[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 17 09:12:25 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
44c50bee by security tracker role at 2024-04-17T08:12:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,58 +1,478 @@
+CVE-2024-3882 (A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been cla ...)
+ TODO: check
+CVE-2024-3881 (A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified a ...)
+ TODO: check
+CVE-2024-3880 (A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classif ...)
+ TODO: check
+CVE-2024-3879 (A vulnerability, which was classified as critical, was found in Tenda ...)
+ TODO: check
+CVE-2024-3878 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2024-3877 (A vulnerability classified as critical was found in Tenda F1202 1.2.0. ...)
+ TODO: check
+CVE-2024-3876 (A vulnerability classified as critical has been found in Tenda F1202 1 ...)
+ TODO: check
+CVE-2024-3875 (A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been ra ...)
+ TODO: check
+CVE-2024-3874 (A vulnerability was found in Tenda W20E 15.11.0.6. It has been declare ...)
+ TODO: check
+CVE-2024-3873 (A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It has bee ...)
+ TODO: check
+CVE-2024-3872 (Mattermost Mobile app versions 2.13.0 and earlier use a regular expres ...)
+ TODO: check
+CVE-2024-3871 (The Delta Electronics DVW-W02W2-E2 devices expose a web administration ...)
+ TODO: check
+CVE-2024-3869 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-3867 (The archive-tainacan-collection theme for WordPress is vulnerable to R ...)
+ TODO: check
+CVE-2024-3672 (The BA Book Everything plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-3660 (A arbitrary code injection vulnerability in TensorFlow's Keras framewo ...)
+ TODO: check
+CVE-2024-3367 (Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1. ...)
+ TODO: check
+CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-3067 (The WooCommerce Google Feed Manager plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-32634 (In huge memory get unmapped area check, code can never be reached beca ...)
+ TODO: check
+CVE-2024-32633 (An unsigned value can never be negative, so eMMC full disk test will a ...)
+ TODO: check
+CVE-2024-32632 (A value in ATCMD will be misinterpreted by printf, causing incorrect o ...)
+ TODO: check
+CVE-2024-32631 (Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect compu ...)
+ TODO: check
+CVE-2024-32625 (In OffloadAMRWriter, a scalar field is not initialized so will contain ...)
+ TODO: check
+CVE-2024-32532 (Missing Authorization vulnerability in SiteGround Speed Optimizer.This ...)
+ TODO: check
+CVE-2024-32525 (Missing Authorization vulnerability in Theme My Login.This issue affec ...)
+ TODO: check
+CVE-2024-32524 (Missing Authorization vulnerability in Nuggethon Custom Order Statuses ...)
+ TODO: check
+CVE-2024-32522 (Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Te ...)
+ TODO: check
+CVE-2024-32520 (Missing Authorization vulnerability in WPClever WPC Grouped Product fo ...)
+ TODO: check
+CVE-2024-32519 (Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCo ...)
+ TODO: check
+CVE-2024-32518 (Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultim ...)
+ TODO: check
+CVE-2024-32517 (Missing Authorization vulnerability in WooCommerce & WordPress Tutoria ...)
+ TODO: check
+CVE-2024-32516 (Missing Authorization vulnerability in Palscode Multi Currency For Woo ...)
+ TODO: check
+CVE-2024-32515 (Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega ...)
+ TODO: check
+CVE-2024-32514 (Unrestricted Upload of File with Dangerous Type vulnerability in Poll ...)
+ TODO: check
+CVE-2024-32513 (Insertion of Sensitive Information into Log File vulnerability in AdTr ...)
+ TODO: check
+CVE-2024-32509 (Missing Authorization vulnerability in Loopus WP Cost Estimation & Pay ...)
+ TODO: check
+CVE-2024-32455 (Missing Authorization vulnerability in Very Good Plugins Fatal Error N ...)
+ TODO: check
+CVE-2024-32256 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...)
+ TODO: check
+CVE-2024-32254 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...)
+ TODO: check
+CVE-2024-32086 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-32027 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22. ...)
+ TODO: check
+CVE-2024-32026 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...)
+ TODO: check
+CVE-2024-32025 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...)
+ TODO: check
+CVE-2024-32024 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...)
+ TODO: check
+CVE-2024-32023 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...)
+ TODO: check
+CVE-2024-32022 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is ...)
+ TODO: check
+CVE-2024-31887 (IBM Security Verify Privilege 11.6.25 could allow an unauthenticated a ...)
+ TODO: check
+CVE-2024-31760 (An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attac ...)
+ TODO: check
+CVE-2024-31759 (An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to esc ...)
+ TODO: check
+CVE-2024-31680 (File Upload vulnerability in Shibang Communications Co., Ltd. IP netwo ...)
+ TODO: check
+CVE-2024-31503 (Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and befor ...)
+ TODO: check
+CVE-2024-31452 (OpenFGA is a high-performance and flexible authorization/permission en ...)
+ TODO: check
+CVE-2024-31451 (DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable ...)
+ TODO: check
+CVE-2024-31446 (OpenComputers is a Minecraft mod that adds programmable computers and ...)
+ TODO: check
+CVE-2024-30380 (An Improper Handling of Exceptional Conditions vulnerability in Junipe ...)
+ TODO: check
+CVE-2024-30378 (A Use After Free vulnerability in command processing of Juniper Networ ...)
+ TODO: check
+CVE-2024-30256 (Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable ...)
+ TODO: check
+CVE-2024-2309 (The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, ...)
+ TODO: check
+CVE-2024-2118 (The Social Media Share Buttons & Social Sharing Icons WordPress plugin ...)
+ TODO: check
+CVE-2024-2102 (The Salon booking system WordPress plugin before 9.6.3 does not proper ...)
+ TODO: check
+CVE-2024-2101 (The Salon booking system WordPress plugin before 9.6.3 does not proper ...)
+ TODO: check
+CVE-2024-29402 (cskefu v7 suffers from Insufficient Session Expiration, which allows a ...)
+ TODO: check
+CVE-2024-29291 (An issue in Laravel Framework 8 through 11 might allow a remote attack ...)
+ TODO: check
+CVE-2024-27086 (The MSAL library enabled acquisition of security tokens to call protec ...)
+ TODO: check
+CVE-2024-25911 (Missing Authorization vulnerability in Skymoon Labs MoveTo.This issue ...)
+ TODO: check
+CVE-2024-22440 (A potential security vulnerability has been identified in HPE Compute ...)
+ TODO: check
+CVE-2024-22354 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Applicatio ...)
+ TODO: check
+CVE-2024-22329 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Applicatio ...)
+ TODO: check
+CVE-2024-21676 (This High severity Injection vulnerability was introduced in versions ...)
+ TODO: check
+CVE-2024-21121 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2024-21120 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ TODO: check
+CVE-2024-21119 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ TODO: check
+CVE-2024-21118 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ TODO: check
+CVE-2024-21117 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ TODO: check
+CVE-2024-21116 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2024-21115 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2024-21114 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2024-21113 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2024-21112 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2024-21111 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2024-21110 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2024-21109 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2024-21108 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2024-21107 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2024-21106 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2024-21105 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ TODO: check
+CVE-2024-21104 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+ TODO: check
+CVE-2024-21103 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2024-21102 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21101 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21100 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...)
+ TODO: check
+CVE-2024-21099 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2024-21098 (Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise ...)
+ TODO: check
+CVE-2024-21097 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2024-21096 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21095 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
+ TODO: check
+CVE-2024-21094 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ TODO: check
+CVE-2024-21093 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...)
+ TODO: check
+CVE-2024-21092 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...)
+ TODO: check
+CVE-2024-21091 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...)
+ TODO: check
+CVE-2024-21090 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
+ TODO: check
+CVE-2024-21089 (Vulnerability in the Oracle Concurrent Processing product of Oracle E- ...)
+ TODO: check
+CVE-2024-21088 (Vulnerability in the Oracle Production Scheduling product of Oracle E- ...)
+ TODO: check
+CVE-2024-21087 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21086 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ TODO: check
+CVE-2024-21085 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ TODO: check
+CVE-2024-21084 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
+ TODO: check
+CVE-2024-21083 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
+ TODO: check
+CVE-2024-21082 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
+ TODO: check
+CVE-2024-21081 (Vulnerability in the Oracle Partner Management product of Oracle E-Bus ...)
+ TODO: check
+CVE-2024-21080 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ TODO: check
+CVE-2024-21079 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ TODO: check
+CVE-2024-21078 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ TODO: check
+CVE-2024-21077 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ TODO: check
+CVE-2024-21076 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ TODO: check
+CVE-2024-21075 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ TODO: check
+CVE-2024-21074 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ TODO: check
+CVE-2024-21073 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ TODO: check
+CVE-2024-21072 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
+ TODO: check
+CVE-2024-21071 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...)
+ TODO: check
+CVE-2024-21070 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2024-21069 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21068 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ TODO: check
+CVE-2024-21067 (Vulnerability in the Oracle Enterprise Manager Base Platform product o ...)
+ TODO: check
+CVE-2024-21066 (Vulnerability in the RDBMS component of Oracle Database Server. Suppo ...)
+ TODO: check
+CVE-2024-21065 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2024-21064 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2024-21063 (Vulnerability in the PeopleSoft Enterprise HCM Benefits Administration ...)
+ TODO: check
+CVE-2024-21062 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21061 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21060 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21059 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ TODO: check
+CVE-2024-21058 (Vulnerability in the Unified Audit component of Oracle Database Server ...)
+ TODO: check
+CVE-2024-21057 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21056 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21055 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21054 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21053 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21052 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21051 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21050 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21049 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21048 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...)
+ TODO: check
+CVE-2024-21047 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21046 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21045 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21044 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21043 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21042 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21041 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21040 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21039 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21038 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21037 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21036 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21035 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21034 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21033 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21032 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21031 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21030 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21029 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21028 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21027 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21026 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21025 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21024 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21023 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21022 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21021 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21020 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21019 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21018 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21017 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21016 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ TODO: check
+CVE-2024-21015 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21014 (Vulnerability in the Oracle Hospitality Simphony product of Oracle Foo ...)
+ TODO: check
+CVE-2024-21013 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21012 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ TODO: check
+CVE-2024-21011 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ TODO: check
+CVE-2024-21010 (Vulnerability in the Oracle Hospitality Simphony product of Oracle Foo ...)
+ TODO: check
+CVE-2024-21009 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21008 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-21007 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2024-21006 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2024-21005 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ TODO: check
+CVE-2024-21004 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ TODO: check
+CVE-2024-21003 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ TODO: check
+CVE-2024-21002 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ TODO: check
+CVE-2024-21001 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2024-21000 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-20999 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ TODO: check
+CVE-2024-20998 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-20997 (Vulnerability in the Oracle Hospitality Simphony product of Oracle Foo ...)
+ TODO: check
+CVE-2024-20995 (Vulnerability in the Oracle Database Sharding component of Oracle Data ...)
+ TODO: check
+CVE-2024-20994 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-20993 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2024-20992 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion ...)
+ TODO: check
+CVE-2024-20991 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...)
+ TODO: check
+CVE-2024-20990 (Vulnerability in the Oracle Applications Technology product of Oracle ...)
+ TODO: check
+CVE-2024-20989 (Vulnerability in the Oracle Hospitality Simphony product of Oracle Foo ...)
+ TODO: check
+CVE-2024-20954 (Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise ...)
+ TODO: check
+CVE-2024-1357 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...)
+ TODO: check
+CVE-2024-1219 (The Easy Social Feed WordPress plugin before 6.5.6 does not validate ...)
+ TODO: check
+CVE-2024-0868 (The coreActivity: Activity Logging plugin for WordPress plugin before ...)
+ TODO: check
+CVE-2023-51391 (A bug in Micrium OS Network HTTP Server permits an invalid pointer der ...)
+ TODO: check
+CVE-2023-50872 (The API in Accredible Credential.net December 6th, 2023 allows an Inse ...)
+ TODO: check
+CVE-2023-45000 (Missing Authorization vulnerability in LiteSpeed Technologies LiteSpee ...)
+ TODO: check
+CVE-2023-40000 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2024-XXXX [gix-transport indirect code execution via malicious username]
- rust-gix-transport 0.42.0-1
NOTE: https://github.com/advisories/GHSA-98p4-xjmm-8mfh
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0335.html
CVE-2024-27980
- nodejs <not-affected> (Only affects Windows)
-CVE-2024-3847
+CVE-2024-3847 (Insufficient policy enforcement in WebUI in Google Chrome prior to 124 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3846
+CVE-2024-3846 (Inappropriate implementation in Prompts in Google Chrome prior to 124. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3845
+CVE-2024-3845 (Inappropriate implementation in Networks in Google Chrome prior to 124 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3844
+CVE-2024-3844 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3843
+CVE-2024-3843 (Insufficient data validation in Downloads in Google Chrome prior to 12 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3841
+CVE-2024-3841 (Insufficient data validation in Browser Switcher in Google Chrome prio ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3840
+CVE-2024-3840 (Insufficient policy enforcement in Site Isolation in Google Chrome pri ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3839
+CVE-2024-3839 (Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3838
+CVE-2024-3838 (Inappropriate implementation in Autofill in Google Chrome prior to 124 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3837
+CVE-2024-3837 (Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3834
+CVE-2024-3834 (Use after free in Downloads in Google Chrome prior to 124.0.6367.60 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3833
+CVE-2024-3833 (Object corruption in WebAssembly in Google Chrome prior to 124.0.6367. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3832
+CVE-2024-3832 (Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowe ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -60,63 +480,63 @@ CVE-2024-XXXX [Stored XSS in Avatar block]
- wordpress 6.5.2+dfsg1-1 (bug #1069091)
NOTE: https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/
NOTE: https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/
-CVE-2024-3302
+CVE-2024-3302 (There was no limit to the number of HTTP/2 CONTINUATION frames that wo ...)
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3302
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3302
-CVE-2024-3865
+CVE-2024-3865 (Memory safety bugs present in Firefox 124. Some of these bugs showed e ...)
- firefox 125.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3865
-CVE-2024-3864
+CVE-2024-3864 (Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thund ...)
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3864
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3864
-CVE-2024-3863
+CVE-2024-3863 (The executable file warning was not presented when downloading .xrm-ms ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3863
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3863
-CVE-2024-3862
+CVE-2024-3862 (The MarkStack assignment operator, part of the JavaScript engine, coul ...)
- firefox 125.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3862
-CVE-2024-3861
+CVE-2024-3861 (If an AlignedBuffer were assigned to itself, the subsequent self-move ...)
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3861
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3861
-CVE-2024-3860
+CVE-2024-3860 (An out-of-memory condition during object initialization could result i ...)
- firefox 125.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3860
-CVE-2024-3859
+CVE-2024-3859 (On 32-bit versions there were integer-overflows that led to an out-of- ...)
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3859
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3859
-CVE-2024-3858
+CVE-2024-3858 (It was possible to mutate a JavaScript object so that the JIT could cr ...)
- firefox 125.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3858
-CVE-2024-3857
+CVE-2024-3857 (The JIT created incorrect code for arguments in certain cases. This le ...)
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3857
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3857
-CVE-2024-3856
+CVE-2024-3856 (A use-after-free could occur during WASM execution if garbage collecti ...)
- firefox 125.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3856
-CVE-2024-3855
+CVE-2024-3855 (In certain cases the JIT incorrectly optimized MSubstr operations, whi ...)
- firefox 125.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3855
-CVE-2024-3854
+CVE-2024-3854 (In some code patterns the JIT incorrectly optimized switch statements ...)
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3854
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3854
-CVE-2024-3853
+CVE-2024-3853 (A use-after-free could result if a JavaScript realm was in the process ...)
- firefox 125.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3853
-CVE-2024-3852
+CVE-2024-3852 (GetBoundName could return the wrong version of an object when JIT opti ...)
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3852
@@ -147,7 +567,7 @@ CVE-2024-3028 (mintplex-labs/anything-llm is vulnerable to improper input valida
NOT-FOR-US: anything-llm
CVE-2024-32557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-32036 (ImageSharp is a 2D graphics API. A heap-use-after-free flaw was found ...)
+CVE-2024-32036 (ImageSharp is a 2D graphics API. A data leakage flaw was found in Imag ...)
NOT-FOR-US: ImageSharp
CVE-2024-31784 (An issue in Typora v.1.8.10 and before, allows a local attacker to obt ...)
NOT-FOR-US: Typora
@@ -3067,7 +3487,8 @@ CVE-2023-52714 (Vulnerability of defects introduced in the design process in the
NOT-FOR-US: Huawei
CVE-2023-52713 (Vulnerability of improper permission control in the window management ...)
NOT-FOR-US: Huawei
-CVE-2023-52382 (Vulnerability of improper control over foreground service notification ...)
+CVE-2023-52382
+ REJECTED
NOT-FOR-US: Huawei
CVE-2021-4438 (A vulnerability, which was classified as critical, has been found in k ...)
NOT-FOR-US: react-native-sms-user-consent
@@ -3720,14 +4141,17 @@ CVE-2024-26745 (In the Linux kernel, the following vulnerability has been resolv
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/09a3c1e46142199adcee372a420b024b4fc61051 (6.8-rc7)
CVE-2024-24795 (HTTP Response splitting in multiple modules in Apache HTTP Server allo ...)
+ {DSA-5662-1}
- apache2 2.4.59-1 (bug #1068412)
NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/5
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-24795
CVE-2023-38709 (Faulty input validation in the core of Apache allows malicious or expl ...)
+ {DSA-5662-1}
- apache2 2.4.59-1 (bug #1068412)
NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/3
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-38709
CVE-2024-27316 (HTTP/2 incoming headers exceeding the limit are temporarily buffered i ...)
+ {DSA-5662-1}
- apache2 2.4.59-1 (bug #1068412)
NOTE: https://www.kb.cert.org/vuls/id/421644
NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/4
@@ -5121,7 +5545,7 @@ CVE-2024-28219 (In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exis
- pillow 10.3.0-1
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
NOTE: https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061 (10.3.0)
-CVE-2024-3135 (The web server lacked CSRF tokens allowing an attacker to host malicio ...)
+CVE-2024-3135 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler ...)
NOT-FOR-US: LocalAI
CVE-2024-3131 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...)
NOT-FOR-US: SourceCodester Computer Laboratory Management System
@@ -5440,7 +5864,7 @@ CVE-2024-3018 (The Essential Addons for Elementor plugin for WordPress is vulner
NOT-FOR-US: WordPress plugin
CVE-2024-2491 (The PowerPack Addons for Elementor plugin for WordPress is vulnerable ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-1522 (The parisneo/lollms-webui does not have CSRF protections. As a result, ...)
+CVE-2024-1522 (A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/loll ...)
NOT-FOR-US: lollms-webui
CVE-2024-3084 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...)
NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal
@@ -5779,7 +6203,7 @@ CVE-2024-1872 (The Button plugin for WordPress is vulnerable to PHP Object Injec
NOT-FOR-US: WordPress plugin
CVE-2024-1858 (The Lightbox slider \u2013 Responsive Lightbox Gallery plugin for Word ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-1729 (Th password check condition is vulnerable to timing attack to guess th ...)
+CVE-2024-1729 (A timing attack vulnerability exists in the gradio-app/gradio reposito ...)
NOT-FOR-US: Gradio
CVE-2024-0956 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...)
NOT-FOR-US: WordPress plugin
@@ -6458,7 +6882,7 @@ CVE-2024-20265 (A vulnerability in the boot process of Cisco Access Point (AP) S
NOT-FOR-US: Cisco
CVE-2024-20259 (A vulnerability in the DHCP snooping feature of Cisco IOS XE Software ...)
NOT-FOR-US: Cisco
-CVE-2024-1540 (Previously, it was possible to exfiltrate secrets in Gradio's CI, but ...)
+CVE-2024-1540 (A command injection vulnerability exists in the deploy+test-visual.yml ...)
NOT-FOR-US: Gradio
CVE-2023-6400 (Incorrect Authorization vulnerability in OpenText\u2122 ZENworks Confi ...)
NOT-FOR-US: OpenText
@@ -6591,7 +7015,7 @@ CVE-2024-2210 (The The Plus Addons for Elementor plugin for WordPress is vulnera
NOT-FOR-US: WordPress plugin
CVE-2024-2209 (A user with administrative privileges can create a compromised dll fil ...)
NOT-FOR-US: HP
-CVE-2024-2206 (The /proxy route allows a user to proxy arbitrary urls including poten ...)
+CVE-2024-2206 (An SSRF vulnerability exists in the gradio-app/gradio due to insuffici ...)
NOT-FOR-US: Gradio
CVE-2024-2203 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...)
NOT-FOR-US: WordPress plugin
@@ -6979,7 +7403,7 @@ CVE-2024-21912 (An arbitrary code execution vulnerability in Rockwell Automation
NOT-FOR-US: Rockwell Automation
CVE-2024-1933 (Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote C ...)
NOT-FOR-US: TeamViewer
-CVE-2024-1455 (The XMLOutputParser in LangChain uses the etree module from the XML pa ...)
+CVE-2024-1455 (A vulnerability in the langchain-ai/langchain repository allows for a ...)
NOT-FOR-US: LangChain
CVE-2024-1313 (It is possible for a user in a different organization from the owner o ...)
- grafana <removed>
@@ -7995,7 +8419,7 @@ CVE-2024-24883 (Missing Authorization vulnerability in BdThemes Prime Slider \u2
NOT-FOR-US: WordPress plugin
CVE-2024-24850 (Missing Authorization vulnerability in Mark Stockton Quicksand Post Fi ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-1727 (To prevent malicious 3rd party websites from making requests to Gradio ...)
+CVE-2024-1727 (A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio ...)
NOT-FOR-US: Gradio
CVE-2023-51672 (Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.Th ...)
NOT-FOR-US: FunnelKit
@@ -8814,7 +9238,7 @@ CVE-2024-2610 (Using a markup injection an attacker could have stolen nonce valu
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2610
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2610
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2610
-CVE-2024-2609 (The permission prompt input delay could have expired while the window ...)
+CVE-2024-2609 (The permission prompt input delay could expire while the window is not ...)
- firefox 124.0-1
- firefox-esr 115.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609
@@ -14402,7 +14826,7 @@ CVE-2024-1943 (The Yuki theme for WordPress is vulnerable to Cross-Site Request
NOT-FOR-US: WordPress theme
CVE-2024-1932 (Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/ ...)
NOT-FOR-US: freescout-helpdesk
-CVE-2024-1892 (Parts of the Scrapy API were found to be vulnerable to a ReDoS attack. ...)
+CVE-2024-1892 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...)
- python-scrapy 2.11.1-1 (bug #1065111)
[bookworm] - python-scrapy <no-dsa> (Minor issue)
[bullseye] - python-scrapy <no-dsa> (Minor issue)
@@ -15177,7 +15601,7 @@ CVE-2024-1875 (A vulnerability was found in SourceCodester Complaint Management
NOT-FOR-US: SourceCodester
CVE-2024-1735 (A vulnerability has been identified in armeria-saml versions less than ...)
NOT-FOR-US: armeria-saml
-CVE-2024-0798 (A user with a `default` role given to them by the admin can sent `DELE ...)
+CVE-2024-0798 (A privilege escalation vulnerability exists in mintplex-labs/anything- ...)
NOT-FOR-US: mintplex-labs/anything-llm
CVE-2024-0455 (The inclusion of the web scraper for AnythingLLM means that any user w ...)
NOT-FOR-US: mintplex-labs/anything-llm
@@ -20352,7 +20776,8 @@ CVE-2023-51446 (GLPI is a Free Asset and IT Management Software package. When au
- glpi <removed>
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-p995-jmfv-c7r8
NOTE: https://github.com/glpi-project/glpi/commit/58c67d78f2e3ad08264213e9aaf56eab3c9ded35
-CVE-2023-37621 (An issue in Fronius Datalogger Web v.2.0.5-4, allows remote attackers ...)
+CVE-2023-37621
+ REJECTED
NOT-FOR-US: Fronius Datalogger Web
CVE-2024-24747 (MinIO is a High Performance Object Storage. When someone creates an ac ...)
- minio <itp> (bug #859207)
@@ -21087,7 +21512,7 @@ CVE-2024-22147 (Improper Neutralization of Special Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2024-0958 (A vulnerability was found in CodeAstro Stock Management System 1.0 and ...)
NOT-FOR-US: CodeAstro Stock Management System
-CVE-2024-0948 (A vulnerability, which was classified as problematic, has been found i ...)
+CVE-2024-0948 (** DISPUTED ** A vulnerability, which was classified as problematic, h ...)
- netbox <itp> (bug #1017079)
CVE-2024-0946 (A vulnerability classified as critical was found in 60IndexPage up to ...)
NOT-FOR-US: 60IndexPage
@@ -31234,7 +31659,7 @@ CVE-2023-33412 (The web interface in the Intelligent Platform Management Interfa
NOT-FOR-US: Supermicro
CVE-2023-33411 (A web server in the Intelligent Platform Management Interface (IPMI) b ...)
NOT-FOR-US: Supermicro
-CVE-2023-6568 (Cross-site Scripting (XSS) - Reflected in GitHub repository mlflow/mlf ...)
+CVE-2023-6568 (A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlf ...)
NOT-FOR-US: mlflow
CVE-2023-6566 (Business Logic Errors in GitHub repository microweber/microweber prior ...)
NOT-FOR-US: microweber
@@ -34381,7 +34806,7 @@ CVE-2023-6121 (An out-of-bounds read vulnerability was found in the NVMe-oF/TCP
NOTE: https://git.kernel.org/linus/1c22e0295a5eb571c27b53c7371f95699ef705ff (6.7-rc3)
CVE-2023-6119 (An Improper Privilege Management vulnerability in Trellix GetSusp prio ...)
NOT-FOR-US: Trellix
-CVE-2023-6038 (An attacker is able to read any file on the server hosting the H2O das ...)
+CVE-2023-6038 (A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST AP ...)
NOT-FOR-US: H2O (h2ai) (not the same as src:h2o)
CVE-2023-6023 (An attacker can read any file on the filesystem on the server hosting ...)
NOT-FOR-US: ModelDB
@@ -39420,12 +39845,14 @@ CVE-2020-36706 (The Simple:Press \u2013 WordPress Forum Plugin for WordPress is
CVE-2020-36698 (The Security & Malware scan by CleanTalk plugin for WordPress is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2023-45802 (When a HTTP/2 stream was reset (RST frame) by a client, there was a ti ...)
+ {DSA-5662-1}
- apache2 2.4.58-1
[buster] - apache2 <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-45802
NOTE: https://github.com/icing/blog/blob/main/h2-rapid-reset.md#cve-2023-45802
CVE-2023-43622 (An attacker, opening a HTTP/2 connection with an initial window size o ...)
+ {DSA-5662-1}
- apache2 2.4.58-1
[buster] - apache2 <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/5
@@ -62242,6 +62669,7 @@ CVE-2023-2259 (Improper Neutralization of Special Elements Used in a Template En
CVE-2023-2258 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...)
NOT-FOR-US: Alf.io
CVE-2023-31122 (Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.Th ...)
+ {DSA-5662-1}
- apache2 2.4.58-1
[buster] - apache2 <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/4
@@ -161080,43 +161508,37 @@ CVE-2022-24812 (Grafana is an open-source platform for monitoring and observabil
- grafana <not-affected> (Only affects Grafana Enterprise)
CVE-2022-24811 (Combodi iTop is a web based IT Service Management tool. Prior to versi ...)
NOT-FOR-US: Combodi
-CVE-2022-24810 [A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference]
- RESERVED
+CVE-2022-24810 (net-snmp provides various tools relating to the Simple Network Managem ...)
{DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)
NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1)
-CVE-2022-24809 [A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference]
- RESERVED
+CVE-2022-24809 (net-snmp provides various tools relating to the Simple Network Managem ...)
{DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)
NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1)
-CVE-2022-24808 [A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference]
- RESERVED
+CVE-2022-24808 (net-snmp provides various tools relating to the Simple Network Managem ...)
{DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)
NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1)
-CVE-2022-24807 [A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access]
- RESERVED
+CVE-2022-24807 (net-snmp provides various tools relating to the Simple Network Managem ...)
{DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)
NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1)
-CVE-2022-24806 [Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously]
- RESERVED
+CVE-2022-24806 (net-snmp provides various tools relating to the Simple Network Managem ...)
{DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)
NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1)
-CVE-2022-24805 [A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access]
- RESERVED
+CVE-2022-24805 (net-snmp provides various tools relating to the Simple Network Managem ...)
{DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44c50beebc54f57f2db4bae255f22485d6076172
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44c50beebc54f57f2db4bae255f22485d6076172
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240417/17d21d38/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list