Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
31b3f5f9 by Moritz Muehlenhoff at 2024-04-02T11:09:43+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,7 +27,7 @@ CVE-2024-3139 (A vulnerability, which was classified as
critical, has been found
CVE-2024-3138 (** DISPUTED ** A vulnerability was found in francoisjacquet
RosarioSIS ...)
NOT-FOR-US: RosarioSISster
CVE-2024-3137 (Improper Privilege Management in uvdesk/community-skeleton)
- TODO: check
+ NOT-FOR-US: UVdesk
CVE-2024-31005 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker
to execu ...)
NOT-FOR-US: Bento4
CVE-2024-31004 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker
to execu ...)
@@ -208,15 +208,15 @@ CVE-2024-25187 (Server Side Request Forgery (SSRF)
vulnerability in 71cms v1.0.0
CVE-2024-24581 (in OpenHarmony v4.0.0 and prior versions allow a local
attacker arbitr ...)
NOT-FOR-US: OpenHarmony
CVE-2024-23119 (Centreon insertGraphTemplate SQL Injection Remote Code
Execution Vulne ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2024-23118 (Centreon updateContactHostCommands SQL Injection Remote Code
Execution ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2024-23117 (Centreon updateContactServiceCommands SQL Injection Remote
Code Execut ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2024-23116 (Centreon updateLCARelation SQL Injection Remote Code Execution
Vulnera ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2024-23115 (Centreon updateGroups SQL Injection Remote Code Execution
Vulnerabilit ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2024-22180 (in OpenHarmony v4.0.0 and prior versions allow a local
attacker cause ...)
NOT-FOR-US: OpenHarmony
CVE-2024-22177 (in OpenHarmony v3.2.4 and prior versions allow a local
attacker cause ...)
@@ -264,7 +264,7 @@ CVE-2024-1274 (The My Calendar WordPress plugin before
3.4.24 does not sanitise
CVE-2024-1179 (TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer
Overflow ...)
NOT-FOR-US: TP-Link
CVE-2024-0637 (Centreon updateDirectory SQL Injection Remote Code Execution
Vulnerabi ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2023-52636 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
- linux 6.7.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -293,18 +293,18 @@ CVE-2023-52630 (In the Linux kernel, the following
vulnerability has been resolv
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2a427b49d02995ea4a6ff93a1432c40fa4d36821 (6.8-rc4)
CVE-2023-51573 (Voltronic Power ViewPower Pro updateManagerPassword Exposed
Dangerous ...)
- TODO: check
+ NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51572 (Voltronic Power ViewPower Pro getMacAddressByIp Command
Injection Remo ...)
- TODO: check
+ NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51571 (Voltronic Power ViewPower Pro SocketService Missing
Authentication Den ...)
- TODO: check
+ NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51570 (Voltronic Power ViewPower Pro Deserialization of Untrusted
Data Remote ...)
- TODO: check
+ NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2024-28219
- pillow <unfixed>
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
CVE-2024-3135 (The web server lacked CSRF tokens allowing an attacker to host
malicio ...)
- TODO: check
+ NOT-FOR-US: LocalAI
CVE-2024-3131 (A vulnerability was found in SourceCodester Computer Laboratory
Manage ...)
NOT-FOR-US: SourceCodester Computer Laboratory Management System
CVE-2024-3130 (Hard-coded Credentialsin CoolKit eWeLlink app are before 5.4.x
on Andr ...)
@@ -348,51 +348,51 @@ CVE-2024-30859 (netentsec NS-ASG 6.3 is vulnerable to SQL
Injection via /admin/c
CVE-2024-30858 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via
/admin/edit_fi ...)
NOT-FOR-US: netentsec NS-ASG
CVE-2024-29435 (An issue discovered in Alldata v0.4.6 allows attacker to run
arbitrary ...)
- TODO: check
+ NOT-FOR-US: Alldata
CVE-2024-29433 (A deserialization vulnerability in the FASTJSON component of
Alldata v ...)
- TODO: check
+ NOT-FOR-US: Alldata
CVE-2024-28232 (Go package IceWhaleTech/CasaOS-UserService provides user
management fu ...)
NOT-FOR-US: IceWhaleTech/CasaOS-UserService
CVE-2024-25574 (SQL injection vulnerability exists in
GetDIAE_usListParameters.)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2024-25080 (WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the
image attac ...)
- TODO: check
+ NOT-FOR-US: Axigen
CVE-2024-21473 (Memory corruption while redirecting log file to any file
location with ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-21472 (Memory corruption in Kernel while handling GPU operations.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-21470 (Memory corruption while allocating memory for graphics.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-21468 (Memory corruption when there is failed unmap operation in GPU.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-21463 (Memory corruption while processing Codec2 during v13k decoder
pitch sy ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-21454 (Transient DOS while decoding the ToBeSignedMessage in
Automotive Telem ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-21453 (Transient DOS while decoding message of size that exceeds the
availabl ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-21452 (Transient DOS while decoding an ASN.1 OER message containing a
SEQUENC ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-6154 (A configuration setting issue in seccenter.exe as used in
Bitdefender ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2023-48906 (Stack Overflow vulnerability in Btstack 1.6 and earlier allows
attacke ...)
- TODO: check
+ NOT-FOR-US: Btstack
CVE-2023-43515 (Memory corruption in HLOS while running kernel address
sanitizers (syz ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33115 (Memory corruption while processing buffer initialization, when
trusted ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33111 (Information disclosure when VI calibration state set by ADSP
is greate ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33101 (Transient DOS while processing DL NAS TRANSPORT message with
payload l ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33100 (Transient DOS while processing DL NAS Transport message when
message I ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33099 (Transient DOS while processing SMS container of non-standard
size rece ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33023 (Memory corruption while processing finish_sign command to pass
a rsp b ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-4966 (A vulnerability was found in sequentech admin-console up to
6.1.7 and ...)
- TODO: check
+ NOT-FOR-US: sequentech admin-console
CVE-2024-26655 (In the Linux kernel, the following vulnerability has been
resolved: F ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -621,7 +621,7 @@ CVE-2024-3018 (The Essential Addons for Elementor plugin
for WordPress is vulner
CVE-2024-2491 (The PowerPack Addons for Elementor plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1522 (I have activated the CORS because I had a development ui that
uses ano ...)
- TODO: check
+ NOT-FOR-US: lollms-webui
CVE-2024-3084 (A vulnerability was found in PHPGurukul Emergency Ambulance
Hiring Por ...)
NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal
CVE-2024-2948 (The Favorites plugin for WordPress is vulnerable to Stored
Cross-Site ...)
@@ -899,7 +899,7 @@ CVE-2024-29904 (CodeIgniter is a PHP full-stack web
framework A vulnerability wa
CVE-2024-29901 (The AuthKit library for Next.js provides helpers for
authentication an ...)
NOT-FOR-US: AuthKit library for Next.js
CVE-2024-29900 (Electron Packager bundles Electron-based application source
code with ...)
- TODO: check
+ NOT-FOR-US: Electron Packager
CVE-2024-29893 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2024-29890 (DataLens is a business intelligence and data visualization
system. A s ...)
@@ -909,7 +909,7 @@ CVE-2024-29686 (Server-side Template Injection (SSTI)
vulnerability in Winter CM
CVE-2024-29667 (SQL Injection vulnerability in Tongtianxing Technology Co.,
Ltd CMSV6 ...)
NOT-FOR-US: Tongtianxing
CVE-2024-29640 (An issue in aliyundrive-webdav v.2.3.3 and before allows a
remote atta ...)
- TODO: check
+ NOT-FOR-US: aliyundrive-webdav
CVE-2024-29489 (Jerryscript 2.4.0 has SEGV at
./jerry-core/ecma/base/ecma-helpers.c:23 ...)
TODO: check
CVE-2024-29316 (NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g.,
a low-pr ...)
@@ -1089,11 +1089,11 @@ CVE-2024-2947 (A flaw was found in Cockpit. Deleting a
sosreport with a crafted
NOTE: Introduced by:
https://github.com/cockpit-project/cockpit/commit/ee8f946df39779ee37071006d1d4826317f25c9a
(270)
NOTE: Fixed by:
https://github.com/cockpit-project/cockpit/commit/9c4cc9b6df632082538b53bdc8ee9ec1c5cad4da
(314)
CVE-2024-29898 (CreateWiki is Miraheze's MediaWiki extension for requesting &
creating ...)
- TODO: check
+ NOT-FOR-US: CreateWiki MediaWiki extension
CVE-2024-29897 (CreateWiki is Miraheze's MediaWiki extension for requesting &
creating ...)
- TODO: check
+ NOT-FOR-US: CreateWiki MediaWiki extension
CVE-2024-29896 (Astro-Shield is a library to compute the subresource integrity
hashes ...)
- TODO: check
+ NOT-FOR-US: Astro-Shield
CVE-2024-29882 (SRS is a simple, high-efficiency, real-time video server.
SRS's `/api/ ...)
NOT-FOR-US: SRS video server
CVE-2024-29200 (Kimai is a web-based multi-user time-tracking application. The
permiss ...)
@@ -1996,7 +1996,7 @@ CVE-2023-31854 (std::bad_alloc is mishandled in Precomp
0.4.8. NOTE: this is dis
CVE-2023-31634 (In TeslaMate before 1.27.2, there is unauthorized access to
port 4000 ...)
NOT-FOR-US: TeslaMate
CVE-2017-20190 (Some Microsoft technologies as used in Windows 8 through 11
allow a te ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-22029
- tomcat10 <not-affected> (SUSE specfic packaging issue on
/usr/share/tomcat/tomcat-webapps permissions)
- tomcat9 <not-affected> (SUSE specfic packaging issue on
/usr/share/tomcat/tomcat-webapps permissions)
@@ -2056,13 +2056,13 @@ CVE-2024-2891 (A vulnerability, which was classified as
critical, was found in T
CVE-2024-2802
REJECTED
CVE-2024-2452 (In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can
control ...)
- TODO: check
+ NOT-FOR-US: Eclipse ThreadX
CVE-2024-2214 (In Eclipse ThreadX before version 6.4.0, the _Mtxinit()
function in th ...)
- TODO: check
+ NOT-FOR-US: Eclipse ThreadX
CVE-2024-2212 (In Eclipse ThreadX before 6.4.0, xQueueCreate() and
xQueueCreateSet() ...)
- TODO: check
+ NOT-FOR-US: Eclipse ThreadX
CVE-2024-29883 (CreateWiki is Miraheze's MediaWiki extension for requesting &
creating ...)
- TODO: check
+ NOT-FOR-US: CreateWiki MediaWiki extension
CVE-2024-29881 (TinyMCE is an open source rich text editor. A cross-site
scripting (X ...)
- tinymce <removed>
NOTE:
https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31b3f5f9da4399d16769136be4b2640dc475a215
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31b3f5f9da4399d16769136be4b2640dc475a215
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
