Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2ef9641b by Moritz Muehlenhoff at 2024-04-02T13:04:03+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -409,7 +409,7 @@ CVE-2024-26653 (In the Linux kernel, the following
vulnerability has been resolv
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7c9631969287a5366bc8e39cd5abff154b35fb80 (6.9-rc2)
CVE-2024-31033 (JJWT (aka Java JWT) through 0.12.5 ignores certain characters
and thus ...)
- TODO: check
+ NOT-FOR-US: Java JWT
CVE-2024-2278 (Themify WordPress plugin before 1.4.4 does not sanitise and
escape so ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2263 (Themify WordPress plugin before 1.4.4 does not sanitise and
escape a ...)
@@ -927,7 +927,7 @@ CVE-2024-28960 (An issue was discovered in Mbed TLS 2.18.0
through 2.28.x before
NOTE:
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-03/
NOTE:
https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md
CVE-2024-28867 (Swift Prometheus is a Swift client for the Prometheus
monitoring syste ...)
- TODO: check
+ NOT-FOR-US: swift-prometheus
CVE-2024-28714 (SQL Injection vulnerability in CRMEB_Java e-commerce system
v.1.3.4 al ...)
NOT-FOR-US: CRMEB_Java e-commerce system
CVE-2024-28456 (Cross Site Scripting vulnerability in Campcodes Online
Marriage Regist ...)
@@ -1992,7 +1992,7 @@ CVE-2023-39306 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2023-38388 (Unrestricted Upload of File with Dangerous Type vulnerability
in Artbe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31854 (std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is
disputed ...)
- TODO: check
+ NOT-FOR-US: precomp
CVE-2023-31634 (In TeslaMate before 1.27.2, there is unauthorized access to
port 4000 ...)
NOT-FOR-US: TeslaMate
CVE-2017-20190 (Some Microsoft technologies as used in Windows 8 through 11
allow a te ...)
@@ -2278,9 +2278,9 @@ CVE-2024-2303 (The Easy Textillate plugin for WordPress
is vulnerable to Stored
CVE-2024-2170 (The VK All in One Expansion Unit plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2024-29442 (An unauthorized access vulnerability has been discovered in
ROS2 Humbl ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never
reported either
CVE-2024-29440 (An unauthorized access vulnerability has been discovered in
ROS2 Humbl ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never
reported either
CVE-2024-29303 (The delete admin users function of SourceCodester PHP Task
Management ...)
NOT-FOR-US: SourceCodester PHP Task Management System
CVE-2024-29302 (SourceCodester PHP Task Management System 1.0 is vulnerable to
SQL Inj ...)
@@ -2365,7 +2365,7 @@ CVE-2024-2864 (Improper Neutralization of Input During
Web Page Generation ('Cro
CVE-2024-29666 (Insecure Permissions vulnerability in Vehicle Monitoring
platform syst ...)
NOT-FOR-US: Vehicle Monitoring platform system CMSV6
CVE-2024-29650 (An issue in @thi.ng/paths v.5.1.62 and before allows a remote
attacker ...)
- TODO: check
+ NOT-FOR-US: @thi.ng/paths
CVE-2024-29515 (File Upload vulnerability in lepton v.7.1.0 allows a remote
authentica ...)
NOT-FOR-US: Lepton CMS
CVE-2024-29025 (Netty is an asynchronous event-driven network application
framework fo ...)
@@ -2402,7 +2402,7 @@ CVE-2024-28243 (KaTeX is a JavaScript library for TeX
math rendering on the web.
NOTE:
https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w
NOTE:
https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34
(v0.16.10)
CVE-2024-28183 (ESP-IDF is the development framework for Espressif SoCs
supported on W ...)
- TODO: check
+ NOT-FOR-US: Espressif
CVE-2024-28108 (phpMyFAQ is an open source FAQ web application for PHP 8.1+
and MySQL, ...)
NOT-FOR-US: phpMyFAQ
CVE-2024-28107 (phpMyFAQ is an open source FAQ web application for PHP 8.1+
and MySQL, ...)
@@ -2661,7 +2661,7 @@ CVE-2024-24890 (Improper Neutralization of Special
Elements used in an OS Comman
CVE-2024-21865 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of
week creden ...)
NOT-FOR-US: HGW BL1500HM
CVE-2024-21505 (Versions of the package web3-utils before 4.2.1 are vulnerable
to Prot ...)
- TODO: check
+ NOT-FOR-US: Node web3
CVE-2024-1962 (The CM Download Manager WordPress plugin before 2.9.1 does not
have C ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1564 (The wp-schema-pro WordPress plugin before 2.7.16 does not
validate pos ...)
@@ -65289,7 +65289,7 @@ CVE-2023-28549 (Memory corruption in WLAN HAL while
parsing Rx buffer in process
CVE-2023-28548 (Memory corruption in WLAN HAL while processing Tx/Rx commands
from QDA ...)
NOT-FOR-US: Qualcomm
CVE-2023-28547 (Memory corruption in SPS Application while requesting for
public key i ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28546 (Memory Corruption in SPS Application while exporting public
key in sor ...)
NOT-FOR-US: Qualcomm
CVE-2023-28545 (Memory corruption in TZ Secure OS while loading an app ELF.)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ef9641bf751bf5d5678d9f5352829f165851b6d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ef9641bf751bf5d5678d9f5352829f165851b6d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
