Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7ee298b2 by Salvatore Bonaccorso at 2024-04-11T08:16:57+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2024-3515 (Use after free in Dawn in Google Chrome prior
to 123.0.6312.122 a
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In
this v ...)
- TODO: check
+ NOT-FOR-US: Mautic
CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto
Networks PAN ...)
NOT-FOR-US: Palo Alto Networks
CVE-2024-3387 (A weak (low bit strength) device certificate in Palo Alto
Networks Pan ...)
@@ -133,11 +133,11 @@ CVE-2024-31214 (Traccar is an open source GPS tracking
system. Traccar versions
CVE-2024-2952 (BerriAI/litellm is vulnerable to Server-Side Template Injection
(SSTI) ...)
TODO: check
CVE-2024-2731 (Users with low privileges (all permissions deselected in the
administr ...)
- TODO: check
+ NOT-FOR-US: Mautic
CVE-2024-2730 (Mautic uses predictable page indices for unpublished landing
pages, th ...)
NOT-FOR-US: Mautic
CVE-2024-2221 (qdrant/qdrant is vulnerable to a path traversal and arbitrary
file upl ...)
- TODO: check
+ NOT-FOR-US: qdrant
CVE-2024-2217 (gaizhenbiao/chuanhuchatgpt is vulnerable to improper access
control, a ...)
TODO: check
CVE-2024-2196 (aimhubio/aim is vulnerable to Cross-Site Request Forgery
(CSRF), allow ...)
@@ -221,7 +221,7 @@ CVE-2024-1741 (lunary-ai/lunary version 1.0.1 is vulnerable
to improper authoriz
CVE-2024-1740 (In lunary-ai/lunary version 1.0.1, a vulnerability exists where
a user ...)
TODO: check
CVE-2024-1728 (gradio-app/gradio is vulnerable to a local file inclusion
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-1643 (By knowing an organization's ID, an attacker can join the
organization ...)
TODO: check
CVE-2024-1625 (An Insecure Direct Object Reference (IDOR) vulnerability exists
in the ...)
@@ -237,9 +237,9 @@ CVE-2024-1520 (An OS Command Injection vulnerability exists
in the '/open_code_f
CVE-2024-1511 (The parisneo/lollms-webui repository is susceptible to a path
traversa ...)
TODO: check
CVE-2024-0218 (A Denial of Service (Dos) vulnerability in Nozomi Networks
Guardian, c ...)
- TODO: check
+ NOT-FOR-US: Nozomi Networks Guardian
CVE-2023-6916 (Audit records for OpenAPI requests may include sensitive
information. ...)
- TODO: check
+ NOT-FOR-US: Nozomi Networks
CVE-2023-52070 (JFreeChart v1.5.4 was discovered to be vulnerable to
ArrayIndexOutOfBo ...)
TODO: check
CVE-2023-2794 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ee298b24c7dda946b4432c03a9ced3ae2d87738
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ee298b24c7dda946b4432c03a9ced3ae2d87738
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
