[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 27 09:12:25 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7ebb9273 by security tracker role at 2024-05-27T08:12:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2024-5403 (ASKEY 5G NR Small Cell fails to properly filter user input for certain ...)
+ TODO: check
+CVE-2024-5400 (Openfind Mail2000 does not properly filter parameters of specific CGI. ...)
+ TODO: check
+CVE-2024-5399 (Openfind Mail2000 does not properly filter parameters of specific API. ...)
+ TODO: check
+CVE-2024-5397 (A vulnerability classified as critical was found in itsourcecode Onlin ...)
+ TODO: check
+CVE-2024-5396 (A vulnerability classified as critical has been found in itsourcecode ...)
+ TODO: check
+CVE-2024-5395 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...)
+ TODO: check
+CVE-2024-5394 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...)
+ TODO: check
+CVE-2024-5393 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...)
+ TODO: check
+CVE-2024-5392 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...)
+ TODO: check
+CVE-2024-5391 (A vulnerability has been found in itsourcecode Online Student Enrollme ...)
+ TODO: check
+CVE-2024-5390 (A vulnerability, which was classified as critical, was found in itsour ...)
+ TODO: check
+CVE-2024-5385 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-5384 (A vulnerability classified as critical was found in SourceCodester Fac ...)
+ TODO: check
+CVE-2024-5383 (A vulnerability classified as problematic has been found in lakernote ...)
+ TODO: check
+CVE-2024-5381 (A vulnerability classified as critical was found in itsourcecode Stude ...)
+ TODO: check
+CVE-2024-5380 (A vulnerability classified as problematic has been found in jsy-1 shor ...)
+ TODO: check
+CVE-2024-5379 (A vulnerability was found in JFinalCMS up to 20240111. It has been rat ...)
+ TODO: check
+CVE-2024-5378 (A vulnerability was found in SourceCodester School Intramurals Student ...)
+ TODO: check
+CVE-2024-5377 (A vulnerability was found in SourceCodester Vehicle Management System ...)
+ TODO: check
+CVE-2024-5376 (A vulnerability was found in Kashipara College Management System 1.0 a ...)
+ TODO: check
+CVE-2024-5035 (The affected device expose a network service called "rftest" that is v ...)
+ TODO: check
+CVE-2024-4535 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not hav ...)
+ TODO: check
+CVE-2024-4534 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not hav ...)
+ TODO: check
+CVE-2024-4533 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not san ...)
+ TODO: check
+CVE-2024-4532 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...)
+ TODO: check
+CVE-2024-4531 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...)
+ TODO: check
+CVE-2024-4530 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...)
+ TODO: check
+CVE-2024-4529 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...)
+ TODO: check
+CVE-2024-4286 (Mintplex-Labs' anything-llm application is vulnerable to improper neut ...)
+ TODO: check
+CVE-2024-3939 (The Ditty WordPress plugin before 3.1.36 does not sanitise and escape ...)
+ TODO: check
+CVE-2024-3933 (In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, w ...)
+ TODO: check
+CVE-2024-36384 (Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is rel ...)
+ TODO: check
+CVE-2024-36056 (Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user ...)
+ TODO: check
+CVE-2024-36055 (Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user ...)
+ TODO: check
+CVE-2024-36054 (Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user ...)
+ TODO: check
+CVE-2024-35297 (Cross-site scripting vulnerability exists in WP Booking versions prior ...)
+ TODO: check
+CVE-2024-35291 (Cross-site scripting vulnerability exists in Splunk Config Explorer ve ...)
+ TODO: check
+CVE-2024-34454 (Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SS ...)
+ TODO: check
+CVE-2024-30658
+ REJECTED
+CVE-2024-30657
+ REJECTED
+CVE-2024-27314 (Zoho ManageEngineServiceDesk Plus versions below14730,ServiceDesk Plus ...)
+ TODO: check
+CVE-2024-26289 (Deserialization of Untrusted Data vulnerability in PMB Services PMB al ...)
+ TODO: check
CVE-2024-5375 (A vulnerability has been found in Kashipara College Management System ...)
NOT-FOR-US: Kashipara College Management System
CVE-2024-5374 (A vulnerability, which was classified as problematic, was found in Kas ...)
@@ -144,7 +228,8 @@ CVE-2024-33471 (An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 a
NOT-FOR-US: AVTECH Room Alert
CVE-2024-33470 (An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 all ...)
NOT-FOR-US: AVTECH Room Alert
-CVE-2024-33427 (Buffer Overflow vulnerability in Squid version before v.6.10 allows a ...)
+CVE-2024-33427
+ REJECTED
- squid <unfixed> (unimportant)
- squid3 <removed> (unimportant)
NOTE: https://github.com/squid-cache/squid/pull/1763
@@ -6520,7 +6605,7 @@ CVE-2024-30001 (Windows Mobile Broadband Driver Remote Code Execution Vulnerabil
NOT-FOR-US: Microsoft
CVE-2024-30000 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2024-2637 (An authenticated local attacker who successfully exploited this vulner ...)
+CVE-2024-2637 (An Uncontrolled Search Path Element vulnerability in B&R Industrial Au ...)
NOT-FOR-US: BR Automation
CVE-2024-29999 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -17286,7 +17371,8 @@ CVE-2024-30272 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an
NOT-FOR-US: Adobe
CVE-2024-30271 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...)
NOT-FOR-US: Adobe
-CVE-2024-29454 (An issue discovered in packages or nodes in ROS2 Humble Hawksbill with ...)
+CVE-2024-29454
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-25852 (Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution v ...)
NOT-FOR-US: Linksys
@@ -17402,7 +17488,8 @@ CVE-2024-30879 (Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2
NOT-FOR-US: RageFrame2
CVE-2024-30878 (A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allo ...)
NOT-FOR-US: RageFrame2
-CVE-2024-30728 (An issue was discovered in the default configurations of ROS (Robot Op ...)
+CVE-2024-30728
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-2966 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
NOT-FOR-US: WordPress plugin
@@ -17414,27 +17501,38 @@ CVE-2024-29504 (Cross Site Scripting vulnerability in Summernote v.0.8.18 and be
NOT-FOR-US: Summernote
CVE-2024-29460 (An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate th ...)
NOT-FOR-US: PX4 Autopilot
-CVE-2024-29455 (An arbitrary file upload vulnerability has been discovered in ROS2 Hum ...)
+CVE-2024-29455
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-29452 (An insecure deserialization vulnerability has been identified in ROS2 ...)
+CVE-2024-29452
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-29450 (An issue has been discovered in the permission and access control comp ...)
+CVE-2024-29450
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-29449 (An issue was discovered in ROS2 Humble Hawksbill in ROS_VERSION 2 and ...)
+CVE-2024-29449
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-29448 (A buffer overflow vulnerability has been discovered in the C++ compone ...)
+CVE-2024-29448
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-29447 (An issue was discovered in the default configurations of ROS2 Humble H ...)
+CVE-2024-29447
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-29445 (An issue was discovered in ROS2 (Robot Operating System 2) Humble Hawk ...)
+CVE-2024-29445
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-29444 (An OS command injection vulnerability has been discovered in ROS2 (Rob ...)
+CVE-2024-29444
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-29443 (A shell injection vulnerability was discovered in ROS2 (Robot Operatin ...)
+CVE-2024-29443
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-29441 (An issue was discovered in ROS2 (Robot Operating System 2) Humble Hawk ...)
+CVE-2024-29441
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-29439 (An unauthorized node injection vulnerability has been identified in RO ...)
+CVE-2024-29439
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-29399 (An issue was discovered in GNU Savane v.3.13 and before, allows a remo ...)
NOT-FOR-US: GNU Savane
@@ -17966,49 +18064,71 @@ CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of sngrep
NOTE: https://github.com/irontec/sngrep/commit/dd5fec92730562af6f96891291cd4e102b80bfcc (v1.8.1)
CVE-2024-3020 (The plugin is vulnerable to PHP Object Injection in versions up to and ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-30737 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...)
+CVE-2024-30737
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30736 (An insecure deserialization vulnerability has been identified in ROS K ...)
+CVE-2024-30736
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30735 (An arbitrary file upload vulnerability has been discovered in ROS Kine ...)
+CVE-2024-30735
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30733 (A buffer overflow vulnerability has been discovered in the C++ compone ...)
+CVE-2024-30733
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30730 (An insecure logging vulnerability has been identified within ROS Kinet ...)
+CVE-2024-30730
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30729 (An OS command injection vulnerability has been discovered in ROS Kinet ...)
+CVE-2024-30729
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30727 (An issue was discovered in ROS Kinetic Kame in Kinetic Kame ROS_VERSIO ...)
+CVE-2024-30727
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30726 (A shell injection vulnerability was discovered in ROS (Robot Operating ...)
+CVE-2024-30726
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30724 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...)
+CVE-2024-30724
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30723 (An unauthorized node injection vulnerability has been identified in RO ...)
+CVE-2024-30723
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30722 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...)
+CVE-2024-30722
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30721 (An arbitrary file upload vulnerability has been discovered in ROS2 Das ...)
+CVE-2024-30721
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30719 (An insecure deserialization vulnerability has been identified in ROS2 ...)
+CVE-2024-30719
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30718 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION=2 and ...)
+CVE-2024-30718
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30716 (An insecure logging vulnerability in ROS2 Dashing Diademata ROS_VERSIO ...)
+CVE-2024-30716
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30715 (A buffer overflow vulnerability has been discovered in the C++ compone ...)
+CVE-2024-30715
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30713 (An OS command injection vulnerability has been discovered in ROS2 Dash ...)
+CVE-2024-30713
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30712 (A shell injection vulnerability was discovered in ROS2 (Robot Operatin ...)
+CVE-2024-30712
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30711 (An issue was discovered in the default configurations of ROS2 Dashing ...)
+CVE-2024-30711
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30710 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ...)
+CVE-2024-30710
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30708 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ...)
+CVE-2024-30708
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30707 (Unauthorized node injection vulnerability in ROS2 Dashing Diademata in ...)
+CVE-2024-30707
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-2736 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
NOT-FOR-US: WordPress plugin
@@ -18143,13 +18263,17 @@ CVE-2024-31368 (Missing Authorization vulnerability in PenciDesign Soledad.This
NOT-FOR-US: WordPress plugin
CVE-2024-31367 (Missing Authorization vulnerability in PenciDesign Soledad.This issue ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-30706 (An issue was discovered in ROS2 Dashing Diademata versions ROS_VERSION ...)
+CVE-2024-30706
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30704 (An insecure deserialization vulnerability has been identified in ROS2 ...)
+CVE-2024-30704
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30703 (An arbitrary file upload vulnerability has been discovered in ROS2 (Ro ...)
+CVE-2024-30703
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30702 (An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 a ...)
+CVE-2024-30702
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30262 (Contao is an open source content management system. Prior to version 4 ...)
NOT-FOR-US: Contao CMS
@@ -18840,43 +18964,62 @@ CVE-2024-31047 (An issue in Academy Software Foundation openexr v.3.2.3 and befo
NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1680
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1681
NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/7aa89e1d09b09d9f5dbb96976ee083a331ab9d71
-CVE-2024-30701 (An insecure logging vulnerability in ROS2 Galactic Geochelone ROS_VERS ...)
+CVE-2024-30701
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30699 (A buffer overflow vulnerability has been discovered in the C++ compone ...)
+CVE-2024-30699
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30697 (An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 a ...)
+CVE-2024-30697
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30696 (OS command injection vulnerability in ROS2 Galactic Geochelone in ROS_ ...)
+CVE-2024-30696
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30695 (An issue was discovered in the default configurations of ROS2 Galactic ...)
+CVE-2024-30695
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30694 (A shell injection vulnerability was discovered in ROS2 (Robot Operatin ...)
+CVE-2024-30694
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30692 (A issue was discovered in ROS2 Galactic Geochelone versions ROS_VERSIO ...)
+CVE-2024-30692
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30691 (An issue was discovered in ROS2 Galactic Geochelone in version ROS_VER ...)
+CVE-2024-30691
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30690 (An unauthorized node injection vulnerability has been identified in RO ...)
+CVE-2024-30690
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30688 (An arbitrary file upload vulnerability has been discovered in ROS2 Iro ...)
+CVE-2024-30688
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30687 (An insecure deserialization vulnerability has been identified in ROS2 ...)
+CVE-2024-30687
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30686 (An issue was discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ...)
+CVE-2024-30686
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30684 (An insecure logging vulnerability has been identified within ROS2 Iron ...)
+CVE-2024-30684
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30683 (A buffer overflow vulnerability has been discovered in the C++ compone ...)
+CVE-2024-30683
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30681 (An OS command injection vulnerability has been discovered in ROS2 Iron ...)
+CVE-2024-30681
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30680 (Shell injection vulnerability was discovered in ROS2 (Robot Operating ...)
+CVE-2024-30680
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30679 (An issue was discovered in the default configurations of ROS2 Iron Irw ...)
+CVE-2024-30679
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30678 (An issue has been discovered in ROS2 Iron Irwini ROS_VERSION 2 and ROS ...)
+CVE-2024-30678
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30676 (A Denial-of-Service (DoS) vulnerability exists in ROS2 Iron Irwini ver ...)
+CVE-2024-30676
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30218 (The ABAP Application Server of SAP NetWeaver as well as ABAP Platforma ...)
NOT-FOR-US: SAP
@@ -19137,25 +19280,35 @@ CVE-2024-31948 (In FRRouting (FRR) through 9.1, an attacker using a malformed Pr
NOTE: Fixed by: https://github.com/FRRouting/frr/commit/babb23b74855e23c987a63f8256d24e28c044d07
CVE-2024-31022 (An issue was discovered in CandyCMS version 1.0.0, allows remote attac ...)
NOT-FOR-US: CandyCMS
-CVE-2024-30675 (Unauthorized node injection vulnerability in ROS2 Iron Irwini in ROS_V ...)
+CVE-2024-30675
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30674 (Unauthorized access vulnerability in ROS2 Iron Irwini in ROS_VERSION i ...)
+CVE-2024-30674
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30672 (Arbitrary file upload vulnerability in ROS (Robot Operating System) Me ...)
+CVE-2024-30672
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30667 (Insecure deserialization vulnerability in ROS (Robot Operating System) ...)
+CVE-2024-30667
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30666 (A buffer overflow vulnerability has been discovered in the C++ compone ...)
+CVE-2024-30666
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30665 (An OS command injection vulnerability has been discovered in ROS (Robo ...)
+CVE-2024-30665
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30663 (An issue was discovered in the default configurations of ROS (Robot Op ...)
+CVE-2024-30663
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30662 (An issue was discovered in ROS (Robot Operating System) Melodic Moreni ...)
+CVE-2024-30662
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30661 (An unauthorized access vulnerability has been discovered in ROS Melodi ...)
+CVE-2024-30661
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-30659 (Shell Injection vulnerability in ROS (Robot Operating System) Melodic ...)
+CVE-2024-30659
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-28744 (The password is empty in the initial configuration of ACERA 9010-08 fi ...)
NOT-FOR-US: ACERA
@@ -23426,9 +23579,11 @@ CVE-2024-2303 (The Easy Textillate plugin for WordPress is vulnerable to Stored
NOT-FOR-US: WordPress plugin
CVE-2024-2170 (The VK All in One Expansion Unit plugin for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-29442 (An unauthorized access vulnerability has been discovered in ROS2 Humbl ...)
+CVE-2024-29442
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2024-29440 (An unauthorized access vulnerability has been discovered in ROS2 Humbl ...)
+CVE-2024-29440
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-29303 (The delete admin users function of SourceCodester PHP Task Management ...)
NOT-FOR-US: SourceCodester PHP Task Management System
@@ -36112,7 +36267,7 @@ CVE-2024-1225 (A vulnerability classified as critical was found in QiboSoft Qibo
NOT-FOR-US: QiboSoft QiboCMS X1
CVE-2024-0953 (When a user scans a QR Code with the QR Code Scanner feature, the user ...)
- firefox <not-affected> (Only affects Firefox for iOS)
-CVE-2024-0323 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R ...)
+CVE-2024-0323 (The FTP server used on the B&R Automation Runtime supports unsecure en ...)
NOT-FOR-US: B&R Industrial Automation Automation Runtime (SDM modules)
CVE-2023-7216 (A path traversal vulnerability was found in the CPIO utility. This iss ...)
NOTE: Disputed cpio issue, probably going to be rejected
@@ -37028,13 +37183,17 @@ CVE-2024-1012 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: Wanhu ezOFFICE
CVE-2024-0836 (The WordPress Review & Structure Data Schema Plugin \u2013 Review Sche ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-51204 (Insecure deserialization in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PY ...)
+CVE-2023-51204
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2023-51202 (OS command injection vulnerability in command processing or system cal ...)
+CVE-2023-51202
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2023-51198 (An issue in the permission and access control components within ROS2 F ...)
+CVE-2023-51198
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2023-51197 (An issue discovered in shell command execution in ROS2 (Robot Operatin ...)
+CVE-2023-51197
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2023-3934
REJECTED
@@ -38267,13 +38426,17 @@ CVE-2023-52090 (A security agent link following vulnerability in Trend Micro Ape
NOT-FOR-US: Trend Micro
CVE-2023-51711 (An issue was discovered in Regify Regipay Client for Windows version 4 ...)
NOT-FOR-US: Regify Regipay Client
-CVE-2023-51208 (An Arbitrary File Upload vulnerability in ROS2 Foxy Fitzroy ROS_VERSIO ...)
+CVE-2023-51208
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2023-51201 (Cleartext Transmission issue in ROS2 (Robot Operating System 2) Foxy F ...)
+CVE-2023-51201
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2023-51200 (An issue in the default configurations of ROS2 Foxy Fitzroy ROS_VERSIO ...)
+CVE-2023-51200
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
-CVE-2023-51199 (Buffer Overflow vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and R ...)
+CVE-2023-51199
+ REJECTED
NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2023-47202 (A local file inclusion vulnerability on the Trend Micro Apex One manag ...)
NOT-FOR-US: Trend Micro
@@ -68835,7 +68998,7 @@ CVE-2023-32364 (A logic issue was addressed with improved restrictions. This iss
NOT-FOR-US: Apple
CVE-2023-3622 (Access Control Bypass Vulnerability in the SolarWinds Platform that al ...)
NOT-FOR-US: SolarWinds
-CVE-2023-3242 (Allocation of Resources Without Limits or Throttling, Improper Initial ...)
+CVE-2023-3242 (Improper initialization implementation in Portmapper used in B&R Indus ...)
NOT-FOR-US: B&R Industrial Automation
CVE-2023-39261 (In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesti ...)
- intellij-idea <itp> (bug #747616)
@@ -72705,9 +72868,11 @@ CVE-2023-34099 (Shopware is an open source e-commerce software. The mail validat
NOT-FOR-US: Shopware
CVE-2023-34098 (Shopware is an open source e-commerce software. Due to an incorrect co ...)
NOT-FOR-US: Shopware
-CVE-2023-33567 (An unauthorized access vulnerability has been discovered in ROS2 Foxy ...)
+CVE-2023-33567
+ REJECTED
NOTE: Duplicate of CVE-2021-38425
-CVE-2023-33566 (An unauthorized node injection vulnerability has been identified in RO ...)
+CVE-2023-33566
+ REJECTED
NOTE: Duplicate of CVE-2021-38425
CVE-2023-32339 (IBM Business Automation Workflow is vulnerable to cross-site scripting ...)
NOT-FOR-US: IBM
@@ -73063,7 +73228,8 @@ CVE-2023-34021 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in An
NOT-FOR-US: WordPress plugin
CVE-2023-34012 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-33565 (ROS2 (Robot Operating System 2) Foxy Fitzroy ROS_VERSION=2 and ROS_PYT ...)
+CVE-2023-33565
+ REJECTED
NOTE: Duplicate of CVE-2021-38425
CVE-2023-32580 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEx ...)
NOT-FOR-US: WordPress plugin
@@ -253489,7 +253655,7 @@ CVE-2021-22282 (Improper Control of Generation of Code ('Code Injection') vulner
NOT-FOR-US: B&R Industrial Automation Automation Studio
CVE-2021-22281 (: Relative Path Traversal vulnerability in B&R Industrial Automation A ...)
NOT-FOR-US: B&R Industrial Automation Automation Studio
-CVE-2021-22280 (Improper DLL loading algorithms in B&R Automation Studio may allow an ...)
+CVE-2021-22280 (Improper DLL loading algorithms in B&R Automation Studio versions >=4. ...)
TODO: check
CVE-2021-22279 (A Missing Authentication vulnerability in RobotWare for the OmniCore r ...)
NOT-FOR-US: ABB / OmniCore robot controller
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ebb9273a67ef06bbe669fdb4318e3a447e37c2f
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ebb9273a67ef06bbe669fdb4318e3a447e37c2f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240527/2d0c6eda/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list