Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7aa3c240 by Salvatore Bonaccorso at 2024-01-03T21:22:07+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2024-21910 (TinyMCE versions before 5.10.0 are affected by
a cross-site scri
- tinymce <removed>
NOTE:
https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39
CVE-2024-21909 (PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a
denial of ...)
- TODO: check
+ NOT-FOR-US: PeterO.Cbor
CVE-2024-21908 (TinyMCE versions before 5.9.0 are affected by a stored
cross-site scri ...)
- tinymce <removed>
NOTE:
https://github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg
@@ -16,19 +16,19 @@ CVE-2024-21633 (Apktool is a tool for reverse engineering
Android APK files. In
CVE-2024-21631 (Vapor is an HTTP web framework for Swift. Prior to version
4.90.0, Vap ...)
TODO: check
CVE-2024-21622 (Craft is a content management system. This is a potential
moderate imp ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2024-0217 (A use-after-free flaw was found in PackageKitd. In some
conditions, th ...)
TODO: check
CVE-2024-0201 (The Product Expiry for WooCommerce plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7068 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and
Shippi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6984 (The PowerPack Addons for Elementor (Free Widgets, Extensions
and Templ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6747 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6621 (The POST SMTP WordPress plugin before 2.8.7 does not sanitise
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5881 (Unauthenticated access permitted to web interface page The
Genie Compa ...)
TODO: check
CVE-2023-5880 (When the Genie Company Aladdin Connect garage door opener
(Retrofit-Ki ...)
@@ -36,39 +36,39 @@ CVE-2023-5880 (When the Genie Company Aladdin Connect
garage door opener (Retrof
CVE-2023-5879 (Users\u2019 product account authentication data was stored in
clear te ...)
TODO: check
CVE-2023-52314 (PaddlePaddle before 2.6.0 has a command injection in
convert_shape_com ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-52313 (FPE in paddle.argmin and paddle.argmaxin PaddlePaddle before
2.6.0. Th ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-52312 (Nullptr dereference in paddle.cropin PaddlePaddle before
2.6.0. This f ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-52311 (PaddlePaddle before 2.6.0 has a command injection in
_wget_download. T ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-52310 (PaddlePaddle before 2.6.0 has a command injection in
get_online_pass_i ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-52309 (Heap buffer overflow in paddle.repeat_interleavein
PaddlePaddle before ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-52308 (FPE in paddle.aminin PaddlePaddle before 2.6.0. This flaw can
cause a ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-52307 (Stack overflow in paddle.linalg.lu_unpackin PaddlePaddle
before 2.6.0. ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-52306 (FPE in paddle.lerpin PaddlePaddle before 2.6.0. This flaw can
cause a ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-52305 (FPE in paddle.topkin PaddlePaddle before 2.6.0. This flaw can
cause a ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-52304 (Stack overflow in paddle.searchsortedin PaddlePaddle before
2.6.0. Thi ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-52303 (Nullptr in paddle.put_along_axisin PaddlePaddle before 2.6.0.
This fla ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-52302 (Nullptr in paddle.nextafterin PaddlePaddle before 2.6.0. This
flaw can ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-50921 (An issue was discovered on GL.iNet devices through 4.5.0.
Attackers ca ...)
- TODO: check
+ NOT-FOR-US: GL.iNet devices
CVE-2023-50253 (Laf is a cloud development platform. In the Laf version
design, the lo ...)
TODO: check
CVE-2023-50093 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: APIIDA API Gateway Manager for Broadcom Layer7
CVE-2023-50092 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: APIIDA API Gateway Manager for Broadcom Layer7
CVE-2023-50090 (Arbitrary File Write vulnerability in the saveReportFile
method of ure ...)
TODO: check
CVE-2023-46929 (An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master
in MP4Box ...)
@@ -84,23 +84,23 @@ CVE-2023-46739 (CubeFS is an open-source cloud-native file
storage system. A vul
CVE-2023-46738 (CubeFS is an open-source cloud-native file storage system. A
security ...)
TODO: check
CVE-2023-45559 (An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to
send cra ...)
- TODO: check
+ NOT-FOR-US: Tamaki_hamanoki Line
CVE-2023-39655 (A host header injection vulnerability exists in the NPM
package @perfo ...)
TODO: check
CVE-2023-38678 (OOB access in paddle.modein PaddlePaddle before 2.6.0. This
flaw can c ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-38677 (FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This
flaw can c ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-38676 (Nullptr in paddle.dotin PaddlePaddle before 2.6.0. This flaw
can cause ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-38675 (FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0.
This fl ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-38674 (FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This
flaw can ca ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-37608 (An issue in Automatic Systems SOC FL9600 FastLine
v.lego_T04E00 allows ...)
- TODO: check
+ NOT-FOR-US: Automatic Systems SOC FL9600 FastLine v.lego_T04E00
CVE-2023-37607 (Directory Traversal in Automatic-Systems SOC FL9600 FastLine
lego_T04E ...)
- TODO: check
+ NOT-FOR-US: Automatic-Systems SOC FL9600 FastLine lego_T04E00
CVE-2023-51785 (Deserialization of Untrusted Data vulnerability in Apache
InLong.This ...)
NOT-FOR-US: Apache InLong
CVE-2023-51784 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7aa3c2407b793a30f89584794109f2b6c483682f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7aa3c2407b793a30f89584794109f2b6c483682f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
