[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 21 21:12:47 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ddb87ab8 by security tracker role at 2024-06-21T20:12:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,169 +1,263 @@
-CVE-2024-39277 [dma-mapping: benchmark: handle NUMA_NO_NODE correctly]
+CVE-2024-6241 (A vulnerability was found in Pear Admin Boot up to 2.0.2 and classifie ...)
+ TODO: check
+CVE-2024-6240 (Improper privilege management vulnerability in Parallels Desktop Softw ...)
+ TODO: check
+CVE-2024-6239 (A flaw was found in the Poppler's Pdfinfo utility. This issue occurs w ...)
+ TODO: check
+CVE-2024-6027 (The Themify \u2013 WooCommerce Product Filter plugin for WordPress is ...)
+ TODO: check
+CVE-2024-5859 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...)
+ TODO: check
+CVE-2024-5059 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-5058 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-3036 (Improper Input Validation vulnerability in ABB 800xA Base. An attacker ...)
+ TODO: check
+CVE-2024-37790
+ REJECTED
+CVE-2024-37675 (Cross Site Scripting vulnerability in Tessi Docubase Document Manageme ...)
+ TODO: check
+CVE-2024-37673 (Cross Site Scripting vulnerability in Tessi Docubase Document Manageme ...)
+ TODO: check
+CVE-2024-37672 (Cross Site Scripting vulnerability in Tessi Docubase Document Manageme ...)
+ TODO: check
+CVE-2024-37671 (Cross Site Scripting vulnerability in Tessi Docubase Document Manageme ...)
+ TODO: check
+CVE-2024-37230 (Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Lan ...)
+ TODO: check
+CVE-2024-37227 (Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newslette ...)
+ TODO: check
+CVE-2024-37212 (Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lit ...)
+ TODO: check
+CVE-2024-37198 (Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital ...)
+ TODO: check
+CVE-2024-37118 (Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny ...)
+ TODO: check
+CVE-2024-35781 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-35779 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-35778 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-35776 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-35774 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-35772 (Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Huem ...)
+ TODO: check
+CVE-2024-35771 (Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Cust ...)
+ TODO: check
+CVE-2024-35770 (Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeograp ...)
+ TODO: check
+CVE-2024-35769 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-35768 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-35767 (Unrestricted Upload of File with Dangerous Type vulnerability in Bogda ...)
+ TODO: check
+CVE-2024-35766 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-35764 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-35763 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-35762 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-35761 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-35760 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-35759 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-35758 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-35757 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-35537 (TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 wa ...)
+ TODO: check
+CVE-2024-31890 (IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for ...)
+ TODO: check
+CVE-2023-51375 (Missing Authorization vulnerability in WPDeveloper EmbedPress.This iss ...)
+ TODO: check
+CVE-2023-45673 (Joplin is a free, open source note taking and to-do application. A rem ...)
+ TODO: check
+CVE-2023-45197 (The file upload plugin in Adminer and AdminerEvo allows an attacker to ...)
+ TODO: check
+CVE-2023-39517 (Joplin is a free, open source note taking and to-do application. A Cro ...)
+ TODO: check
+CVE-2023-38506 (Joplin is a free, open source note taking and to-do application. A Cro ...)
+ TODO: check
+CVE-2023-38389 (Incorrect Authorization vulnerability in Artbees JupiterX Core allows ...)
+ TODO: check
+CVE-2023-37898 (Joplin is a free, open source note taking and to-do application. A Cro ...)
+ TODO: check
+CVE-2024-39277 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e64746e74f717961250a155e14c156616fcd981f (6.10-rc2)
-CVE-2024-38780 [dma-buf/sw-sync: don't enable IRQ from sync_print_obj()]
+CVE-2024-38780 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/b794918961516f667b0c745aebdfebbb8a98df39 (6.10-rc2)
-CVE-2024-38662 [bpf: Allow delete from sockmap/sockhash only if update is allowed]
+CVE-2024-38662 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d (6.10-rc2)
-CVE-2024-38659 [enic: Validate length of nl attributes in enic_set_vf_port]
+CVE-2024-38659 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/e8021b94b0412c37bcc79027c2e382086b6ce449 (6.10-rc2)
-CVE-2024-38637 [greybus: lights: check return of get_channel_from_mode]
+CVE-2024-38637 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/a1ba19a1ae7cd1e324685ded4ab563e78fe68648 (6.10-rc1)
-CVE-2024-38636 [f2fs: multidev: fix to recognize valid zero block address]
+CVE-2024-38636 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/33e62cd7b4c281cd737c62e5d8c4f0e602a8c5c5 (6.10-rc1)
-CVE-2024-38635 [soundwire: cadence: fix invalid PDI offset]
+CVE-2024-38635 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/8ee1b439b1540ae543149b15a2a61b9dff937d91 (6.10-rc1)
-CVE-2024-38634 [serial: max3100: Lock port->lock when calling uart_handle_cts_change()]
+CVE-2024-38634 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/77ab53371a2066fdf9b895246505f5ef5a4b5d47 (6.10-rc1)
-CVE-2024-38633 [serial: max3100: Update uart_driver_registered on driver removal]
+CVE-2024-38633 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/712a1fcb38dc7cac6da63ee79a88708fbf9c45ec (6.10-rc1)
-CVE-2024-38632 [vfio/pci: fix potential memory leak in vfio_intx_enable()]
+CVE-2024-38632 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2 (6.10-rc1)
-CVE-2024-38631 [iio: adc: PAC1934: fix accessing out of bounds array index]
+CVE-2024-38631 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/51fafb3cd7fcf4f4682693b4d2883e2a5bfffe33 (6.10-rc1)
-CVE-2024-38630 [watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger]
+CVE-2024-38630 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/573601521277119f2e2ba5f28ae6e87fc594f4d4 (6.10-rc1)
-CVE-2024-38629 [dmaengine: idxd: Avoid unnecessary destruction of file_ida]
+CVE-2024-38629 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/76e43fa6a456787bad31b8d0daeabda27351a480 (6.10-rc1)
-CVE-2024-38628 [usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.]
+CVE-2024-38628 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1b739388aa3f8dfb63a9fca777e6dfa6912d0464 (6.10-rc1)
-CVE-2024-38627 [stm class: Fix a double free in stm_register_device()]
+CVE-2024-38627 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/3df463865ba42b8f88a590326f4c9ea17a1ce459 (6.10-rc1)
-CVE-2024-38626 [fuse: clear FR_SENT when re-adding requests into pending list]
+CVE-2024-38626 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/246014876d782bbf2e652267482cd2e799fb5fcd (6.10-rc1)
-CVE-2024-38625 [fs/ntfs3: Check 'folio' pointer for NULL]
+CVE-2024-38625 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1cd6c96219c429ebcfa8e79a865277376c563803 (6.10-rc1)
-CVE-2024-38624 [fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow]
+CVE-2024-38624 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e931f6b630ffb22d66caab202a52aa8cbb10c649 (6.10-rc1)
-CVE-2024-38623 [fs/ntfs3: Use variable length array instead of fixed size]
+CVE-2024-38623 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1997cdc3e727526aa5d84b32f7cbb3f56459b7ef (6.10-rc1)
-CVE-2024-38622 [drm/msm/dpu: Add callback function pointer check before its call]
+CVE-2024-38622 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/530f272053a5e72243a9cb07bb1296af6c346002 (6.10-rc1)
-CVE-2024-38621 [media: stk1160: fix bounds checking in stk1160_copy_video()]
+CVE-2024-38621 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/faa4364bef2ec0060de381ff028d1d836600a381 (6.10-rc1)
-CVE-2024-38391 [cxl/region: Fix cxlr_pmem leaks]
+CVE-2024-38391 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1c987cf22d6b65ade46145c03eef13f0e3e81d83 (6.10-rc1)
-CVE-2024-38390 [drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails]
+CVE-2024-38390 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/46d4efcccc688cbacdd70a238bedca510acaa8e4 (6.10-rc1)
-CVE-2024-38388 [ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup]
+CVE-2024-38388 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/172811e3a557d8681a5e2d0f871dc04a2d17eb13 (6.10-rc1)
-CVE-2024-38381 [nfc: nci: Fix uninit-value in nci_rx_work]
+CVE-2024-38381 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/e4a87abf588536d1cdfb128595e6e680af5cf3ed (6.10-rc1)
-CVE-2024-37356 [tcp: Fix shift-out-of-bounds in dctcp_update_alpha().]
+CVE-2024-37356 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/3ebc46ca8675de6378e3f8f40768e180bb8afa66 (6.10-rc1)
-CVE-2024-37353 [virtio: delete vq in vp_find_vqs_msix() when request_irq() fails]
+CVE-2024-37353 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/89875151fccdd024d571aa884ea97a0128b968b6 (6.10-rc1)
-CVE-2024-36489 [tls: fix missing memory barrier in tls_init]
+CVE-2024-36489 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/91e61dd7a0af660408e87372d8330ceb218be302 (6.10-rc1)
-CVE-2024-36484 [net: relax socket state check at accept time.]
+CVE-2024-36484 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/26afda78cda3da974fd4c287962c169e9462c495 (6.10-rc1)
-CVE-2024-36481 [tracing/probes: fix error check in parse_btf_field()]
+CVE-2024-36481 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e569eb34970281438e2b48a3ef11c87459fcfbcb (6.10-rc2)
-CVE-2024-36478 [null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues']
+CVE-2024-36478 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a2db328b0839312c169eb42746ec46fc1ab53ed2 (6.10-rc1)
-CVE-2024-36477 [tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer]
+CVE-2024-36477 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/195aba96b854dd664768f382cd1db375d8181f88 (6.10-rc2)
-CVE-2024-36288 [SUNRPC: Fix loop termination condition in gss_free_in_token_pages()]
+CVE-2024-36288 (In the Linux kernel, the following vulnerability has been resolved: S ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/4a77c3dead97339478c7422eb07bf4bf63577008 (6.10-rc3)
-CVE-2024-36286 [netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()]
+CVE-2024-36286 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/dc21c6cc3d6986d938efbf95de62473982c98dec (6.10-rc2)
-CVE-2024-36281 [net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules]
+CVE-2024-36281 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/16d66a4fa81da07bc4ed19f4e53b87263c2f8d38 (6.10-rc2)
-CVE-2024-36270 [netfilter: tproxy: bail out if IP has been disabled on the device]
+CVE-2024-36270 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/21a673bddc8fd4873c370caf9ae70ffc6d47e8d3 (6.10-rc2)
-CVE-2024-36244 [net/sched: taprio: extend minimum interval restriction to entire cycle too]
+CVE-2024-36244 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fb66df20a7201e60f2b13d7f95d031b31a8831d3 (6.10-rc2)
-CVE-2024-34777 [dma-mapping: benchmark: fix node id validation]
+CVE-2024-34777 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1ff05e723f7ca30644b8ec3fb093f16312e408ad (6.10-rc2)
-CVE-2024-33621 [ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound]
+CVE-2024-33621 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/b3dc6e8003b500861fa307e9a3400c52e78e4d3a (6.10-rc2)
-CVE-2024-33619 [efi: libstub: only free priv.runtime_map when allocated]
+CVE-2024-33619 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4b2543f7e1e6b91cfc8dd1696e3cdf01c3ac8974 (6.10-rc1)
-CVE-2024-31076 [genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline]
+CVE-2024-31076 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/a6c11c0a5235fb144a65e0cb2ffd360ddc1f6c32 (6.10-rc1)
-CVE-2023-52884 [Input: cyapa - add missing input core locking to suspend/resume functions]
+CVE-2023-52884 (In the Linux kernel, the following vulnerability has been resolved: I ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -24701,7 +24795,8 @@ CVE-2024-31926 (Improper Neutralization of Input During Web Page Generation ('Cr
NOT-FOR-US: WordPress plugin
CVE-2024-31925 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-31861 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+CVE-2024-31861
+ REJECTED
NOT-FOR-US: Apache Zeppelin
CVE-2024-31678 (Sourcecodester Loan Management System v1.0 is vulnerable to SQL Inject ...)
NOT-FOR-US: Sourcecodester Loan Management System
@@ -122744,8 +122839,8 @@ CVE-2022-45805 (Improper Neutralization of Special Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2022-45804 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gall ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45803
- RESERVED
+CVE-2022-45803 (Missing Authorization vulnerability in Nikolay Strikhar WordPress Form ...)
+ TODO: check
CVE-2022-45802 (Streampark allows any users to upload a jar as application, but there ...)
NOT-FOR-US: Apache StreamPark
CVE-2022-45801 (Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. ...)
@@ -127578,8 +127673,8 @@ CVE-2022-44595 (Improper Authentication vulnerability in Melapress WP 2FA allows
NOT-FOR-US: WordPress plugin
CVE-2022-44594 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Code ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-44593
- RESERVED
+CVE-2022-44593 (Use of Less Trusted Source vulnerability in SolidWP Solid Security all ...)
+ TODO: check
CVE-2022-44592
RESERVED
CVE-2022-44591 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anth ...)
@@ -127590,8 +127685,8 @@ CVE-2022-44589 (Exposure of Sensitive Information to an Unauthorized Actor vulne
NOT-FOR-US: WordPress plugin
CVE-2022-44588 (Unauth. SQL Injection vulnerability inCryptocurrency Widgets Pack Plug ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-44587
- RESERVED
+CVE-2022-44587 (Insertion of Sensitive Information into Log File vulnerability in WP 2 ...)
+ TODO: check
CVE-2022-44586 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiL ...)
NOT-FOR-US: Ayoub Media
CVE-2022-44585 (Cross-Site Request Forgery (CSRF) vulnerability inMagneticlab S\xe0rlH ...)
@@ -132155,8 +132250,8 @@ CVE-2022-43459 (Cross-Site Request Forgery (CSRF) vulnerability in Forms by Capt
NOT-FOR-US: WordPress plugin
CVE-2022-43458 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Code ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-43453
- RESERVED
+CVE-2022-43453 (Missing Authorization vulnerability in Bill Minozzi WP Tools.This issu ...)
+ TODO: check
CVE-2022-43450 (Authorization Bypass Through User-Controlled Key vulnerability in XWP ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43445
@@ -137678,8 +137773,8 @@ CVE-2022-38063 (Cross-Site Request Forgery (CSRF) vulnerability in Social Login
NOT-FOR-US: WordPress plugin
CVE-2022-38057 (Missing Authorization vulnerability in ThemeHunk Advance WordPress Sea ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-38055
- RESERVED
+CVE-2022-38055 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
CVE-2022-36418 (Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Li ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36399 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
@@ -280678,8 +280773,7 @@ CVE-2020-27354
REJECTED
CVE-2020-27353
REJECTED
-CVE-2020-27352
- RESERVED
+CVE-2020-27352 (When generating the systemd service units for the docker snap (and oth ...)
- snapd 2.49-1
[buster] - snapd <no-dsa> (Minor issue)
[stretch] - snapd <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddb87ab82cd8494b584405306943f6d8196695f5
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddb87ab82cd8494b584405306943f6d8196695f5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240621/e575754d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list