Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
805ecc5a by Moritz Muehlenhoff at 2024-02-28T09:28:03+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -203,7 +203,7 @@ CVE-2020-36776 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2024-27508 (Atheme 7.2.12 contains a memory leak vulnerability in
/atheme/src/cryp ...)
TODO: check
CVE-2024-27507 (libLAS 1.8.1 contains a memory leak vulnerability in
/libLAS/apps/ts2l ...)
- TODO: check
+ - liblas <removed>
CVE-2024-27099 (The uAMQP is a C library for AMQP 1.0 communication to Azure
Cloud Ser ...)
TODO: check
CVE-2024-26473 (A reflected cross-site scripting (XSS) vulnerability in
SocialMediaWeb ...)
@@ -235,15 +235,15 @@ CVE-2024-25841 (In the module "So Flexibilite"
(soflexibilite) from Common-Servi
CVE-2024-25840 (In the module "Account Manager | Sales Representative &
Dealers | CRM" ...)
NOT-FOR-US: PrestaShop module
CVE-2024-25723 (ZenML Server in the ZenML machine learning package before
0.46.7 for P ...)
- TODO: check
+ NOT-FOR-US: ZenML
CVE-2024-25400 (Subrion CMS 4.2.1 is vulnerable to SQL Injection via
ia.core.mysqli.ph ...)
NOT-FOR-US: Subrion CMS
CVE-2024-25399 (Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS)
via admi ...)
NOT-FOR-US: Subrion CMS
CVE-2024-25398 (In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially
crafted n ...)
- TODO: check
+ NOT-FOR-US: Srelay
CVE-2024-24323 (SQL injection vulnerability in linlinjava litemall v.1.8.0
allows a re ...)
- TODO: check
+ NOT-FOR-US: linlinjava litemall
CVE-2024-22251 (VMware Workstation and Fusion contain an out-of-bounds read
vulnerabil ...)
NOT-FOR-US: VMware
CVE-2024-21742 (Improper input validation allows for header injection in
MIME4J librar ...)
@@ -402,7 +402,7 @@ CVE-2024-1686 (The Thank You Page Customizer for
WooCommerce \u2013 Increase You
CVE-2024-1323 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable
to Store ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0759 (Should an instance of AnythingLLM be hosted on an internal
network and ...)
- TODO: check
+ NOT-FOR-US: anythingllm
CVE-2023-7033 (Insufficient Resource Pool vulnerability in Ethernet function
of Mitsu ...)
NOT-FOR-US: Mitsubishi
CVE-2023-41506 (An arbitrary file upload vulnerability in the Update/Edit
Student's Pr ...)
@@ -567,13 +567,13 @@ CVE-2024-27084
CVE-2024-27081 (ESPHome is a system to control your ESP8266/ESP32. A security
misconfi ...)
NOT-FOR-US: ESPHome
CVE-2024-26468 (A DOM based cross-site scripting (XSS) vulnerability in the
component ...)
- TODO: check
+ NOT-FOR-US: urlpages
CVE-2024-26467 (A DOM based cross-site scripting (XSS) vulnerability in the
component ...)
- TODO: check
+ NOT-FOR-US: tabatkins/railroad-diagrams
CVE-2024-26466 (A DOM based cross-site scripting (XSS) vulnerability in the
component ...)
- TODO: check
+ NOT-FOR-US: web-platform-tests/wpt
CVE-2024-26465 (A DOM based cross-site scripting (XSS) vulnerability in the
component ...)
- TODO: check
+ NOT-FOR-US: beep.js
CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak
vulnerability in / ...)
- krb5 <unfixed>
NOTE:
https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md
@@ -681,9 +681,9 @@ CVE-2024-23835 (Suricata is a network Intrusion Detection
System, Intrusion Prev
NOTE:
https://github.com/OISF/suricata/commit/b0d762d2675a2441b74e039d54bfa5b050641f8e
(suricata-7.0.3)
NOTE:
https://github.com/OISF/suricata/commit/61a32360eba3c032de51029a05515ab46690286f
(suricata-7.0.3)
CVE-2024-23605 (A heap-based buffer overflow vulnerability exists in the GGUF
library ...)
- TODO: check
+ NOT-FOR-US: llama.cpp
CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF
library ...)
- TODO: check
+ NOT-FOR-US: llama.cpp
CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to
contain a Ser ...)
NOT-FOR-US: Tencent Blueking CMDB
CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2
SSL con ...)
@@ -691,13 +691,13 @@ CVE-2024-22201 (Jetty is a Java based web server and
servlet engine. An HTTP/2 S
NOTE:
https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
NOTE: https://github.com/jetty/jetty.project/issues/11256
CVE-2024-21836 (A heap-based buffer overflow vulnerability exists in the GGUF
library ...)
- TODO: check
+ NOT-FOR-US: llama.cpp
CVE-2024-21825 (A heap-based buffer overflow vulnerability exists in the GGUF
library ...)
- TODO: check
+ NOT-FOR-US: llama.cpp
CVE-2024-21802 (A heap-based buffer overflow vulnerability exists in the GGUF
library ...)
- TODO: check
+ NOT-FOR-US: llama.cpp
CVE-2024-1899 (An issue in the anchors subparser of Showdownjs versions <=
2.1.0 coul ...)
- TODO: check
+ NOT-FOR-US: Showdownjs
CVE-2024-1890 (Vulnerability whereby an attacker could send a malicious link
to an au ...)
NOT-FOR-US: Sunny WebBox firmware
CVE-2024-1889 (Cross-Site Request Forgery vulnerability in SMA Cluster
Controller, af ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/805ecc5ab40b7e9f61a44d3d639d0599e76eaaf7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/805ecc5ab40b7e9f61a44d3d639d0599e76eaaf7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
