Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
619e7ca5 by Moritz Muehlenhoff at 2024-05-22T10:39:49+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -287,7 +287,7 @@ CVE-2024-5157
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-4988 (The mobile application (com.transsion.videocallenhancer)
interface has ...)
- TODO: check
+ NOT-FOR-US: com.transsion.videocallenhancer
CVE-2024-4876 (The HT Mega \u2013 Absolute Addons For Elementor plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4875 (The HT Mega \u2013 Absolute Addons For Elementor plugin for
WordPress ...)
@@ -305,107 +305,107 @@ CVE-2024-4553 (The WP Shortcodes Plugin \u2014
Shortcodes Ultimate plugin for Wo
CVE-2024-4452 (The ElementsKit Pro plugin for WordPress is vulnerable to
Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4435 (When storing unbounded types in a BTreeMap, a node is
represented as a ...)
- TODO: check
+ NOT-FOR-US: ic-stable-structures
CVE-2024-4420 (There exists a Denial of service vulnerability in Tink-cc in
versions ...)
- TODO: check
+ NOT-FOR-US: Tink-cc
CVE-2024-4361 (The Page Builder by SiteOrigin plugin for WordPress is
vulnerable to S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4154 (In lunary-ai/lunary version 1.2.2, an incorrect synchronization
vulner ...)
NOT-FOR-US: lunary-ai/lunary
CVE-2024-3345 (The ShopLentor plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3268 (The YouTube Video Gallery by YouTube Showcase \u2013 Video
Gallery Plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-36052 (RARLAB WinRAR before 7.00, on Windows, allows attackers to
spoof the s ...)
TODO: check
CVE-2024-36039 (PyMySQL through 1.1.0 allows SQL injection if used with
untrusted JSON ...)
TODO: check
CVE-2024-35386 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to
cause a den ...)
- TODO: check
+ NOT-FOR-US: Cesenta MJS
CVE-2024-35385 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to
cause a den ...)
- TODO: check
+ NOT-FOR-US: Cesenta MJS
CVE-2024-35384 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to
cause a den ...)
- TODO: check
+ NOT-FOR-US: Cesenta MJS
CVE-2024-35361 (MTab Bookmark v1.9.5 has an SQL injection vulnerability in
/LinkStore/ ...)
- TODO: check
+ NOT-FOR-US: MTab Bookmark
CVE-2024-35218 (Umbraco CMS is an ASP.NET CMS used by more than 730.000
websites. Stor ...)
NOT-FOR-US: Umbraco CMS
CVE-2024-35180 (OMERO.web provides a web based client and plugin
infrastructure. There ...)
- TODO: check
+ NOT-FOR-US: OMERO.web
CVE-2024-35061 (NASA AIT-Core v2.5.2 was discovered to use unencrypted
channels to exc ...)
- TODO: check
+ NOT-FOR-US: NASA AIT-Core
CVE-2024-35060 (An issue in the YAML Python library of NASA AIT-Core v2.5.2
allows att ...)
- TODO: check
+ NOT-FOR-US: NASA AIT-Core
CVE-2024-35059 (An issue in the Pickle Python library of NASA AIT-Core v2.5.2
allows a ...)
- TODO: check
+ NOT-FOR-US: NASA AIT-Core
CVE-2024-35058 (An issue in the API wait function of NASA AIT-Core v2.5.2
allows attac ...)
- TODO: check
+ NOT-FOR-US: NASA AIT-Core
CVE-2024-35057 (An issue in NASA AIT-Core v2.5.2 allows attackers to execute
arbitrary ...)
- TODO: check
+ NOT-FOR-US: NASA AIT-Core
CVE-2024-35056 (NASA AIT-Core v2.5.2 was discovered to contain multiple SQL
injection ...)
- TODO: check
+ NOT-FOR-US: NASA AIT-Core
CVE-2024-34274 (OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization
of Untr ...)
- TODO: check
+ NOT-FOR-US: OpenBD
CVE-2024-34240 (QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting
(XSS) r ...)
- TODO: check
+ NOT-FOR-US: QDOCS Smart School
CVE-2024-34071 (Umbraco is an ASP.NET CMS used by more than 730.000 websites.
Umbraco ...)
- TODO: check
+ NOT-FOR-US: Umbraco
CVE-2024-33529 (ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS
9.0 allow ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2024-33528 (A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7
before 7. ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2024-33527 (A Stored Cross-site Scripting (XSS) vulnerability in the
"Import of Us ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2024-33526 (A Stored Cross-site Scripting (XSS) vulnerability in the
"Import of us ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2024-33525 (A Stored Cross-site Scripting (XSS) vulnerability in the
"Import of or ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2024-31989 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2024-31847 (An issue was discovered in Italtel Embrace 1.6.4. A stored
cross-site ...)
- TODO: check
+ NOT-FOR-US: Italtel Embrace
CVE-2024-31845 (An issue was discovered in Italtel Embrace 1.6.4. The product
does not ...)
- TODO: check
+ NOT-FOR-US: Italtel Embrace
CVE-2024-31844 (An issue was discovered in Italtel Embrace 1.6.4. The server
does not ...)
- TODO: check
+ NOT-FOR-US: Italtel Embrace
CVE-2024-31840 (An issue was discovered in Italtel Embrace 1.6.4. The web
application ...)
- TODO: check
+ NOT-FOR-US: Italtel Embrace
CVE-2024-31757 (An issue in TeraByte Unlimited Image for Windows v.3.64.0.0
and before ...)
- TODO: check
+ NOT-FOR-US: TeraByte Unlimited Image for Windows
CVE-2024-31756 (An issue in MarvinTest Solutions Hardware Access Driver
v.5.0.3.0 and ...)
- TODO: check
+ NOT-FOR-US: MarvinTest Solutions Hardware Access Driver#
CVE-2024-27130 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: Qnap
CVE-2024-27129 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: Qnap
CVE-2024-27128 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: Qnap
CVE-2024-27127 (Adouble free vulnerabilityhas been reported to affect several
QNAP ope ...)
- TODO: check
+ NOT-FOR-US: Qnap
CVE-2024-25724 (In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1,
a buffer ...)
- TODO: check
+ NOT-FOR-US: RTI Connext Professional
CVE-2024-22275 (The vCenter Server contains a partial file read
vulnerability.A malici ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-22274 (The vCenter Server contains an authenticated remote code
execution vul ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-22273 (The storage controllers on VMware ESXi, Workstation, and
Fusion have o ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-21902 (An incorrect permission assignment for critical resource
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Qnap
CVE-2024-1721 (Improper Verification of Cryptographic Signature vulnerability
in HYPR ...)
- TODO: check
+ NOT-FOR-US: HYPR Passwordless
CVE-2023-3943 (Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM
devices ...)
- TODO: check
+ NOT-FOR-US: ZkTeco
CVE-2023-3942 (An 'SQL Injection' vulnerability, due to improper
neutralization of sp ...)
- TODO: check
+ NOT-FOR-US: ZkTeco
CVE-2023-3941 (Relative Path Traversal vulnerability in ZkTeco-based OEM
devices allo ...)
- TODO: check
+ NOT-FOR-US: ZkTeco
CVE-2023-3940 (Relative Path Traversal vulnerability in ZkTeco-based OEM
devices allo ...)
- TODO: check
+ NOT-FOR-US: ZkTeco
CVE-2023-3939 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- TODO: check
+ NOT-FOR-US: ZkTeco
CVE-2023-3938 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: ZkTeco
CVE-2023-52879 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 6.6.8-1
[bookworm] - linux 6.1.64-1
@@ -2230,7 +2230,7 @@ CVE-2024-2189 (The Social Icons Widget & Block by WPZOOM
WordPress plugin before
CVE-2024-0816 (The buffer overflow vulnerability in the DX3300-T1 firmware
version V5 ...)
NOT-FOR-US: Zyxel
CVE-2023-37929 (The buffer overflow vulnerability in the CGI program of the
VMG3625-T5 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2024-5137 (A vulnerability classified as problematic was found in
PHPGurukul Dire ...)
NOT-FOR-US: PHPGurukul Directory Management System
CVE-2024-5136 (A vulnerability classified as problematic has been found in
PHPGurukul ...)
@@ -2246,7 +2246,7 @@ CVE-2024-4151 (An Improper Access Control vulnerability
exists in lunary-ai/luna
CVE-2024-3761 (In lunary-ai/lunary version 1.2.2, the DELETE endpoint located
at `pac ...)
NOT-FOR-US: lunary-ai/lunary
CVE-2024-3482 (A Stored Cross-Site Scripting (XSS) vulnerability has been
identified ...)
- TODO: check
+ NOT-FOR-US: ArcSight Enterprise Security Manager
CVE-2024-35580 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
adv.iptv.stbpv ...)
NOT-FOR-US: Tenda
CVE-2024-35579 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the
iptv.city.vlan ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/619e7ca57fa7a94cc6bfd4038d0a09592c513762
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/619e7ca57fa7a94cc6bfd4038d0a09592c513762
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
