Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1061b75c by Moritz Muehlenhoff at 2024-04-16T10:57:45+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb)
- TODO: check
+ NOT-FOR-US: mindsdb
CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the
Authorizat ...)
- python-scrapy 2.11.1-1
NOTE:
https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv
@@ -15,7 +15,7 @@ CVE-2024-3572 (The scrapy/scrapy project is vulnerable to XML
External Entity (X
CVE-2024-3571 (langchain-ai/langchain is vulnerable to path traversal due to
improper ...)
NOT-FOR-US: langchain
CVE-2024-3493 (A specific malformed fragmented packet type (fragmented packets
may be ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2024-3271 (A command injection vulnerability exists in the
run-llama/llama_index ...)
NOT-FOR-US: llama_index
CVE-2024-3029 (In mintplex-labs/anything-llm, an attacker can exploit improper
input ...)
@@ -25,7 +25,7 @@ CVE-2024-3028 (mintplex-labs/anything-llm is vulnerable to
improper input valida
CVE-2024-32557 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-32036 (ImageSharp is a 2D graphics API. A heap-use-after-free flaw
was found ...)
- TODO: check
+ NOT-FOR-US: ImageSharp
CVE-2024-31784 (An issue in Typora v.1.8.10 and before, allows a local
attacker to obt ...)
NOT-FOR-US: Typora
CVE-2024-31783 (Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and
before, ...)
@@ -63,29 +63,29 @@ CVE-2024-23558 (HCL DevOps Deploy / HCL Launch does not
invalidate session after
CVE-2024-22262 (Applications that use UriComponentsBuilderto parse an
externally provi ...)
TODO: check
CVE-2024-1961 (vertaai/modeldb is vulnerable to a path traversal attack due to
improp ...)
- TODO: check
+ NOT-FOR-US: vertaai/modeldb
CVE-2024-1739 (lunary-ai/lunary is vulnerable to an authentication issue due
to impro ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-1738 (An incorrect authorization vulnerability exists in the
lunary-ai/lunar ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-1666 (In lunary-ai/lunary version 1.0.0, an authorization flaw exists
that a ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-1665 (lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized
evaluatio ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-1646 (parisneo/lollms-webui is vulnerable to authentication bypass
due to in ...)
- TODO: check
+ NOT-FOR-US: lollms-webui
CVE-2024-1626 (An Insecure Direct Object Reference (IDOR) vulnerability exists
in the ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-1601 (An SQL injection vulnerability exists in the
`delete_discussion()` fun ...)
- TODO: check
+ NOT-FOR-US: lollms-webui
CVE-2024-1594 (A path traversal vulnerability exists in the mlflow/mlflow
repository, ...)
NOT-FOR-US: mlflow
CVE-2024-1593 (A path traversal vulnerability exists in the mlflow/mlflow
repository ...)
NOT-FOR-US: mlflow
CVE-2024-1569 (parisneo/lollms-webui is vulnerable to a denial of service
(DoS) attac ...)
- TODO: check
+ NOT-FOR-US: lollms-webui
CVE-2024-1561 (An issue was discovered in gradio-app/gradio, where the
`/component_se ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-1560 (A path traversal vulnerability exists in the mlflow/mlflow
repository, ...)
NOT-FOR-US: mlflow
CVE-2024-1558 (A path traversal vulnerability exists in the
`_create_model_version()` ...)
@@ -93,17 +93,17 @@ CVE-2024-1558 (A path traversal vulnerability exists in the
`_create_model_versi
CVE-2024-1483 (A path traversal vulnerability exists in mlflow/mlflow version
2.9.2, ...)
NOT-FOR-US: mlflow
CVE-2024-1456 (An S3 bucket takeover vulnerability was identified in the
h2oai/h2o-3 ...)
- TODO: check
+ NOT-FOR-US: h2oai/h2o-3
CVE-2024-1183 (An SSRF (Server-Side Request Forgery) vulnerability exists in
the grad ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-1135 (Gunicorn fails to properly validate Transfer-Encoding headers,
leading ...)
TODO: check
CVE-2024-0549 (mintplex-labs/anything-llm is vulnerable to a relative path
traversal ...)
- TODO: check
+ NOT-FOR-US: mintplex-labs/anything-llm
CVE-2024-0404 (A mass assignment vulnerability exists in the
`/api/invite/:code` endp ...)
- TODO: check
+ NOT-FOR-US: mintplex-labs/anything-llm
CVE-2023-33806 (Insecure default configurations in Hikvision Interactive
Tablet DS-D5B ...)
- TODO: check
+ NOT-FOR-US: Hikvision
CVE-2023-3597
NOT-FOR-US: Keycloak
CVE-2024-31497 (In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce
generation ...)
@@ -115,7 +115,7 @@ CVE-2024-3804 (A vulnerability, which was classified as
critical, has been found
CVE-2024-3803 (A vulnerability classified as critical was found in Vesystem
Cloud Des ...)
NOT-FOR-US: Vesystem Cloud Desktop
CVE-2024-3802 (Vulnerabilities in Celeste 22.x was vulnerable to takeover from
unauth ...)
- TODO: check
+ NOT-FOR-US: Celeste
CVE-2024-3797 (A vulnerability was found in SourceCodester QR Code Bookmark
System 1. ...)
NOT-FOR-US: SourceCodester QR Code Bookmark System
CVE-2024-3796 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1061b75cbae230a2a7ab0d1add7783b7524e6aaa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1061b75cbae230a2a7ab0d1add7783b7524e6aaa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
