Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
44945c52 by Moritz Muehlenhoff at 2024-05-09T13:12:40+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -132,7 +132,7 @@ CVE-2024-34546 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2024-34414 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-34347 (@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI
environm ...)
- TODO: check
+ NOT-FOR-US: @hoppscotch/cli
CVE-2024-34257 (TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability
in the ap ...)
NOT-FOR-US: TOTOLINK
CVE-2024-34255 (jizhicms v2.5.1 contains a Cross-Site Scripting(XSS)
vulnerability in ...)
@@ -147,13 +147,13 @@ CVE-2024-33608 (When IPsec is configured on a virtual
server, undisclosed traffi
CVE-2024-33604 (A reflected cross-site scripting (XSS) vulnerability exist in
undisclo ...)
NOT-FOR-US: F5 BIG-IP
CVE-2024-33574 (Missing Authorization vulnerability in appsbd Vitepos.This
issue affec ...)
- TODO: check
+ NOT-FOR-US: appsbd Vitepos
CVE-2024-33573 (Missing Authorization vulnerability in EPROLO EPROLO
Dropshipping.This ...)
NOT-FOR-US: WordPress plugin
CVE-2024-33382 (An issue in Open5GS v.2.7.0 allows an attacker to cause a
denial of se ...)
NOT-FOR-US: Open5GS
CVE-2024-32980 (Spin is the developer tool for building and running serverless
applica ...)
- TODO: check
+ NOT-FOR-US: Spin
CVE-2024-32886 (Vitess is a database clustering system for horizontal scaling
of MySQL ...)
NOT-FOR-US: Vitess
CVE-2024-32761 (Under certain conditions, a potential data leak may occur in
the Traff ...)
@@ -181,7 +181,7 @@ CVE-2024-28132 (Exposure of Sensitive Information
vulnerability exists in the GS
CVE-2024-27202 (A DOM-based cross-site scripting (XSS) vulnerability exists in
an undi ...)
NOT-FOR-US: F5 BIG-IP
CVE-2024-26579 (Deserialization of Untrusted Data vulnerability in Apache
InLong.This ...)
- TODO: check
+ NOT-FOR-US: Apache InLong
CVE-2024-26026 (An SQL injection vulnerability exists in the BIG-IP Next
Central Manag ...)
NOT-FOR-US: F5 BIG-IP
CVE-2024-25560 (When BIG-IP AFM is licensed and provisioned, undisclosed DNS
traffic c ...)
@@ -225,15 +225,15 @@ CVE-2024-25515 (RuvarOA v6.01 and v12.01 were discovered
to contain a SQL inject
CVE-2024-24908 (Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an
Arbitra ...)
NOT-FOR-US: Dell
CVE-2024-24833 (Missing Authorization vulnerability in Leevio Happy Addons for
Element ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22460 (Dell PowerProtect DM5500 version 5.15.0.0 and prior contains
an insecu ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-21793 (An OData injection vulnerability exists in the BIG-IP Next
Central Man ...)
- TODO: check
+ NOT-FOR-US: BIG-IP
CVE-2024-1438 (Missing Authorization vulnerability in PressFore Rolo
Slider.This issu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41651 (Missing Authorization vulnerability in Multi-column Tag
Map.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27397 [netfilter: nf_tables: use timestamp to check for set element
timeout]
- linux 6.7.7-1
NOTE:
https://git.kernel.org/linus/7395dfacfff65e9938ac0889dafa1ab01e987d15 (6.8-rc4)
@@ -407,7 +407,7 @@ CVE-2024-4538 (IDOR vulnerability in Janto Ticketing
Software affecting version
CVE-2024-4537 (IDOR vulnerability in Janto Ticketing Software affecting
version 4.3r1 ...)
NOT-FOR-US: Janto Ticketing Software
CVE-2024-4536 (In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in
the ED ...)
- TODO: check
+ NOT-FOR-US: Eclipse Dataspace Components
CVE-2024-4346 (The Startklar Elementor Addons plugin for WordPress is
vulnerable to a ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4345 (The Startklar Elementor Addons plugin for WordPress is
vulnerable to a ...)
@@ -415,11 +415,11 @@ CVE-2024-4345 (The Startklar Elementor Addons plugin for
WordPress is vulnerable
CVE-2024-34523 (AChecker 1.5 allows remote attackers to read the contents of
arbitrary ...)
NOT-FOR-US: AChecker
CVE-2024-34517 (The Cypher component in Neo4j before 5.19.0 mishandles
IMMUTABLE privi ...)
- TODO: check
+ NOT-FOR-US: Neo4j Cypher
CVE-2024-34342 (react-pdf displays PDFs in React apps. If PDF.js is used to
load a mal ...)
- TODO: check
+ NOT-FOR-US: react-pdf
CVE-2024-34341 (Trix is a rich text editor. The Trix editor, versions prior to
2.1.1, ...)
- TODO: check
+ NOT-FOR-US: Trix
CVE-2024-34315 (CmsEasy v7.7.7.9 was discovered to contain a local file
inclusion vune ...)
NOT-FOR-US: CmsEasy
CVE-2024-34314 (CmsEasy v7.7.7.9 was discovered to contain a local file
inclusion vune ...)
@@ -447,7 +447,7 @@ CVE-2024-33780 (MP-SPDZ v0.3.8 was discovered to contain a
segmentation violatio
CVE-2024-33748 (Cross-site scripting (XSS) vulnerability in the search
function in Mvn ...)
NOT-FOR-US: MvnRepository MS Basic
CVE-2024-33434 (An issue in tiagorlampert CHAOS before
1b451cf62582295b7225caf5a7b506f ...)
- TODO: check
+ NOT-FOR-US: tiagorlampert CHAOS
CVE-2024-33164 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
NOT-FOR-US: J2EEFAST
CVE-2024-33161 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44945c524215f68155629581206e99b79aafd6d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44945c524215f68155629581206e99b79aafd6d8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
