Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2ef9641b by Moritz Muehlenhoff at 2024-04-02T13:04:03+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -409,7 +409,7 @@ CVE-2024-26653 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7c9631969287a5366bc8e39cd5abff154b35fb80 (6.9-rc2) CVE-2024-31033 (JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus ...) - TODO: check + NOT-FOR-US: Java JWT CVE-2024-2278 (Themify WordPress plugin before 1.4.4 does not sanitise and escape so ...) NOT-FOR-US: WordPress plugin CVE-2024-2263 (Themify WordPress plugin before 1.4.4 does not sanitise and escape a ...) @@ -927,7 +927,7 @@ CVE-2024-28960 (An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-03/ NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md CVE-2024-28867 (Swift Prometheus is a Swift client for the Prometheus monitoring syste ...) - TODO: check + NOT-FOR-US: swift-prometheus CVE-2024-28714 (SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 al ...) NOT-FOR-US: CRMEB_Java e-commerce system CVE-2024-28456 (Cross Site Scripting vulnerability in Campcodes Online Marriage Regist ...) @@ -1992,7 +1992,7 @@ CVE-2023-39306 (Improper Neutralization of Input During Web Page Generation ('Cr CVE-2023-38388 (Unrestricted Upload of File with Dangerous Type vulnerability in Artbe ...) NOT-FOR-US: WordPress plugin CVE-2023-31854 (std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed ...) - TODO: check + NOT-FOR-US: precomp CVE-2023-31634 (In TeslaMate before 1.27.2, there is unauthorized access to port 4000 ...) NOT-FOR-US: TeslaMate CVE-2017-20190 (Some Microsoft technologies as used in Windows 8 through 11 allow a te ...) @@ -2278,9 +2278,9 @@ CVE-2024-2303 (The Easy Textillate plugin for WordPress is vulnerable to Stored CVE-2024-2170 (The VK All in One Expansion Unit plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-29442 (An unauthorized access vulnerability has been discovered in ROS2 Humbl ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29440 (An unauthorized access vulnerability has been discovered in ROS2 Humbl ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29303 (The delete admin users function of SourceCodester PHP Task Management ...) NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-29302 (SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Inj ...) @@ -2365,7 +2365,7 @@ CVE-2024-2864 (Improper Neutralization of Input During Web Page Generation ('Cro CVE-2024-29666 (Insecure Permissions vulnerability in Vehicle Monitoring platform syst ...) NOT-FOR-US: Vehicle Monitoring platform system CMSV6 CVE-2024-29650 (An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker ...) - TODO: check + NOT-FOR-US: @thi.ng/paths CVE-2024-29515 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...) NOT-FOR-US: Lepton CMS CVE-2024-29025 (Netty is an asynchronous event-driven network application framework fo ...) @@ -2402,7 +2402,7 @@ CVE-2024-28243 (KaTeX is a JavaScript library for TeX math rendering on the web. NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w NOTE: https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34 (v0.16.10) CVE-2024-28183 (ESP-IDF is the development framework for Espressif SoCs supported on W ...) - TODO: check + NOT-FOR-US: Espressif CVE-2024-28108 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ CVE-2024-28107 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) @@ -2661,7 +2661,7 @@ CVE-2024-24890 (Improper Neutralization of Special Elements used in an OS Comman CVE-2024-21865 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of week creden ...) NOT-FOR-US: HGW BL1500HM CVE-2024-21505 (Versions of the package web3-utils before 4.2.1 are vulnerable to Prot ...) - TODO: check + NOT-FOR-US: Node web3 CVE-2024-1962 (The CM Download Manager WordPress plugin before 2.9.1 does not have C ...) NOT-FOR-US: WordPress plugin CVE-2024-1564 (The wp-schema-pro WordPress plugin before 2.7.16 does not validate pos ...) @@ -65289,7 +65289,7 @@ CVE-2023-28549 (Memory corruption in WLAN HAL while parsing Rx buffer in process CVE-2023-28548 (Memory corruption in WLAN HAL while processing Tx/Rx commands from QDA ...) NOT-FOR-US: Qualcomm CVE-2023-28547 (Memory corruption in SPS Application while requesting for public key i ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-28546 (Memory Corruption in SPS Application while exporting public key in sor ...) NOT-FOR-US: Qualcomm CVE-2023-28545 (Memory corruption in TZ Secure OS while loading an app ELF.) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ef9641bf751bf5d5678d9f5352829f165851b6d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ef9641bf751bf5d5678d9f5352829f165851b6d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits