Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4dfe70e2 by Moritz Muehlenhoff at 2024-05-05T16:47:53+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28,13 +28,13 @@ CVE-2024-34484 (OFPBucket in parser.py in Faucet SDN Ryu
4.34 allows attackers t
CVE-2024-34483 (OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows
attackers ...)
NOT-FOR-US: Faucet SDN Ryu
CVE-2024-34478 (btcd before 0.24.0 does not correctly implement the consensus
rules ou ...)
- TODO: check
+ NOT-FOR-US: btcd
CVE-2024-34476 (Open5GS before 2.7.1 is vulnerable to a reachable assertion
that can c ...)
NOT-FOR-US: Open5GS
CVE-2024-34475 (Open5GS before 2.7.1 is vulnerable to a reachable assertion
that can c ...)
NOT-FOR-US: Open5GS
CVE-2024-34473 (An issue was discovered in appmgr in O-RAN Near-RT RIC
I-Release. An a ...)
- TODO: check
+ NOT-FOR-US: O-RAN Near-RT
CVE-2024-34469 (Rukovoditel before 3.5.3 allows XSS via user_photo to
index.php?module ...)
NOT-FOR-US: Rukovoditel
CVE-2024-34468 (Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.)
@@ -45,7 +45,7 @@ CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during
attachment preview.
- sogo <unfixed>
NOTE:
https://github.com/Alinto/sogo/commit/2e37e59ed140d4aee0ff2fba579ca5f83f2c5920
CVE-2023-52729 (TCPServer.cpp in SimpleNetwork through 29bc615 has an
off-by-one error ...)
- TODO: check
+ NOT-FOR-US: SimpleNetwork
CVE-2024-3868 (The Folders Pro plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3240 (The ConvertPlug plugin for WordPress is vulnerable to PHP
Object Injec ...)
@@ -87,7 +87,7 @@ CVE-2024-4156 (The Essential Addons for Elementor \u2013 Best
Elementor Template
CVE-2024-4133 (The ARMember \u2013 Membership Plugin, Content Restriction,
Member Lev ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4128 (This vulnerability was a potential CSRF attack.When running the
Fireba ...)
- TODO: check
+ NOT-FOR-US: Firebase emulator
CVE-2024-4097 (The Cost Calculator Builder plugin for WordPress is vulnerable
to Stor ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4092 (The Slider Revolution plugin for WordPress is vulnerable to
Stored Cro ...)
@@ -295,19 +295,19 @@ CVE-2024-34402 (An issue was discovered in uriparser
through 0.9.7. ComposeQuery
CVE-2024-34401 (Savsoft Quiz 6.0 allows stored XSS via the
index.php/quiz/insert_quiz/ ...)
NOT-FOR-US: Savsoft Quiz
CVE-2024-34394 (libxmljs2 is vulnerable to a type confusion vulnerability when
parsing ...)
- TODO: check
+ NOT-FOR-US: libxmljs2
CVE-2024-34393 (libxmljs2 is vulnerable to a type confusion vulnerability when
parsing ...)
- TODO: check
+ NOT-FOR-US: libxmljs2
CVE-2024-34392 (libxmljs is vulnerable to a type confusion vulnerability when
parsing ...)
- TODO: check
+ NOT-FOR-US: libxmljs2
CVE-2024-34391 (libxmljs is vulnerable to a type confusion vulnerability when
parsing ...)
- TODO: check
+ NOT-FOR-US: libxmljs2
CVE-2024-34075 (kurwov is a fast, dependency-free library for creating Markov
Chains. ...)
NOT-FOR-US: kurwov
CVE-2024-34073 (sagemaker-python-sdk is a library for training and deploying
machine l ...)
- TODO: check
+ NOT-FOR-US: sagemaker-python-sdk
CVE-2024-34072 (sagemaker-python-sdk is a library for training and deploying
machine l ...)
- TODO: check
+ NOT-FOR-US: sagemaker-python-sdk
CVE-2024-34068 (Pterodactyl wings is the server control plane for Pterodactyl
Panel. A ...)
NOT-FOR-US: Pterodactyl wings
CVE-2024-34067 (Pterodactyl is a free, open-source game server management
panel built ...)
@@ -315,7 +315,7 @@ CVE-2024-34067 (Pterodactyl is a free, open-source game
server management panel
CVE-2024-34066 (Pterodactyl wings is the server control plane for Pterodactyl
Panel. I ...)
NOT-FOR-US: Pterodactyl wings
CVE-2024-34063 (vodozemac is an implementation of Olm and Megolm in pure Rust.
Version ...)
- TODO: check
+ NOT-FOR-US: vodozemac
CVE-2024-34062 (tqdm is an open source progress bar for Python and CLI. Any
optional n ...)
- tqdm 4.66.4-1 (bug #1070372)
NOTE:
https://github.com/tqdm/tqdm/security/advisories/GHSA-g7vv-2v7x-gj9p
@@ -429,11 +429,11 @@ CVE-2024-33786 (An arbitrary file upload vulnerability in
Zhongcheng Kexin Ticke
CVE-2024-33530 (In Jitsi Meet before 9391, a logic flaw in password-protected
Jitsi me ...)
- jitsi-meet <itp> (bug #760485)
CVE-2024-33398 (There is a ClusterRole in piraeus-operator v2.5.0 and earlier
which ha ...)
- TODO: check
+ NOT-FOR-US: piraeus-operator
CVE-2024-33396 (An issue in karmada-io karmada v1.9.0 and before allows a
local attack ...)
- TODO: check
+ NOT-FOR-US: karmada
CVE-2024-33394 (An issue in kubevirt kubevirt v1.2.0 and before allows a local
attacke ...)
- TODO: check
+ NOT-FOR-US: KubeVirt
CVE-2024-33305 (SourceCodester Laboratory Management System 1.0 is vulnerable
to Cross ...)
NOT-FOR-US: SourceCodester Laboratory Management System
CVE-2024-33303 (SourceCodester Product Show Room 1.0 is vulnerable to Cross
Site Scrip ...)
@@ -441,7 +441,7 @@ CVE-2024-33303 (SourceCodester Product Show Room 1.0 is
vulnerable to Cross Site
CVE-2024-33302 (SourceCodester Product Show Room 1.0 and before is vulnerable
to Cross ...)
NOT-FOR-US: SourceCodester Product Show Room
CVE-2024-32986 (PWAsForFirefox is a tool to install, manage and use
Progressive Web Ap ...)
- TODO: check
+ NOT-FOR-US: PWAsForFirefox
CVE-2024-32831 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-32810 (Missing Authorization vulnerability in ShortPixel ShortPixel
Critical ...)
@@ -449,7 +449,7 @@ CVE-2024-32810 (Missing Authorization vulnerability in
ShortPixel ShortPixel Cri
CVE-2024-32638 (Inconsistent Interpretation of HTTP Requests ('HTTP Request
Smuggling' ...)
NOT-FOR-US: Apache APISIX
CVE-2024-32359 (An RBAC authorization risk in Carina v0.13.0 and earlier
allows local ...)
- TODO: check
+ NOT-FOR-US: Carina
CVE-2024-32114 (In Apache ActiveMQ 6.x, the default configuration doesn't
secure the A ...)
- activemq <not-affected> (Vulnerable code introduced later)
NOTE:
https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt
@@ -546,9 +546,9 @@ CVE-2024-2082 (The EleForms \u2013 All In One Form
Integration including DB for
CVE-2024-2043 (The EleForms \u2013 All In One Form Integration including DB
for Eleme ...)
NOT-FOR-US: WordPress plugin
CVE-2024-29417 (Insecure Permissions vulnerability in e-trust Horacius 1.0,
1.1, and 1 ...)
- TODO: check
+ NOT-FOR-US: Horacius
CVE-2024-29309 (An issue in Alfresco Content Services v.23.3.0.7 allows a
remote attac ...)
- TODO: check
+ NOT-FOR-US: Alfresco
CVE-2024-28519 (A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in
MicroWorld ...)
NOT-FOR-US: MicroWorld Technologies Inc eScan Antivirus
CVE-2024-28072 (A highly privileged account can overwrite arbitrary files on
the syste ...)
@@ -562,11 +562,11 @@ CVE-2024-25047 (IBM Cognos Analytics 11.2.0 through
11.2.4 and 12.0.0 through 12
CVE-2024-24710 (Missing Authorization vulnerability in SlickRemix Feed Them
Social.Thi ...)
NOT-FOR-US: WordPress plugin
CVE-2024-23914 (Use of Externally-Controlled Format String vulnerability in
Merge DICO ...)
- TODO: check
+ NOT-FOR-US: Merge DICOM Toolkit
CVE-2024-23913 (Use of Out-of-range Pointer Offset vulnerability in Merge
DICOM Toolki ...)
- TODO: check
+ NOT-FOR-US: Merge DICOM Toolkit
CVE-2024-23912 (Out-of-bounds Read vulnerability in Merge DICOM Toolkit C/C++
on Windo ...)
- TODO: check
+ NOT-FOR-US: Merge DICOM Toolkit
CVE-2024-23462 (An Improper Validation of Integrity Check Value vulnerability
in Zscal ...)
NOT-FOR-US: Zscaler
CVE-2024-23461 (An Improper Validation of Integrity Check Value vulnerability
in Zscal ...)
@@ -622,7 +622,7 @@ CVE-2024-1415 (The Responsive Contact Form Builder & Lead
Generation Plugin plug
CVE-2024-1396 (The Shortcodes and extra features for Phlox theme plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1395 (Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU
Architecture K ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2024-1386 (The MailerLite \u2013 Signup forms (official) plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1348 (The Shortcodes and extra features for Phlox theme plugin for
WordPress ...)
@@ -630,7 +630,7 @@ CVE-2024-1348 (The Shortcodes and extra features for Phlox
theme plugin for Word
CVE-2024-1173 (The WP ERP | Complete HR solution with recruitment & job
listings | Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1067 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel
Driver, Arm ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2024-0908 (The Advanced Post Block \u2013 Display Posts, Pages, or Custom
Posts o ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0848 (The AA Cash Calculator plugin for WordPress is vulnerable to
Reflected ...)
@@ -658,7 +658,7 @@ CVE-2023-6961 (The WP Meta SEO plugin for WordPress is
vulnerable to Stored Cros
CVE-2023-6731 (The WP Show Posts plugin for WordPress is vulnerable to
unauthorized a ...)
NOT-FOR-US: WordPress plugin
CVE-2023-6363 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel
Driver, Arm ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2023-6214 (The HT Mega \u2013 Absolute Addons For Elementor plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2023-51633 (Centreon sysName Cross-Site Scripting Remote Code Execution
Vulnerabil ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dfe70e2b1f5008d66a0ebf6e05b86de1a4384ce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dfe70e2b1f5008d66a0ebf6e05b86de1a4384ce
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
