diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2024-04-30 20:12:25 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2024-04-30 20:12:25 +0000 |
| commit | 522a2023b5ec5a418352bee084e46e73d3cc8c18 (patch) | |
| tree | 983186c7abdcae5e05acded1e6bf35b27ff4edae | |
| parent | 35a700837c76e6a5234ae324d526b140e2183f2d (diff) | |
automatic update
| -rw-r--r-- | data/CVE/list | 145 |
1 files changed, 128 insertions, 17 deletions
diff --git a/data/CVE/list b/data/CVE/list index 6bff25aa66..9a89e8bb44 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,113 @@ +CVE-2024-4340 (Passing a heavily nested list to sqlparse.parse() leads to a Denial of ...) + TODO: check +CVE-2024-4337 (Adive Framework 2.0.8, does not sufficiently encode user-controlled in ...) + TODO: check +CVE-2024-4336 (Adive Framework 2.0.8, does not sufficiently encode user-controlled in ...) + TODO: check +CVE-2024-4185 (The Customer Email Verification for WooCommerce plugin for WordPress i ...) + TODO: check +CVE-2024-3746 (The entire parent directory - C:\ScadaPro and its sub-directories and ...) + TODO: check +CVE-2024-3411 (Implementations of IPMI Authenticated sessions does not provide enough ...) + TODO: check +CVE-2024-3072 (The ACF Front End Editor plugin for WordPress is vulnerable to unautho ...) + TODO: check +CVE-2024-34088 (In FRRouting (FRR) through 9.1, it is possible for the get_edge() func ...) + TODO: check +CVE-2024-33832 (OneNav v0.9.35-20240318 was discovered to contain a Server-Side Reques ...) + TODO: check +CVE-2024-33831 (A stored cross-site scripting (XSS) vulnerability in the Advanced Expe ...) + TODO: check +CVE-2024-33465 (Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allow ...) + TODO: check +CVE-2024-33437 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) + TODO: check +CVE-2024-33436 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) + TODO: check +CVE-2024-33383 (Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allow ...) + TODO: check +CVE-2024-33371 (Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remot ...) + TODO: check +CVE-2024-33332 (An issue discovered in SpringBlade 3.7.1 allows attackers to obtain se ...) + TODO: check +CVE-2024-33309 (An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and i ...) + TODO: check +CVE-2024-33308 (An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and i ...) + TODO: check +CVE-2024-33275 (SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and bef ...) + TODO: check +CVE-2024-33274 (Directory Traversal vulnerability in FME Modules customfields v.2.2.7 ...) + TODO: check +CVE-2024-33273 (SQL injection vulnerability in shipup before v.3.3.0 allows a remote a ...) + TODO: check +CVE-2024-33270 (An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2 ...) + TODO: check +CVE-2024-33267 (SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before a ...) + TODO: check +CVE-2024-33103 (An arbitrary file upload vulnerability in the Media Manager component ...) + TODO: check +CVE-2024-33102 (A stored cross-site scripting (XSS) vulnerability in the component /pu ...) + TODO: check +CVE-2024-33101 (A stored cross-site scripting (XSS) vulnerability in the component /ac ...) + TODO: check +CVE-2024-2877 (Vault Enterprise, when configured with performance standby nodes and a ...) + TODO: check +CVE-2024-2663 (The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server ...) + TODO: check +CVE-2024-2617 (A vulnerability exists in the RTU500 that allows for authenticated and ...) + TODO: check +CVE-2024-2378 (A vulnerability exists in the web-authentication component of the SDM6 ...) + TODO: check +CVE-2024-2377 (A vulnerability exists in the too permissive HTTP response header web ...) + TODO: check +CVE-2024-29384 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) + TODO: check +CVE-2024-29320 (Wallos before 1.15.3 is vulnerable to SQL Injection via the category a ...) + TODO: check +CVE-2024-28716 (An issue in OpenStack Storlets yoga-eom allows a remote attacker to ex ...) + TODO: check +CVE-2024-28269 (ReCrystallize Server 5.10.0.0 allows administrators to upload files to ...) + TODO: check +CVE-2024-26331 (ReCrystallize Server 5.10.0.0 uses a authorization mechanism that reli ...) + TODO: check +CVE-2024-25938 (A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0 ...) + TODO: check +CVE-2024-25648 (A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0 ...) + TODO: check +CVE-2024-25575 (A type confusion vulnerability vulnerability exists in the way Foxit R ...) + TODO: check +CVE-2024-23774 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...) + TODO: check +CVE-2024-23773 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...) + TODO: check +CVE-2024-23772 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...) + TODO: check +CVE-2024-23463 (Anti-tampering protection of the Zscaler Client Connector can be bypas ...) + TODO: check +CVE-2024-22546 (TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the ...) + TODO: check +CVE-2024-22405 (XADMaster is an objective-C library for archive and file unarchiving a ...) + TODO: check +CVE-2024-1895 (The Event Monster \u2013 Event Management, Tickets Booking, Upcoming E ...) + TODO: check +CVE-2023-50915 (An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67 ...) + TODO: check +CVE-2023-50914 (A Privilege Escalation issue in the inter-process communication proced ...) + TODO: check +CVE-2023-50059 (An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to ob ...) + TODO: check +CVE-2023-50053 (An issue in Foundation.app Foundation platform 1.0 allows a remote att ...) + TODO: check +CVE-2023-49473 (Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware ...) + TODO: check +CVE-2023-46304 (modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote au ...) + TODO: check +CVE-2023-45385 (ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Dire ...) + TODO: check +CVE-2023-38002 (IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated ...) + TODO: check +CVE-2023-36268 (An issue in The Document Foundation Libreoffice v.7.4.7 allows a remot ...) + TODO: check CVE-2024-29040 - tpm2-tss <unfixed> (bug #1070140) NOTE: https://github.com/tpm2-software/tpm2-tss/commit/710cd0b6adf3a063f34a8e92da46df7a107d9a99 (4.1.0) @@ -10898,7 +11008,7 @@ CVE-2023-47430 (Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1. NOTE: https://sourceforge.net/p/minidlna/bugs/361/ NOTE: TiVo support not enabled in the Debian builds CVE-2024-30205 (In Emacs before 29.3, Org mode considers contents of remote files to b ...) - {DLA-3801-1} + {DLA-3802-1 DLA-3801-1} - emacs 1:29.3+1-1 (bug #1067630) [bookworm] - emacs <no-dsa> (Minor issue, will be fixed via point release) [bullseye] - emacs <no-dsa> (Minor issue, will be fixed via point release) @@ -10911,7 +11021,7 @@ CVE-2024-30205 (In Emacs before 29.3, Org mode considers contents of remote file NOTE: https://list.orgmode.org/87o7b3eczr.fsf@bzg.fr/T/#t NOTE: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d (release_9.6.23) CVE-2024-30204 (In Emacs before 29.3, LaTeX preview is enabled by default for e-mail a ...) - {DLA-3801-1} + {DLA-3802-1 DLA-3801-1} - emacs 1:29.3+1-1 (bug #1067630) [bookworm] - emacs <no-dsa> (Minor issue, will be fixed via point release) [bullseye] - emacs <no-dsa> (Minor issue, will be fixed via point release) @@ -10924,7 +11034,7 @@ CVE-2024-30204 (In Emacs before 29.3, LaTeX preview is enabled by default for e- NOTE: org-mode/9.5.2+dfsh-5 dropped all lisp files from the produced binary packages NOTE: making an empty dependency package only. CVE-2024-30203 (In Emacs before 29.3, Gnus treats inline MIME contents as trusted.) - {DLA-3801-1} + {DLA-3802-1 DLA-3801-1} - emacs 1:29.3+1-1 (bug #1067630) [bookworm] - emacs <no-dsa> (Minor issue, will be fixed via point release) [bullseye] - emacs <no-dsa> (Minor issue, will be fixed via point release) @@ -12938,6 +13048,7 @@ CVE-2023-7085 (The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 d CVE-2023-6821 (The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 cont ...) NOT-FOR-US: WordPress plugin CVE-2023-41334 (Astropy is a project for astronomy in Python that fosters interoperabi ...) + {DLA-3803-1} - astropy 5.3.3-1 NOTE: https://github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hf NOTE: https://github.com/astropy/astropy/commit/22057d37b1313f5f5a9b5783df0a091d978dccb5 (v5.3.3) @@ -260177,8 +260288,8 @@ CVE-2020-27480 RESERVED CVE-2020-27479 RESERVED -CVE-2020-27478 - RESERVED +CVE-2020-27478 (Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0 ...) + TODO: check CVE-2020-27477 RESERVED CVE-2020-27476 @@ -316053,8 +316164,8 @@ CVE-2019-20326 (A heap-based buffer overflow in _cairo_image_surface_create_from [buster] - gthumb 3:3.6.2-4+deb10u1 NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/14860321ce3235d420498c4f81f21003d1fb78f4 (3.8.3) NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce2358812d23a1147953ee76f59631590ad (master) -CVE-2020-5200 - RESERVED +CVE-2020-5200 (Minerbabe through V4.16 ships with SSH host keys baked into the instal ...) + TODO: check CVE-2020-5199 RESERVED CVE-2020-5198 @@ -321869,16 +321980,16 @@ CVE-2019-19757 (An internal product security audit of Lenovo XClarity Administra NOT-FOR-US: Lenovo CVE-2019-19756 (An internal product security audit of Lenovo XClarity Administrator (L ...) NOT-FOR-US: Lenovo -CVE-2019-19755 - RESERVED -CVE-2019-19754 - RESERVED -CVE-2019-19753 - RESERVED -CVE-2019-19752 - RESERVED -CVE-2019-19751 - RESERVED +CVE-2019-19755 (ethOS through 1.3.3 ships with SSH host keys baked into the installati ...) + TODO: check +CVE-2019-19754 (HiveOS through 0.6-102@191212 ships with SSH host keys baked into the ...) + TODO: check +CVE-2019-19753 (SimpleMiningOS through v1259 ships with SSH host keys baked into the i ...) + TODO: check +CVE-2019-19752 (nvOC through 3.2 ships with SSH host keys baked into the installation ...) + TODO: check +CVE-2019-19751 (easyMINE before 2019-12-05 ships with SSH host keys baked into the ins ...) + TODO: check CVE-2019-19750 (minerstat msOS before 2019-10-23 does not have a unique SSH key for ea ...) NOT-FOR-US: minerstat msOS CVE-2019-19749 |