36408 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36407 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36406 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36405 (liboqs is a C-language cryptographic library that provides implementat ...) + TODO: check +CVE-2024-35754 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-35749 (Authentication Bypass by Spoofing vulnerability in Acurax Under Constr ...) + TODO: check +CVE-2024-35747 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) + TODO: check +CVE-2024-35746 (Unrestricted Upload of File with Dangerous Type vulnerability in Asgha ...) + TODO: check +CVE-2024-35745 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-35744 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-35743 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-35728 (Improper Neutralization of Special Elements in Output Used by a Downst ...) + TODO: check +CVE-2024-35712 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-35680 (Improper Neutralization of Special Elements in Output Used by a Downst ...) + TODO: check +CVE-2024-35677 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-35658 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-35650 (Improper Control of Filename for Include/Require Statement in PHP Prog ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c6b2428e by security tracker role at 2024-06-10T08:11:58+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,37 @@ +CVE-2024-5389 (In lunary-ai/lunary version 1.2.13, an insufficient granularity of acc ...) + TODO: check +CVE-2024-4746 (Missing Authorization vulnerability in Netgsm.This issue affects Netgs ...) + TODO: check +CVE-2024-4328 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_ ...) + TODO: check +CVE-2024-37880 (The Kyber reference implementation before 9b8d306, when compiled by LL ...) + TODO: check +CVE-2024-35742 (Missing Authorization vulnerability in Code Parrots Easy Forms for Mai ...) + TODO: check +CVE-2024-35741 (Missing Authorization vulnerability in Awesome Support Team Awesome Su ...) + TODO: check +CVE-2024-35735 (Missing Authorization vulnerability in CodePeople WP Time Slots Bookin ...) + TODO: check +CVE-2024-35729 (Missing Authorization vulnerability in Tickera.This issue affects Tick ...) + TODO: check +CVE-2024-35727 (Missing Authorization vulnerability in actpro Extra Product Options fo ...) + TODO: check +CVE-2024-35726 (Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue ...) + TODO: check +CVE-2024-35725 (Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit ...) + TODO: check +CVE-2024-35724 (Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addo ...) + TODO: check +CVE-2024-35723 (Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do Li ...) + TODO: check +CVE-2024-35722 (Missing Authorization vulnerability in A WP Life Slider Responsive Sli ...) + TODO: check +CVE-2024-35721 (Missing Authorization vulnerability in A WP Life Image Gallery \u2013 ...) + TODO: check +CVE-2024-35720 (Missing Authorization vulnerability in A WP Life Album Gallery \u2013 ...) + TODO: check +CVE-2024-35717 (Missing Authorization vulnerability in A WP Life Media Slider \u2013 P ...) + TODO: check CVE-2024-37570 (On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.h ...) TODO: check CVE-2024-37569 (An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x throug ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6b2428e7db18478b1e0788da3f99aebb9298edb -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6b2428e7db18478b1e0788da3f99aebb9298edb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bb24258b by security tracker role at 2024-06-09T20:11:58+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,194 @@ -CVE-2024-37535 +CVE-2024-37570 (On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.h ...) + TODO: check +CVE-2024-37569 (An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x throug ...) + TODO: check +CVE-2024-37568 (lepture Authlib before 1.3.1 has algorithm confusion with asymmetric p ...) + TODO: check +CVE-2024-35748 (Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.T ...) + TODO: check +CVE-2024-35669 (Missing Authorization vulnerability in Bowo Debug Log Manager.This iss ...) + TODO: check +CVE-2024-35662 (Missing Authorization vulnerability in Andreas Sofantzis Simple COD Fe ...) + TODO: check +CVE-2024-35661 (Missing Authorization vulnerability in SoftLab Upload Fields for WPFor ...) + TODO: check +CVE-2024-35660 (Missing Authorization vulnerability in Jewel Theme Master Addons for E ...) + TODO: check +CVE-2024-34802 (Missing Authorization vulnerability in AdFoxly AdFoxly \u2013 Ad Manag ...) + TODO: check +CVE-2024-34435 (Missing Authorization vulnerability in CodeRevolution Aiomatic.This is ...) + TODO: check +CVE-2024-33572 (Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Bl ...) + TODO: check +CVE-2024-33565 (Missing Authorization vulnerability in UkrSolution Barcode Scanner wit ...) + TODO: check +CVE-2024-33564 (Missing Authorization vulnerability in 8theme XStore.This issue affect ...) + TODO: check +CVE-2024-33563 (Missing Authorization vulnerability in 8theme XStore.This issue affect ...) + TODO: check +CVE-2024-33561 (Missing Authorization vulnerability in 8theme XStore.This issue affect ...) + TODO: check +CVE-2024-33555 (Missing Authorization vulnerability in 8theme XStore Core.This issue a ...) + TODO: check +CVE-2024-33547 (Missing Authorization vulnerability in AA-Team WZone.This issue affect ...) + TODO: check +CVE-2024-33545 (Missing Authorization vulnerability in AA-Team WZone.This issue affect ...) + TODO: check +CVE-2024-33543 (Missing Authorization vulnerability in CodePeople WP Time Slots Bookin ...) + TODO: check +CVE-2024-32824 (Missing Authorization vulnerability in Evergreen Content Poster.This i ...) + TODO: check +CVE-2024-32821 (Missing Authorization vulnerability in TotalSuite Total Poll Lite.This ...) + TODO: check +CVE-2024-32820 (Missing Authorization vulnerability in Social Share Pro Social Share I ...) + TODO: check +CVE-2024-32818 (Missing Authorization vulnerability in realmag777 WordPress Meta Data ...) + TODO: check +CVE-2024-32814 (Missing Authorization vulnerability in Zorem Advanced Local Pickup for ...) + TODO: check +CVE-2024-32813 (Missing Authorization vulnerability in SoftLab Integrate Google Drive. ...) + TODO: check +CVE-2024-32811 (Insertion of Sensitive Information into Log File vulnerability in Octo ...) + TODO: check +CVE-2024-32805 (Missing Authorization vulnerability in Social Snap.This issue affects ...) + TODO: check +CVE-2024-32804 (Missing Authorization vulnerability in Martin Gibson WP GoToWebinar.Th ...) + TODO: check +CVE-2024-32799 (Missing Authorization vulnerability in Merv Barrett Easy Property List ...) + TODO: check +CVE-2024-32798 (Missing Authorization vulnerability in WP Travel Engine.This issue aff ...) + TODO: check +CVE-2024-32797 (Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto ...) + TODO: check +CVE-2024-32792 (Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue ...) + TODO: check +CVE-2024-32787 (Missing Authorization vulnerability in Copy Content Protection Team Se ...) + TODO: check +CVE-2024-32784 (Missing Authorization vulnerability in CookieHub.This issue affects Co ...) + TODO: check +CVE-2024-32783 (Missing Authorization vulnerability in wpcreativeidea Advanced Testimo ...) + TODO: check +CVE-2024-32779 (Missing Authorization vulnerability in Avirtum Vision Interactive.This ...) + TODO: check +CVE-2024-32778 (Missing Authorization vulnerability in Contest Gallery.This issue affe ...) + TODO: check +CVE-2024-32777 (Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Br ...) + TODO: check +CVE-2024-32727 (Missing Authorization vulnerability in Rometheme RomethemeForm For Ele ...) + TODO: check +CVE-2024-32725 (Missing Authorization vulnerability in Saleswonder 5 Stars Rating Funn ...) + TODO: check +CVE-2024-32715 (Missing Authorization vulnerability in Olive Themes