[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 27 20:35:31 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
07d5002e by Salvatore Bonaccorso at 2024-03-27T21:34:55+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,195 +1,195 @@
CVE-2024-30238 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30186 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30185 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30184 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30183 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30182 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30181 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30180 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30179 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30178 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30177 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2996 (A vulnerability was found in Bdtask Multi-Store Inventory Management S ...)
- TODO: check
+ NOT-FOR-US: Bdtask Multi-Store Inventory Management System
CVE-2024-2995 (A vulnerability was found in NUUO Camera up to 20240319 and classified ...)
- TODO: check
+ NOT-FOR-US: NUUO Camera
CVE-2024-2994 (A vulnerability was found in Tenda FH1203 2.0.1.6. It has been declare ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2993 (A vulnerability was found in Tenda FH1203 2.0.1.6. It has been classif ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2992 (A vulnerability was found in Tenda FH1203 2.0.1.6 and classified as cr ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2991 (A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2990 (A vulnerability, which was classified as critical, was found in Tenda ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2989 (A vulnerability, which was classified as critical, has been found in T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2988 (A vulnerability classified as critical was found in Tenda FH1203 2.0.1 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2987 (A vulnerability classified as critical has been found in Tenda FH1202 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2986 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been r ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2985 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been d ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2984 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been c ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2983 (A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2982 (A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and class ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2981 (A vulnerability, which was classified as critical, was found in Tenda ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2980 (A vulnerability, which was classified as critical, has been found in T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2979 (A vulnerability classified as critical was found in Tenda F1203 2.0.1. ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2978 (A vulnerability classified as critical has been found in Tenda F1203 2 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2977 (A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2976 (A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2962 (The Networker - Tech News WordPress Theme with Dark Mode theme for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-29946 (In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashb ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2024-29945 (In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the softw ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2024-29936 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29935 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29933 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29932 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29931 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29930 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29929 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29892 (ZITADEL, open source authentication management software, uses Go templ ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2024-29891 (ZITADEL users can upload their own avatar image and various image type ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2024-29888 (Saleor is an e-commerce platform that serves high-volume companies. Wh ...)
- TODO: check
+ NOT-FOR-US: Saleor
CVE-2024-29887 (Serverpod is an app and web server, built for the Flutter and Dart eco ...)
TODO: check
CVE-2024-29886 (Serverpod is an app and web server, built for the Flutter and Dart eco ...)
TODO: check
CVE-2024-29819 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29818 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29817 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29816 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29815 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29814 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29813 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29812 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29807 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: DearHive DearFlip
CVE-2024-29806 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29805 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29804 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29803 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29802 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29801 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29799 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29798 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: ppsmav Gratisfaction
CVE-2024-29797 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29796 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29795 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29794 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29793 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29792 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29791 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29790 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29789 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29788 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29777 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29776 (Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29775 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29774 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29773 (Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Conc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29772 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29770 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29769 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29768 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29765 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29764 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29763 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29762 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29761 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29760 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29759 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29758 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-28860 (Cilium is a networking, observability, and security solution with an e ...)
TODO: check
CVE-2024-28853 (Ampache is a web based audio/video streaming application and file mana ...)
@@ -197,21 +197,21 @@ CVE-2024-28853 (Ampache is a web based audio/video streaming application and fil
CVE-2024-28852 (Ampache is a web based audio/video streaming application and file mana ...)
TODO: check
CVE-2024-28784 (IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulner ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-28247 (The Pi-hole is a DNS sinkhole that protects your devices from unwanted ...)
- TODO: check
+ NOT-FOR-US: Pi-Hole
CVE-2024-28233 (JupyterHub is an open source multi-user server for Jupyter notebooks. ...)
TODO: check
CVE-2024-27270 (IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-27091 (GeoNode is a geospatial content management system, a platform for the ...)
TODO: check
CVE-2024-25962 (Dell InsightIQ, version 5.0, contains an improper access control vulne ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-23515 (Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23510 (Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23451 (Incorrect Authorization issue exists in the API key based security mod ...)
TODO: check
CVE-2024-23450 (A flaw was discovered in Elasticsearch, where processing a document in ...)
@@ -219,55 +219,55 @@ CVE-2024-23450 (A flaw was discovered in Elasticsearch, where processing a docum
CVE-2024-22413
REJECTED
CVE-2024-20354 (A vulnerability in the handling of encrypted wireless frames of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20333 (A vulnerability in the web-based management interface of Cisco Catalys ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20324 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20316 (A vulnerability in the data model interface (DMI) services of Cisco IO ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20314 (A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20312 (A vulnerability in the Intermediate System-to-Intermediate System (IS- ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20311 (A vulnerability in the Locator ID Separation Protocol (LISP) feature o ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20309 (A vulnerability in auxiliary asynchronous port (AUX) functions of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20308 (A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20307 (A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20306 (A vulnerability in the Unified Threat Defense (UTD) configuration CLI ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20303 (A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20278 (A vulnerability in the NETCONF feature of Cisco IOS XE Software could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20276 (A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20271 (A vulnerability in the IP packet processing of Cisco Access Point (AP) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20265 (A vulnerability in the boot process of Cisco Access Point (AP) Softwar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20259 (A vulnerability in the DHCP snooping feature of Cisco IOS XE Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-1540 (Previously, it was possible to exfiltrate secrets in Gradio's CI, but ...)
TODO: check
CVE-2023-6400 (Incorrect Authorization vulnerability in OpenText\u2122 ZENworks Confi ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2023-6173 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: TeoSOFT Software TeoBASE
CVE-2023-6153 (Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Sof ...)
- TODO: check
+ NOT-FOR-US: TeoSOFT Software TeoBASE
CVE-2023-50961 (IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-44999 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooComm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39311 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-34020 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in U ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-28085 (wall in util-linux through 2.40, often installed with setgid tty permi ...)
- util-linux 2.39.3-11 (bug #1067849)
NOTE: https://www.openwall.com/lists/oss-security/2024/03/27/5
@@ -376,23 +376,23 @@ CVE-2024-2903 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been c
CVE-2024-2781 (The Elementor Website Builder Pro plugin for WordPress is vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2244 (REST service authentication anomaly with \u201cvalid username/no passw ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2024-2210 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2209 (A user with administrative privileges can create a compromised dll fil ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-2206 (The /proxy route allows a user to proxy arbitrary urls including poten ...)
TODO: check
CVE-2024-2203 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2139 (The Master Addons for Elementor plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2121 (The Elementor Website Builder Pro plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2120 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2097 (Authenticated List control client can execute the LINQ query in SCM Se ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2024-29928 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-29927 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -466,9 +466,9 @@ CVE-2024-25735 (An issue was discovered on WyreStorm Apollo VX20 devices before
CVE-2024-25734 (An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58 ...)
NOT-FOR-US: WyreStorm Apollo VX20 devices
CVE-2024-25421 (An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remot ...)
- TODO: check
+ NOT-FOR-US: Ignite Realtime Openfire
CVE-2024-25420 (An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remot ...)
- TODO: check
+ NOT-FOR-US: Ignite Realtime Openfire
CVE-2024-25138 (In AutomationDirect C-MORE EA9 HMI, credentials used by the platform ...)
NOT-FOR-US: AutomationDirect C-MORE EA9 HMI
CVE-2024-25137 (In AutomationDirect C-MORE EA9 HMI there is a program that copies a bu ...)
@@ -482,47 +482,47 @@ CVE-2024-24800 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2024-24700 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-22311 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22300 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22299 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22288 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22149 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1532 (A vulnerability exists in the stb-language file handling that affects ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2024-1531 (A vulnerability exists in the stb-language file handling that affects ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2024-1521 (The Elementor Website Builder Pro plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1364 (The Elementor Website Builder Pro plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0400 (SCM Software is a client and server application. An Authenticated Syst ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2023-52228 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Mark Kinchin Beds24 Online Booking
CVE-2023-51148 (An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Acc ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-51147 (Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP w ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-51146 (Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmw ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-50702 (Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem ...)
- TODO: check
+ NOT-FOR-US: Sikka SSCWindowsService
CVE-2023-49815 (Unrestricted Upload of File with Dangerous Type vulnerability in WappP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48777 (Unrestricted Upload of File with Dangerous Type vulnerability in Eleme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48275 (Unrestricted Upload of File with Dangerous Type vulnerability in Trust ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47873 (Unrestricted Upload of File with Dangerous Type vulnerability in WEN S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47846 (Unrestricted Upload of File with Dangerous Type vulnerability in Terry ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47842 (Unrestricted Upload of File with Dangerous Type vulnerability in Zacha ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46052 (Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c ...)
TODO: check
CVE-2023-46051 (TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdfte ...)
@@ -556,31 +556,31 @@ CVE-2023-45919 (Mesa 23.0.4 was discovered to contain a buffer over-read in glXQ
CVE-2023-45913 (Mesa v23.0.4 was discovered to contain a NULL pointer dereference via ...)
TODO: check
CVE-2023-43768 (An issue was discovered in Couchbase Server 6.6.x through 7.2.0, befor ...)
- TODO: check
+ NOT-FOR-US: Couchbase Server
CVE-2023-40290 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-40289 (A command injection issue was discovered on Supermicro X11SSM-F, X11SA ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-40288 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-40287 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-40286 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-40285 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-40284 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-39307 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39306 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-38388 (Unrestricted Upload of File with Dangerous Type vulnerability in Artbe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31854 (std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed ...)
TODO: check
CVE-2023-31634 (In TeslaMate before 1.27.2, there is unauthorized access to port 4000 ...)
- TODO: check
+ NOT-FOR-US: TeslaMate
CVE-2017-20190 (Some Microsoft technologies as used in Windows 8 through 11 allow a te ...)
TODO: check
CVE-2024-22029
@@ -702,9 +702,9 @@ CVE-2024-24718 (Missing Authorization vulnerability in PropertyHive.This issue a
CVE-2024-24711 (Missing Authorization vulnerability in weDevs WooCommerce Conversion T ...)
NOT-FOR-US: WordPress plugin
CVE-2024-23722 (In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be c ...)
- TODO: check
+ NOT-FOR-US: Fluent Bit
CVE-2024-23520 (Missing Authorization vulnerability in AccessAlly PopupAlly.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23482 (The ZScaler service is susceptible to a local privilege escalation vul ...)
TODO: check
CVE-2024-22436 (A security vulnerability in HPE IceWall Agent products could be exploi ...)
@@ -724,7 +724,7 @@ CVE-2024-21913 (A heap-based memory buffer overflow vulnerability in Rockwell Au
CVE-2024-21912 (An arbitrary code execution vulnerability in Rockwell Automation Arena ...)
NOT-FOR-US: Rockwell Automation
CVE-2024-1933 (Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote C ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2024-1455 (The XMLOutputParser in LangChain uses the etree module from the XML pa ...)
NOT-FOR-US: LangChain
CVE-2024-1313 (It is possible for a user in a different organization from the owner o ...)
@@ -3534,9 +3534,9 @@ CVE-2024-27986 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2024-27301 (Support App is an opensource application specialized in managing Apple ...)
NOT-FOR-US: Support App
CVE-2024-27266 (IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External ...)
- NOT-FOR-US: IBM X-Force ID:
+ NOT-FOR-US: IBM
CVE-2024-27265 (IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cr ...)
- NOT-FOR-US: IBM X-Force ID:
+ NOT-FOR-US: IBM
CVE-2024-25156 (A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 ...)
NOT-FOR-US: GoAnywhere MFT
CVE-2024-25139 (In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary ...)
@@ -3548,7 +3548,7 @@ CVE-2024-24562 (vantage6-UI is the official user interface for the vantage6 serv
CVE-2024-23823 (vantage6 is an open source framework built to enable, manage and deplo ...)
NOT-FOR-US: vantage6
CVE-2024-22346 (Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a loca ...)
- NOT-FOR-US: IBM X-Force ID:
+ NOT-FOR-US: IBM
CVE-2024-1998
REJECTED
CVE-2024-1623 (Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone ...)
@@ -6244,7 +6244,7 @@ CVE-2024-25844 (An issue was discovered in Common-Services "So Flexibilite" (sof
CVE-2024-25551 (Cross Site Scripting (XSS) vulnerability in sourcecodester Simple Stud ...)
NOT-FOR-US: sourcecodester Simple Student Attendance System
CVE-2024-25016 (IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could al ...)
- NOT-FOR-US: IBM X-Force ID:
+ NOT-FOR-US: IBM
CVE-2024-24307 (Path Traversal vulnerability in Tunis Soft "Product Designer" (product ...)
NOT-FOR-US: PrestaShop module
CVE-2024-0968 (Cross-site Scripting (XSS) - DOM in GitHub repository langchain-ai/cha ...)
@@ -60840,7 +60840,7 @@ CVE-2023-29388 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in im
CVE-2023-29387 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29386 (Unrestricted Upload of File with Dangerous Type vulnerability in Julie ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Ad ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29384 (Unrestricted Upload of File with Dangerous Type vulnerability in HM Pl ...)
@@ -62906,7 +62906,7 @@ CVE-2023-28789 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ci
CVE-2023-28788 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28787 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28786 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28785 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -63289,7 +63289,7 @@ CVE-2023-28689
CVE-2023-28688
RESERVED
CVE-2023-28687 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1551
RESERVED
CVE-2023-1550 (Insertion of Sensitive Information into log file vulnerability in NGIN ...)
@@ -73694,7 +73694,7 @@ CVE-2023-25366 (In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI i
CVE-2023-25365 (Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows ...)
NOT-FOR-US: October CMS
CVE-2023-25364 (Opswat Metadefender Core before 5.2.1 does not properly defend against ...)
- TODO: check
+ NOT-FOR-US: Opswat Metadefender Core
CVE-2023-25363 (A use-after-free vulnerability in WebCore::RenderLayer::updateDescenda ...)
{DSA-5241-1 DSA-5240-1 DLA-3124-1}
- webkit2gtk 2.38.0-1
@@ -92043,7 +92043,7 @@ CVE-2022-45849 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnera
CVE-2022-45848 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability inContest Gall ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45847 (Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45846 (Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45845 (Deserialization of Untrusted Data vulnerability in Nextend Smart Slide ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07d5002e266973144ef7531fc84ee8731bd23a38
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07d5002e266973144ef7531fc84ee8731bd23a38
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240327/07d14b2a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list