[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 29 20:19:19 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
097b175d by security tracker role at 2024-03-29T20:18:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,329 @@
-CVE-2024-3094
+CVE-2024-3081 (A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has be ...)
+ TODO: check
+CVE-2024-3078 (A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classi ...)
+ TODO: check
+CVE-2024-3077 (An malicious BLE device can crash BLE victim device by sending malform ...)
+ TODO: check
+CVE-2024-3061 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...)
+ TODO: check
+CVE-2024-31032 (An issue in Huashi Private Cloud CDN Live Streaming Acceleration Serve ...)
+ TODO: check
+CVE-2024-30645 (Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability v ...)
+ TODO: check
+CVE-2024-30639 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the p ...)
+ TODO: check
+CVE-2024-30638 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the ...)
+ TODO: check
+CVE-2024-30637 (Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in t ...)
+ TODO: check
+CVE-2024-30636 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the ...)
+ TODO: check
+CVE-2024-30635 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located ...)
+ TODO: check
+CVE-2024-30634 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the ...)
+ TODO: check
+CVE-2024-30633 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...)
+ TODO: check
+CVE-2024-30632 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...)
+ TODO: check
+CVE-2024-30631 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...)
+ TODO: check
+CVE-2024-30630 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the t ...)
+ TODO: check
+CVE-2024-30629 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the l ...)
+ TODO: check
+CVE-2024-30628 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the p ...)
+ TODO: check
+CVE-2024-30627 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the d ...)
+ TODO: check
+CVE-2024-30626 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...)
+ TODO: check
+CVE-2024-30625 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the e ...)
+ TODO: check
+CVE-2024-30624 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the u ...)
+ TODO: check
+CVE-2024-30623 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the p ...)
+ TODO: check
+CVE-2024-30622 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the m ...)
+ TODO: check
+CVE-2024-30613 (Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time ...)
+ TODO: check
+CVE-2024-30521 (Cross-Site Request Forgery (CSRF) vulnerability in Landingi Landingi L ...)
+ TODO: check
+CVE-2024-30520 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30519 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30518 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custo ...)
+ TODO: check
+CVE-2024-30514 (Insertion of Sensitive Information into Log File vulnerability in Paid ...)
+ TODO: check
+CVE-2024-30513 (Authorization Bypass Through User-Controlled Key vulnerability in Meta ...)
+ TODO: check
+CVE-2024-30511 (Insertion of Sensitive Information into Log File vulnerability in Fr\x ...)
+ TODO: check
+CVE-2024-30510 (Unrestricted Upload of File with Dangerous Type vulnerability in Salon ...)
+ TODO: check
+CVE-2024-30508 (Missing Authorization vulnerability in ThimPress WP Hotel Booking.This ...)
+ TODO: check
+CVE-2024-30507 (Authorization Bypass Through User-Controlled Key vulnerability in Molo ...)
+ TODO: check
+CVE-2024-30506 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30505 (Missing Authorization vulnerability in Andy Moyle Church Admin.This is ...)
+ TODO: check
+CVE-2024-30504 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-30503 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30502 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-30501 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-30500 (Unrestricted Upload of File with Dangerous Type vulnerability in CubeW ...)
+ TODO: check
+CVE-2024-30499 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-30498 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-30497 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-30496 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-30495 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-30494 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-30493 (Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church A ...)
+ TODO: check
+CVE-2024-30492 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-30491 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-30490 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-30488 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-30487 (Missing Authorization vulnerability in Sonaar Music MP3 Audio Player f ...)
+ TODO: check
+CVE-2024-30486 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-30483 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30482 (Cross-Site Request Forgery (CSRF) vulnerability in Brice CAPOBIANCO Si ...)
+ TODO: check
+CVE-2024-30478 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-30477 (Missing Authorization vulnerability in Klarna Klarna Payments for WooC ...)
+ TODO: check
+CVE-2024-30469 (Missing Authorization vulnerability in WPExperts Wholesale For WooComm ...)
+ TODO: check
+CVE-2024-30468 (Cross-Site Request Forgery (CSRF) vulnerability in All In One WP Secur ...)
+ TODO: check
+CVE-2024-30463 (Missing Authorization vulnerability in realmag777 BEAR.This issue affe ...)
+ TODO: check
+CVE-2024-30462 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY \u ...)
+ TODO: check
+CVE-2024-30460 (Cross-Site Request Forgery (CSRF) vulnerability in Tumult Inc Tumult H ...)
+ TODO: check
+CVE-2024-30458 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS \u ...)
+ TODO: check
+CVE-2024-30457 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WordPres ...)
+ TODO: check
+CVE-2024-30456 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WPCS.Thi ...)
+ TODO: check
+CVE-2024-30455 (Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issu ...)
+ TODO: check
+CVE-2024-30454 (Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.T ...)
+ TODO: check
+CVE-2024-30453 (Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup ...)
+ TODO: check
+CVE-2024-30452 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30451 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30450 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30449 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30448 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30447 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30446 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30445 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30444 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30443 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30442 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30441 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30440 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30439 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30438 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30436 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30435 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30434 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30433 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30432 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30431 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30430 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30429 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30428 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30427 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30426 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30425 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30423 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30247 (NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi ...)
+ TODO: check
+CVE-2024-30246 (Tuleap is an Open Source Suite to improve management of software devel ...)
+ TODO: check
+CVE-2024-2970 (The News Wall plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2024-2969 (The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2024-2968 (The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-2964 (The Pocket News Generator plugin for WordPress is vulnerable to Cross- ...)
+ TODO: check
+CVE-2024-2963 (The Pocket News Generator plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-2936 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2024-2848 (The Responsive theme for WordPress is vulnerable to unauthorized modif ...)
+ TODO: check
+CVE-2024-2844 (The Easy Appointments plugin for WordPress is vulnerable to unauthoriz ...)
+ TODO: check
+CVE-2024-2842 (The Easy Appointments plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-2841 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...)
+ TODO: check
+CVE-2024-2476 (The OceanWP theme for WordPress is vulnerable to unauthorized access o ...)
+ TODO: check
+CVE-2024-2475 (The Media Library Assistant plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2024-2411 (The MasterStudy LMS plugin for WordPress is vulnerable to Local File I ...)
+ TODO: check
+CVE-2024-2409 (The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Es ...)
+ TODO: check
+CVE-2024-2280 (The Better Elementor Addons plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2024-2250 (The 130+ Widgets | Best Addons For Elementor \u2013 FREE plugin for Wo ...)
+ TODO: check
+CVE-2024-2116 (The Christmas Greetings plugin for WordPress is vulnerable to Reflecte ...)
+ TODO: check
+CVE-2024-2113 (The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for ...)
+ TODO: check
+CVE-2024-2108 (The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for ...)
+ TODO: check
+CVE-2024-29904 (CodeIgniter is a PHP full-stack web framework A vulnerability was foun ...)
+ TODO: check
+CVE-2024-29901 (The AuthKit library for Next.js provides helpers for authentication an ...)
+ TODO: check
+CVE-2024-29900 (Electron Packager bundles Electron-based application source code with ...)
+ TODO: check
+CVE-2024-29893 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
+ TODO: check
+CVE-2024-29890 (DataLens is a business intelligence and data visualization system. A s ...)
+ TODO: check
+CVE-2024-29686 (Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1. ...)
+ TODO: check
+CVE-2024-29667 (SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 ...)
+ TODO: check
+CVE-2024-29640 (An issue in aliyundrive-webdav v.2.3.3 and before allows a remote atta ...)
+ TODO: check
+CVE-2024-29489 (Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:23 ...)
+ TODO: check
+CVE-2024-29316 (NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-pr ...)
+ TODO: check
+CVE-2024-29202 (JumpServer is an open source bastion host and an operation and mainten ...)
+ TODO: check
+CVE-2024-29201 (JumpServer is an open source bastion host and an operation and mainten ...)
+ TODO: check
+CVE-2024-29024 (JumpServer is an open source bastion host and an operation and mainten ...)
+ TODO: check
+CVE-2024-29020 (JumpServer is an open source bastion host and an operation and mainten ...)
+ TODO: check
+CVE-2024-28960 (An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28. ...)
+ TODO: check
+CVE-2024-28867 (Swift Prometheus is a Swift client for the Prometheus monitoring syste ...)
+ TODO: check
+CVE-2024-28714 (SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 al ...)
+ TODO: check
+CVE-2024-28456 (Cross Site Scripting vulnerability in Campcodes Online Marriage Regist ...)
+ TODO: check
+CVE-2024-28405 (SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code install ...)
+ TODO: check
+CVE-2024-27619 (Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. ...)
+ TODO: check
+CVE-2024-25944 (Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversa ...)
+ TODO: check
+CVE-2024-24407 (SQL Injection vulnerability in Best Courier management system v.1.0 al ...)
+ TODO: check
+CVE-2024-23727 (The YI Smart Kami Vision com.kamivision.yismart application through 1. ...)
+ TODO: check
+CVE-2024-23539 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-23538 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-23537 (Improper Privilege Management vulnerability in Apache Fineract.This is ...)
+ TODO: check
+CVE-2024-23449 (An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs wh ...)
+ TODO: check
+CVE-2024-1872 (The Button plugin for WordPress is vulnerable to PHP Object Injection ...)
+ TODO: check
+CVE-2024-1858 (The Lightbox slider \u2013 Responsive Lightbox Gallery plugin for Word ...)
+ TODO: check
+CVE-2024-1729 (Th password check condition is vulnerable to timing attack to guess th ...)
+ TODO: check
+CVE-2024-0956 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...)
+ TODO: check
+CVE-2024-0913 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...)
+ TODO: check
+CVE-2024-0609 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...)
+ TODO: check
+CVE-2024-0608 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...)
+ TODO: check
+CVE-2023-6191 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-6047 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-52629 (In the Linux kernel, the following vulnerability has been resolved: s ...)
+ TODO: check
+CVE-2023-50969 (Thales Imperva SecureSphere WAF 14.7.0.40 allows remote attackers to b ...)
+ TODO: check
+CVE-2023-49234 (An XML external entity (XXE) vulnerability was found in Stilog Visual ...)
+ TODO: check
+CVE-2023-49232 (An authentication bypass vulnerability was found in Stilog Visual Plan ...)
+ TODO: check
+CVE-2023-49231 (An authentication bypass vulnerability was found in Stilog Visual Plan ...)
+ TODO: check
+CVE-2023-33528 (halo v1.6.0 is vulnerable to Cross Site Scripting (XSS).)
+ TODO: check
+CVE-2024-3094 (Malicious code was discovered in the upstream tarballs of xz, starting ...)
+ {DSA-5649-1}
- xz-utils 5.6.1+really5.4.5-1
[bookworm] - xz-utils <not-affected> (Vulnerable code not present)
[bullseye] - xz-utils <not-affected> (Vulnerable code not present)
@@ -1182,18 +1507,22 @@ CVE-2023-33322 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2023-32237 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress theme
CVE-2024-2887 (Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 ...)
+ {DSA-5648-1}
- chromium 123.0.6312.86-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-2886 (Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 al ...)
+ {DSA-5648-1}
- chromium 123.0.6312.86-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-2885 (Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed ...)
+ {DSA-5648-1}
- chromium 123.0.6312.86-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-2883 (Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowe ...)
+ {DSA-5648-1}
- chromium 123.0.6312.86-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -2374,30 +2703,37 @@ CVE-2023-35888 (IBM Security Verify Governance 10.0.2 could allow a remote attac
CVE-2022-4963 (A vulnerability was found in Folio Spring Module Core up to 1.1.5. It ...)
NOT-FOR-US: Folio Spring Module Core
CVE-2024-2631 (Inappropriate implementation in iOS in Google Chrome prior to 123.0.63 ...)
+ {DSA-5648-1}
- chromium 123.0.6312.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-2630 (Inappropriate implementation in iOS in Google Chrome prior to 123.0.63 ...)
+ {DSA-5648-1}
- chromium 123.0.6312.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-2629 (Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 a ...)
+ {DSA-5648-1}
- chromium 123.0.6312.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-2628 (Inappropriate implementation in Downloads in Google Chrome prior to 12 ...)
+ {DSA-5648-1}
- chromium 123.0.6312.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-2627 (Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allow ...)
+ {DSA-5648-1}
- chromium 123.0.6312.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-2626 (Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312 ...)
+ {DSA-5648-1}
- chromium 123.0.6312.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-2625 (Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 a ...)
+ {DSA-5648-1}
- chromium 123.0.6312.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -74178,8 +74514,8 @@ CVE-2023-25343
RESERVED
CVE-2023-25342
RESERVED
-CVE-2023-25341
- RESERVED
+CVE-2023-25341 (A Directory Traversal vulnerability in ladle dev server 2.5.1 and earl ...)
+ TODO: check
CVE-2023-25340
RESERVED
CVE-2023-25339
@@ -84554,7 +84890,7 @@ CVE-2022-4712 (The WP Cerber Security plugin for WordPress is vulnerable to stor
NOT-FOR-US: WordPress plugin
CVE-2022-4711 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...)
NOT-FOR-US: Royal Elementor Addons plugin for WordPress
-CVE-2022-47937 (** UNSUPPORTED WHEN ASSIGNED ** Improper input validation in the ...)
+CVE-2022-47937 (Improper input validation in the Apache Sling Commons JSON bundle allo ...)
NOT-FOR-US: Apache Sling
CVE-2022-47936 (A vulnerability has been identified in JT Open (All versions < V11.2.3 ...)
NOT-FOR-US: JT Open
@@ -88359,8 +88695,8 @@ CVE-2022-47155 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Sli
NOT-FOR-US: WordPress plugin
CVE-2022-47154 (Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolution CSS ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47153
- RESERVED
+CVE-2022-47153 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2022-47152 (Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47151
@@ -208565,8 +208901,8 @@ CVE-2021-31158 (In the Query Engine in Couchbase Server 6.5.x and 6.6.x through
NOT-FOR-US: Couchbase Server
CVE-2021-31157
RESERVED
-CVE-2021-31156
- RESERVED
+CVE-2021-31156 (Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader ...)
+ TODO: check
CVE-2021-31155 (Failure to normalize the umask in please before 0.4 allows a local att ...)
- rust-pleaser 0.4.1-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/097b175dc1c03db5f3a822190937e292dbce39a5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/097b175dc1c03db5f3a822190937e292dbce39a5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240329/32b6778b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list