[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 22 Mar 2024 04:28:16 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9a53e54f by Moritz Muehlenhoff at 2024-03-22T12:26:17+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -71,9 +71,9 @@ CVE-2024-29272 (Arbitrary File Upload vulnerability in 
VvvebJs before version 1.
 CVE-2024-29271 (Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs 
before v ...)
        NOT-FOR-US: VvvebJs
 CVE-2024-29031 (Meshery is an open source, cloud native manager that enables 
the desig ...)
-       TODO: check
+       NOT-FOR-US: Meshery
 CVE-2024-28891 (SQL injection vulnerability exists in the script 
Handler_CFG.ashx.)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2024-28863 (node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 
has no  ...)
        - node-tar <unfixed>
        NOTE: 
https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36
@@ -103,13 +103,13 @@ CVE-2024-28029 (Privileges are not fully verified 
server-side, which can be abus
 CVE-2024-27921 (Grav is an open-source, flat-file content management system. A 
file up ...)
        NOT-FOR-US: Grav CMS
 CVE-2024-26557 (Codiad v2.8.4 allows reflected XSS via the 
components/market/dialog.ph ...)
-       TODO: check
+       NOT-FOR-US: Codiad
 CVE-2024-25937 (SQL injection vulnerability exists in the script 
DIAE_tagHandler.ashx.)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2024-25808 (Cross-site Request Forgery (CSRF) vulnerability in Lychee 
version 3.1. ...)
-       TODO: check
+       NOT-FOR-US: Lychee
 CVE-2024-25807 (Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, 
allows remot ...)
-       TODO: check
+       NOT-FOR-US: Lychee
 CVE-2024-25567 (Path traversal attack is possible and write outside of the 
intended di ...)
        NOT-FOR-US: Delta Electronics
 CVE-2024-24272 (An issue in iTop DualSafe Password Manager & Digital Vault 
before 1.4. ...)
@@ -121,7 +121,7 @@ CVE-2024-23494 (SQL injection vulnerability exists in 
GetDIAE_unListParameters.)
 CVE-2024-0957 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and 
Shippi ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-42954 (A privilege escalation issue existed in FileMaker Server, 
potentially  ...)
-       TODO: check
+       NOT-FOR-US: Claris FileMaker Server
 CVE-2024-2742 (Operating system command injection vulnerability in Planet 
IGS-4215-16 ...)
        NOT-FOR-US: Planet IGS-4215-16T2S
 CVE-2024-2741 (Cross-Site Request Forgery (CSRF) vulnerability in Planet 
IGS-4215-16T ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a53e54f87fcc34c6e13e4f1ef790217750062fb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a53e54f87fcc34c6e13e4f1ef790217750062fb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to