[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 05 Apr 2024 04:53:00 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bc6c1ce0 by Moritz Muehlenhoff at 2024-04-05T13:52:22+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2024-3311 (A vulnerability was found in Dreamer CMS up to 
4.1.3.0. It has be
 CVE-2024-3217 (The WP Directory Kit plugin for WordPress is vulnerable to SQL 
Injecti ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-31498 (ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, 
when Edge ...)
-       TODO: check
+       NOT-FOR-US: ykman-gui
 CVE-2024-31212 (InstantCMS is a free and open source content management 
system. A SQL  ...)
        NOT-FOR-US: InstantCMS
 CVE-2024-31210 (WordPress is an open publishing platform for the Web. It's 
possible fo ...)
@@ -22,43 +22,43 @@ CVE-2024-31210 (WordPress is an open publishing platform 
for the Web. It's possi
        NOTE: 
https://wordpress.org/news/2024/01/wordpress-6-4-3-maintenance-and-security-release/
        NOTE: 
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x79f-xrjv-jx5r
 CVE-2024-31206 (dectalk-tts is a Node package to interact with the aeiou 
Dectalk web A ...)
-       TODO: check
+       NOT-FOR-US: Node dectalk-tts
 CVE-2024-31204 (mailcow: dockerized is an open source groupware/email suite 
based on d ...)
-       TODO: check
+       NOT-FOR-US: mailcow
 CVE-2024-30891 (A command injection vulnerability exists in /goform/exeCommand 
in Tend ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2024-30849 (Arbitrary file upload vulnerability in Sourcecodester Complete 
E-Comme ...)
-       TODO: check
+       NOT-FOR-US: Sourcecodester
 CVE-2024-30270 (mailcow: dockerized is an open source groupware/email suite 
based on d ...)
-       TODO: check
+       NOT-FOR-US: mailcow
 CVE-2024-30264 (Typebot is an open-source chatbot builder. A reflected 
cross-site scri ...)
-       TODO: check
+       NOT-FOR-US: Typebot
 CVE-2024-2509 (The Gutenberg Blocks by Kadence Blocks  WordPress plugin before 
3.2.26 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-2115 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress 
is vul ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-29981 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-29863 (A race condition in the installer executable in Qlik Qlikview 
before v ...)
-       TODO: check
+       NOT-FOR-US: Qlikview
 CVE-2024-29672 (Directory Traversal vulnerability in zly2006 Reden before 
v.0.2.514 al ...)
-       TODO: check
+       NOT-FOR-US: zly2006 Reden
 CVE-2024-29049 (Microsoft Edge (Chromium-based) Webview2 Spoofing 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-27981 (A Command Injection vulnerability found in a Self-Hosted UniFi 
Network ...)
-       TODO: check
+       NOT-FOR-US: Unifi
 CVE-2024-27448 (MailDev 2 through 2.1.0 allows Remote Code Execution via a 
crafted Con ...)
-       TODO: check
+       NOT-FOR-US: MailDev 2
 CVE-2024-26329 (Chilkat before v9.5.0.98, allows attackers to obtain sensitive 
informa ...)
-       TODO: check
+       NOT-FOR-US: Chilkat
 CVE-2024-22363 (SheetJS Community Edition before 0.20.2 is vulnerable.to 
Regular Expre ...)
-       TODO: check
+       NOT-FOR-US: SheetJS
 CVE-2024-21894 (A heap overflow vulnerability in IPSec component of Ivanti 
Connect Sec ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-5973 (Brocade  Web Interface in Brocade Fabric OS v9.x and before 
v9.2.0 doe ...)
-       TODO: check
+       NOT-FOR-US: Brocade
 CVE-2023-52235 (SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and 
Starlink Dish  ...)
-       TODO: check
+       NOT-FOR-US: SpaceX
 CVE-2024-3299 (Out-Of-Bounds Write, Use of Uninitialized Resource and 
Use-After-Free  ...)
        NOT-FOR-US: Solidworks
 CVE-2024-3298 (Out-Of-Bounds Write and Type Confusion vulnerabilities exist in 
the fi ...)
@@ -69,15 +69,15 @@ CVE-2024-3262 (Information exposure vulnerability in RT 
software affecting versi
        NOTE: 
https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a
        NOTE: 
https://github.com/bestpractical/rt/commit/468f86bd3e82c3b5b5ef7087d416a7509d4b1abe
 CVE-2024-3250 (It was discovered that Canonical's Pebble service manager 
read-file AP ...)
-       TODO: check
+       NOT-FOR-US: Canonical pebble
 CVE-2024-3116 (pgAdmin <= 8.4 is affected by a  Remote Code Execution (RCE) 
vulnerabi ...)
        - pgadmin4 <itp> (bug #834129)
 CVE-2024-31215 (Mobile Security Framework (MobSF) is a security research 
platform for  ...)
        NOT-FOR-US: Mobile Security Framework (MobSF)
 CVE-2024-31209 (oidcc is the OpenID Connect client library for Erlang. Denial 
of Servi ...)
-       TODO: check
+       NOT-FOR-US: oidcc
 CVE-2024-31207 (Vite (French word for "quick", pronounced /vit/, like "veet") 
is a fro ...)
-       TODO: check
+       NOT-FOR-US: vitejs
 CVE-2024-30565 (An issue was discovered in SeaCMS version 12.9, allows remote 
attacker ...)
        NOT-FOR-US: SeaCMS
 CVE-2024-30266 (wasmtime is a runtime for WebAssembly. The 19.0.0 release of 
Wasmtime  ...)
@@ -96,19 +96,19 @@ CVE-2024-30260 (Undici is an HTTP/1.1 client, written from 
scratch for Node.js.
        NOTE: 
https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f
 (v5.28.4)
        NOTE: 
https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75
 (v6.11.1)
 CVE-2024-30254 (MesonLSP is an unofficial, unendorsed language server for 
meson writte ...)
-       TODO: check
+       NOT-FOR-US: MesonLSP
 CVE-2024-30252 (Livemarks is a browser extension that provides RSS feed 
bookmark folde ...)
-       TODO: check
+       NOT-FOR-US: Livemarks
 CVE-2024-30250 (Astro-Shield is an integration to enhance website security 
with SubRes ...)
-       TODO: check
+       NOT-FOR-US: Astro-Shield
 CVE-2024-30249 (Cloudburst Network provides network components used within 
Cloudburst  ...)
-       TODO: check
+       NOT-FOR-US: Cloudburst
 CVE-2024-2759 (Improper access control vulnerability in Apaczka plugin for 
PrestaShop ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop addon
 CVE-2024-2660 (Vault and Vault Enterprise TLS certificates auth method did not 
correc ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Vault
 CVE-2024-2103 (Inclusion of undocumented features vulnerability accessible 
when logge ...)
-       TODO: check
+       NOT-FOR-US: Schweitzer Engineering Laboratories
 CVE-2024-29387 (projeqtor up to 11.2.0 was discovered to contain a remote code 
executi ...)
        TODO: check
 CVE-2024-29386 (projeqtor up to 11.2.0 was discovered to contain a SQL 
injection vulne ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc6c1ce0d6f1fe8938704fd00c8ed64ad37a6b56

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc6c1ce0d6f1fe8938704fd00c8ed64ad37a6b56
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to