Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4d5bcc61 by Salvatore Bonaccorso at 2024-03-14T21:30:08+01:00
Add CVE-2024-28849/node-follow-redirects
- - - - -
63435ff9 by Salvatore Bonaccorso at 2024-03-14T21:30:08+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,63 +3,66 @@ CVE-2024-2438
CVE-2024-2437
REJECTED
CVE-2024-28849 (follow-redirects is an open source, drop-in replacement for
Node's `ht ...)
- TODO: check
+ - node-follow-redirects <unfixed>
+ NOTE:
https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp
+ NOTE: https://github.com/psf/requests/issues/1885
+ NOTE:
https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b
(v1.15.6)
CVE-2024-28425 (greykite v1.0.0 was discovered to contain an arbitrary file
upload vul ...)
- TODO: check
+ NOT-FOR-US: greykite
CVE-2024-28424 (zenml v0.55.4 was discovered to contain an arbitrary file
upload vulne ...)
- TODO: check
+ NOT-FOR-US: zenml
CVE-2024-28423 (Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary
file up ...)
- TODO: check
+ NOT-FOR-US: Airflow-Diagrams
CVE-2024-28418 (Webedition CMS 9.2.2.0 has a File upload vulnerability via
/webEdition ...)
- TODO: check
+ NOT-FOR-US: Webedition CMS
CVE-2024-28417 (Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via
/webEdition/ ...)
- TODO: check
+ NOT-FOR-US: Webedition CMS
CVE-2024-28383 (Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack
overflo ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-28323 (The bwdates-report-result.php file in Phpgurukul User
Registration & L ...)
- TODO: check
+ NOT-FOR-US: Phpgurukul User Registration & Login and User Management
System
CVE-2024-28181 (turbo_boost-commands is a set of commands to help you build
robust rea ...)
- TODO: check
+ NOT-FOR-US: turbo_boost-commands
CVE-2024-27986 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27301 (Support App is an opensource application specialized in
managing Apple ...)
- TODO: check
+ NOT-FOR-US: Support App
CVE-2024-27266 (IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML
External ...)
- TODO: check
+ NOT-FOR-US: IBM X-Force ID:
CVE-2024-27265 (IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is
vulnerable to cr ...)
- TODO: check
+ NOT-FOR-US: IBM X-Force ID:
CVE-2024-25156 (A path traversal vulnerability exists in GoAnywhere MFT prior
to 7.4.2 ...)
- TODO: check
+ NOT-FOR-US: GoAnywhere MFT
CVE-2024-25139 (In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd
binary ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-24770 (vantage6 is an open source framework built to enable, manage
and deplo ...)
- TODO: check
+ NOT-FOR-US: vantage6
CVE-2024-24562 (vantage6-UI is the official user interface for the vantage6
server. In ...)
- TODO: check
+ NOT-FOR-US: vantage6
CVE-2024-23823 (vantage6 is an open source framework built to enable, manage
and deplo ...)
- TODO: check
+ NOT-FOR-US: vantage6
CVE-2024-22346 (Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could
allow a loca ...)
- TODO: check
+ NOT-FOR-US: IBM X-Force ID:
CVE-2024-1998
REJECTED
CVE-2024-1623 (Insufficient session timeout vulnerability in the FAST3686 V2
Vodafone ...)
- TODO: check
+ NOT-FOR-US: FAST3686 V2 Vodafone router from Sagemcom
CVE-2024-0313 (A malicious insider exploiting this vulnerability can
circumvent exist ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2024-0312 (A malicious insider can uninstall Skyhigh Client Proxy without
a valid ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2024-0311 (A malicious insider can bypass the existing policy of Skyhigh
Client P ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2023-50168 (Pega Platform from 6.x to 8.8.4 is affected by an XXE issue
with PDF G ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2023-42938 (A logic issue was addressed with improved checks. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-35191 (Uncontrolled resource consumption for some Intel(R) SPS
firmware versi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32633 (Improper input validation in the Intel(R) CSME installer
software befo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28389 (Incorrect default permissions in some Intel(R) CSME installer
software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-25395
NOT-FOR-US: RT-Thread
CVE-2024-25394
@@ -62397,7 +62400,7 @@ CVE-2023-27879 (Improper access control in firmware for
some Intel(R) Optane(TM)
CVE-2023-27519 (Improper input validation in firmware for some Intel(R)
Optane(TM) SSD ...)
NOT-FOR-US: Intel
CVE-2023-27502 (Insertion of sensitive information into log file for some
Intel(R) Loc ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27306 (Improper Initialization in firmware for some Intel(R)
Optane(TM) SSD p ...)
NOT-FOR-US: Intel
CVE-2023-27305 (Incorrect default permissions in some Intel(R) Arc(TM) &
Iris(R) Xe Gr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f6de72b5ec2b6af6c959a91b15f80000685e8eee...63435ff9331cc205449673461c1c1278adf7c865
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f6de72b5ec2b6af6c959a91b15f80000685e8eee...63435ff9331cc205449673461c1c1278adf7c865
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
