Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
feb30c84 by Moritz Muehlenhoff at 2024-04-16T10:45:26+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,57 +3,57 @@ CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in
mindsdb/mindsdb)
CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the
Authorizat ...)
TODO: check
CVE-2024-3573 (mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due
to impro ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2024-3572 (The scrapy/scrapy project is vulnerable to XML External Entity
(XXE) a ...)
TODO: check
CVE-2024-3571 (langchain-ai/langchain is vulnerable to path traversal due to
improper ...)
- TODO: check
+ NOT-FOR-US: langchain
CVE-2024-3493 (A specific malformed fragmented packet type (fragmented packets
may be ...)
TODO: check
CVE-2024-3271 (A command injection vulnerability exists in the
run-llama/llama_index ...)
- TODO: check
+ NOT-FOR-US: llama_index
CVE-2024-3029 (In mintplex-labs/anything-llm, an attacker can exploit improper
input ...)
- TODO: check
+ NOT-FOR-US: anything-llm
CVE-2024-3028 (mintplex-labs/anything-llm is vulnerable to improper input
validation, ...)
- TODO: check
+ NOT-FOR-US: anything-llm
CVE-2024-32557 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32036 (ImageSharp is a 2D graphics API. A heap-use-after-free flaw
was found ...)
TODO: check
CVE-2024-31784 (An issue in Typora v.1.8.10 and before, allows a local
attacker to obt ...)
- TODO: check
+ NOT-FOR-US: Typora
CVE-2024-31783 (Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and
before, ...)
- TODO: check
+ NOT-FOR-US: Typora
CVE-2024-31652 (A cross-site scripting (XSS) in Cosmetics and Beauty Product
Online St ...)
- TODO: check
+ NOT-FOR-US: Cosmetics and Beauty Product Online Store
CVE-2024-31651 (A cross-site scripting (XSS) in Cosmetics and Beauty Product
Online St ...)
- TODO: check
+ NOT-FOR-US: Cosmetics and Beauty Product Online Store
CVE-2024-31650 (A cross-site scripting (XSS) in Cosmetics and Beauty Product
Online St ...)
- TODO: check
+ NOT-FOR-US: Cosmetics and Beauty Product Online Store
CVE-2024-31649 (A cross-site scripting (XSS) in Cosmetics and Beauty Product
Online St ...)
- TODO: check
+ NOT-FOR-US: Cosmetics and Beauty Product Online Store
CVE-2024-31648 (Cross Site Scripting (XSS) in Insurance Management System
v1.0, allows ...)
- TODO: check
+ NOT-FOR-US: Insurance Management System
CVE-2024-31634 (Cross Site Scripting (XSS) vulnerability in Xunruicms versions
4.6.3 a ...)
- TODO: check
+ NOT-FOR-US: Xunruicms
CVE-2024-30656 (An issue in Fireboltt Dream Wristphone
BSW202_FB_AAC_v2.0_20240110-202 ...)
- TODO: check
+ NOT-FOR-US: ireboltt Dream Wristphone
CVE-2024-30567 (An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version
JM-V15 allow ...)
- TODO: check
+ NOT-FOR-US: JNT Telecom JNT Liftcom UMS
CVE-2024-2912 (An insecure deserialization vulnerability exists in the BentoML
framew ...)
- TODO: check
+ NOT-FOR-US: BentoML
CVE-2024-2424 (An input validation vulnerability exists in the Rockwell
Automation501 ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2024-2260 (A session fixation vulnerability exists in the zenml-io/zenml
applicat ...)
- TODO: check
+ NOT-FOR-US: zenml
CVE-2024-2083 (A directory traversal vulnerability exists in the
zenml-io/zenml repos ...)
- TODO: check
+ NOT-FOR-US: zenml
CVE-2024-27794 (Claris FileMaker Server before version 20.3.2 was susceptible
to a ref ...)
- TODO: check
+ NOT-FOR-US: CLaris
CVE-2024-23561 (HCL DevOps Deploy / HCL Launch is vulnerable to sensitive
information ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-23558 (HCL DevOps Deploy / HCL Launch does not invalidate session
after logou ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-22262 (Applications that use UriComponentsBuilderto parse an
externally provi ...)
TODO: check
CVE-2024-1961 (vertaai/modeldb is vulnerable to a path traversal attack due to
improp ...)
@@ -73,19 +73,19 @@ CVE-2024-1626 (An Insecure Direct Object Reference (IDOR)
vulnerability exists i
CVE-2024-1601 (An SQL injection vulnerability exists in the
`delete_discussion()` fun ...)
TODO: check
CVE-2024-1594 (A path traversal vulnerability exists in the mlflow/mlflow
repository, ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2024-1593 (A path traversal vulnerability exists in the mlflow/mlflow
repository ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2024-1569 (parisneo/lollms-webui is vulnerable to a denial of service
(DoS) attac ...)
TODO: check
CVE-2024-1561 (An issue was discovered in gradio-app/gradio, where the
`/component_se ...)
TODO: check
CVE-2024-1560 (A path traversal vulnerability exists in the mlflow/mlflow
repository, ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2024-1558 (A path traversal vulnerability exists in the
`_create_model_version()` ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2024-1483 (A path traversal vulnerability exists in mlflow/mlflow version
2.9.2, ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2024-1456 (An S3 bucket takeover vulnerability was identified in the
h2oai/h2o-3 ...)
TODO: check
CVE-2024-1183 (An SSRF (Server-Side Request Forgery) vulnerability exists in
the grad ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feb30c84e9066b1e4d0f4b8b01409eb38718226d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feb30c84e9066b1e4d0f4b8b01409eb38718226d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
