diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2024-04-26 08:11:46 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2024-04-26 08:11:46 +0000 |
| commit | 821a6aa03ab9aa6e9a7506d6cb2af1c941fd74df (patch) | |
| tree | eac29e4f86785cca06a6208dab34f9b11239fde7 /data | |
| parent | 5110920485713eed8e4b1da60cb3c1833cea6774 (diff) | |
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 131 |
1 files changed, 122 insertions, 9 deletions
diff --git a/data/CVE/list b/data/CVE/list index 333d2fd975..c7ca77dda1 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,109 @@ +CVE-2024-4163 (The Skylab IGX IIoT Gateway allowed users to connect to it via a limit ...) + TODO: check +CVE-2024-4056 (Denial of service condition in M-Files Server in versions before 24.4. ...) + TODO: check +CVE-2024-3890 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-3678 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...) + TODO: check +CVE-2024-3265 (The Advanced Search WordPress plugin through 1.1.6 does not properly e ...) + TODO: check +CVE-2024-3188 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) + TODO: check +CVE-2024-3075 (The MM-email2image WordPress plugin through 0.2.5 does not validate an ...) + TODO: check +CVE-2024-3060 (The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize an ...) + TODO: check +CVE-2024-3059 (The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF c ...) + TODO: check +CVE-2024-3058 (The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF c ...) + TODO: check +CVE-2024-3048 (The Bannerlid WordPress plugin through 1.1.0 does not escape generated ...) + TODO: check +CVE-2024-33673 (An issue was discovered in Veritas Backup Exec before 22.2 HotFix 9173 ...) + TODO: check +CVE-2024-33672 (An issue was discovered in Veritas NetBackup before 10.4. The Multi-Th ...) + TODO: check +CVE-2024-33671 (An issue was discovered in Veritas Backup Exec before 22.2 HotFix 9173 ...) + TODO: check +CVE-2024-33670 (Passbolt API before 4.6.2 allows HTML injection in a URL parameter, re ...) + TODO: check +CVE-2024-33669 (An issue was discovered in Passbolt Browser Extension before 4.6.2. It ...) + TODO: check +CVE-2024-33668 (An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cach ...) + TODO: check +CVE-2024-33667 (An issue was discovered in Zammad before 6.3.0. An authenticated agent ...) + TODO: check +CVE-2024-33666 (An issue was discovered in Zammad before 6.3.0. Users with customer ac ...) + TODO: check +CVE-2024-33665 (angular-translate through 2.19.1 allows XSS via a crafted key that is ...) + TODO: check +CVE-2024-33664 (python-jose through 3.3.0 allows attackers to cause a denial of servic ...) + TODO: check +CVE-2024-33663 (python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA k ...) + TODO: check +CVE-2024-33661 (Portainer before 2.20.0 allows redirects when the target is not index. ...) + TODO: check +CVE-2024-33651 (Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gi ...) + TODO: check +CVE-2024-33650 (Cross-Site Request Forgery (CSRF) vulnerability in Cryout Creations Se ...) + TODO: check +CVE-2024-33642 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33639 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33638 (Cross-Site Request Forgery (CSRF) vulnerability in Brijesh Kothari Sma ...) + TODO: check +CVE-2024-33598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32868 (ZITADEL provides users the possibility to use Time-based One-Time-Pass ...) + TODO: check +CVE-2024-32651 (changedetection.io is an open source web page change detection, websit ...) + TODO: check +CVE-2024-32406 (Server-Side Template Injection (SSTI) vulnerability in inducer relate ...) + TODO: check +CVE-2024-32404 (Server-Side Template Injection (SSTI) vulnerability in inducer relate ...) + TODO: check +CVE-2024-31755 (cJSON v1.7.17 was discovered to contain a segmentation violation, whic ...) + TODO: check +CVE-2024-31610 (File Upload vulnerability in the function for employees to upload avat ...) + TODO: check +CVE-2024-31609 (Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attac ...) + TODO: check +CVE-2024-2920 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-2908 (The Call Now Button WordPress plugin before 1.4.7 does not sanitise a ...) + TODO: check +CVE-2024-2837 (The WP Chat App WordPress plugin before 3.6.4 does not sanitise and es ...) + TODO: check +CVE-2024-2603 (The Salon booking system WordPress plugin through 9.6.5 does not sanit ...) + TODO: check +CVE-2024-2439 (The Salon booking system WordPress plugin through 9.6.5 does not sanit ...) + TODO: check +CVE-2024-2429 (The Salon booking system WordPress plugin through 9.6.5 does not have ...) + TODO: check +CVE-2024-2310 (The WP Google Review Slider WordPress plugin before 13.6 does not sani ...) + TODO: check +CVE-2024-2159 (The Social Sharing Plugin WordPress plugin before 3.3.61 does not val ...) + TODO: check +CVE-2024-22633 (Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 w ...) + TODO: check +CVE-2024-22632 (Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 w ...) + TODO: check +CVE-2024-0916 (Unauthenticatedfile upload allows remote code execution. This issue af ...) + TODO: check +CVE-2024-0905 (The Fancy Product Designer WordPress plugin before 6.1.8 does not sani ...) + TODO: check +CVE-2023-6116 (Team ENVY, a Security Research TEAM has found a flaw that allows for a ...) + TODO: check +CVE-2023-6096 (Vladimir Kononovich, a Security Researcher has found a flaw that using ...) + TODO: check +CVE-2023-6095 (Vladimir Kononovich, a Security Researcher has found a flaw that allow ...) + TODO: check +CVE-2023-47252 (An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 ...) + TODO: check +CVE-2022-48682 (In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows ...) + TODO: check CVE-2024-27282 - ruby3.2 <unfixed> - ruby3.1 <unfixed> @@ -139,11 +245,11 @@ CVE-2023-51484 (Improper Authentication vulnerability in wp-buy Login as User or TODO: check CVE-2023-51482 (Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manag ...) TODO: check -CVE-2024-4173 (A vulnerability in Brocade SANnav ova versions before Brocade SANnav v ...) +CVE-2024-4173 (A vulnerability in Brocade SANnav exposes Kafka in the wan interface. ...) NOT-FOR-US: Brocade CVE-2024-4161 (In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic receiv ...) NOT-FOR-US: Brocade -CVE-2024-4159 (Brocade SANnav before Brocade SANnav v2.3.1 lacks protection mechanism ...) +CVE-2024-4159 (Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377 ...) NOT-FOR-US: Brocade CVE-2024-3988 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) NOT-FOR-US: WordPress plugin @@ -476,7 +582,7 @@ CVE-2024-25583 (A crafted response from an upstream server the recursor has been NOTE: Fixed by: https://github.com/PowerDNS/pdns/commit/3d16f2f49c22326e5a72f074c2a1f1b45769cb3f (rec-4.9.5) NOTE: Introduced by: https://github.com/PowerDNS/pdns/commit/c090cc8b9198a9ee9155486894505a86878e30ee (rec-4.8.7) NOTE: Fixed by: https://github.com/PowerDNS/pdns/commit/e1247da968077ee7c58fa41447057ee2a2b09fc9 (rec-4.8.8) -CVE-2024-3154 +CVE-2024-3154 (A flaw was found in cri-o, where an arbitrary systemd property can be ...) - cri-o <itp> (bug #979702) CVE-2024-30171 - bouncycastle <unfixed> @@ -936,7 +1042,7 @@ CVE-2024-29966 (Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded NOT-FOR-US: Brocade SANnav CVE-2024-29965 (In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back u ...) NOT-FOR-US: Brocade SANnav -CVE-2024-29964 (Docker instances in Brocade SANnav before v2.3.1 and v2.3.0a have an i ...) +CVE-2024-29964 (Brocade SANnav versions before v2.3.0a do not correctly set permission ...) NOT-FOR-US: Brocade SANnav CVE-2024-29963 (Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded keys ...) NOT-FOR-US: Brocade SANnav @@ -31577,7 +31683,7 @@ CVE-2023-32725 (The website configured in the URL widget will receive a session CVE-2023-32230 (An improper handling of a malformed API request to an API server in Bo ...) NOT-FOR-US: Bosch CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...) - {DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3730-1 DLA-3719-1 DLA-3718-1 DLA-3694-1} + {DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3794-1 DLA-3730-1 DLA-3719-1 DLA-3718-1 DLA-3694-1} - dropbear 2022.83-4 (bug #1059001) [bookworm] - dropbear 2022.83-1+deb12u1 [bullseye] - dropbear 2020.81-3+deb11u1 @@ -131545,10 +131651,10 @@ CVE-2022-36031 (Directus is a free and open-source data platform for headless co NOT-FOR-US: Directus CVE-2022-36030 (Project-nexus is a general-purpose blog website framework. Affected ve ...) NOT-FOR-US: Project-nexus -CVE-2022-36029 - RESERVED -CVE-2022-36028 - RESERVED +CVE-2022-36029 (Greenlight is an end-user interface for BigBlueButton servers. Version ...) + TODO: check +CVE-2022-36028 (Greenlight is an end-user interface for BigBlueButton servers. Version ...) + TODO: check CVE-2022-36027 (TensorFlow is an open source platform for machine learning. When conve ...) - tensorflow <itp> (bug #804612) CVE-2022-36026 (TensorFlow is an open source platform for machine learning. If `Quanti ...) @@ -204163,6 +204269,7 @@ CVE-2021-36368 (An issue was discovered in OpenSSH before 8.9. If a client is us NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=3316 NOTE: https://docs.ssh-mitm.at/trivialauth.html CVE-2021-36367 (PuTTY through 0.75 proceeds with establishing an SSH session even if i ...) + {DLA-3794-1} - putty 0.75-3 (bug #990901) [bullseye] - putty 0.74-1+deb11u1 [stretch] - putty <no-dsa> (Minor issue) @@ -290617,6 +290724,7 @@ CVE-2020-14004 (An issue was discovered in Icinga2 before v2.12.0-rc1. The prepa CVE-2020-14003 RESERVED CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an in ...) + {DLA-3794-1} - putty 0.74-1 [stretch] - putty <no-dsa> (Minor issue) [jessie] - putty <no-dsa> (Minor issue) @@ -294168,6 +294276,7 @@ CVE-2020-12669 (core/get_menudiv.php in Dolibarr before 11.0.4 allows remote aut CVE-2020-12668 (Jinjava before 2.5.4 allow access to arbitrary classes by calling Java ...) NOT-FOR-US: Jinjava CVE-2020-12667 (Knot Resolver before 5.1.1 allows traffic amplification via a crafted ...) + {DLA-3795-1} - knot-resolver 5.1.1-0.1 (bug #961076) NOTE: https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/ NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/54f05e4d7b2e47c0bdd30b84272fc503cc65304b @@ -325404,6 +325513,7 @@ CVE-2019-19332 (An out-of-bounds memory write issue was found in the Linux Kerne [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/433f4ba1904100da65a311033f17a9bf586b287e CVE-2019-19331 (knot-resolver before version 4.3.0 is vulnerable to denial of service ...) + {DLA-3795-1} - knot-resolver 5.0.1-1 (bug #946181) NOTE: https://www.openwall.com/lists/oss-security/2019/12/04/4 CVE-2019-19329 (In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-0 ...) @@ -334731,6 +334841,7 @@ CVE-2019-17071 (The client-dash (aka Client Dash) plugin 2.1.4 for WordPress all CVE-2019-17070 (The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1. ...) NOT-FOR-US: liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin for WordPress CVE-2019-17069 (PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial o ...) + {DLA-3794-1} - putty 0.73-1 (unimportant) NOTE: https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=69201ad8936fe0ff1b8723b7a43accb5e9f1c888 @@ -356414,11 +356525,13 @@ CVE-2019-10192 (A heap-buffer overflow vulnerability was found in the Redis hype NOTE: https://github.com/antirez/redis/commit/ef1833b3f9d02261617b757fd6ebe0ec3f1be507 (5.0.4) NOTE: https://github.com/antirez/redis/commit/7f79849caa006f0d760b6c7e17f7796e3be92b4f (5.0.4) CVE-2019-10191 (A vulnerability was discovered in DNS resolver of knot resolver before ...) + {DLA-3795-1} - knot-resolver 5.0.1-1 (bug #932048) NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/839 NOTE: https://www.openwall.com/lists/oss-security/2019/07/14/1 CVE-2019-10190 (A vulnerability was discovered in DNS resolver component of knot resol ...) + {DLA-3795-1} - knot-resolver 5.0.1-1 (bug #932048) NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/827 |