Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1d96f0d5 by Moritz Muehlenhoff at 2024-05-22T13:27:12+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -433,7 +433,7 @@ CVE-2024-3345 (The ShopLentor plugin for WordPress is
vulnerable to Stored Cross
CVE-2024-3268 (The YouTube Video Gallery by YouTube Showcase \u2013 Video
Gallery Plu ...)
NOT-FOR-US: WordPress plugin
CVE-2024-36052 (RARLAB WinRAR before 7.00, on Windows, allows attackers to
spoof the s ...)
- TODO: check
+ NOT-FOR-US: WinRAR
CVE-2024-36039 (PyMySQL through 1.1.0 allows SQL injection if used with
untrusted JSON ...)
- python-pymysql <unfixed>
NOTE: https://github.com/advisories/GHSA-v9hf-5j83-6xpp
@@ -2390,7 +2390,7 @@ CVE-2024-34193 (smanga 3.2.7 does not filter the file
parameter at the PHP/get f
CVE-2024-31714 (Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before
allows ...)
NOT-FOR-US: Waxlab wax
CVE-2024-2835 (A Stored Cross-Site Scripting (XSS) vulnerability has been
identified ...)
- TODO: check
+ NOT-FOR-US: ArcSight Enterprise Security Manager
CVE-2024-29651 (A Prototype Pollution issue in API Dev Tools
json-schema-ref-parser v. ...)
NOT-FOR-US: Node json-schema-ref-parser
CVE-2024-29000 (The SolarWinds Platform was determined to be affected by a
reflected c ...)
@@ -2398,9 +2398,9 @@ CVE-2024-29000 (The SolarWinds Platform was determined to
be affected by a refle
CVE-2024-27312 (Zoho ManageEngine PAM360 version 6601 is vulnerable to
authorization v ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2024-24294 (A Prototype Pollution issue in Blackprint @blackprint/engine
v.0.9.0 a ...)
- TODO: check
+ NOT-FOR-US: @blackprint/engine
CVE-2024-24293 (A Prototype Pollution issue in MiguelCastillo @bit/loader
v.10.0.3 all ...)
- TODO: check
+ NOT-FOR-US: @bit/loader
CVE-2024-1968 (In scrapy/scrapy, an issue was identified where the
Authorization head ...)
- python-scrapy 2.11.2-1
NOTE: https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a
@@ -2812,7 +2812,7 @@ CVE-2024-36078 (In Zammad before 6.3.1, a Ruby gem
bundled by Zammad is installe
CVE-2024-36076 (Cross-Site WebSocket Hijacking in SysReptor from version
2024.28 to ve ...)
NOT-FOR-US: Syslifters SysReptor
CVE-2024-36070 (tine before 2023.11.8, when an LDAP backend is used, allows
anonymous ...)
- TODO: check
+ NOT-FOR-US: Tine groupware
CVE-2024-36053 (In the mintupload package through 4.2.0 for Linux Mint,
service-name m ...)
NOT-FOR-US: mintupload
CVE-2024-35947 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
@@ -3322,7 +3322,7 @@ CVE-2024-23556 (SSL/TLS Renegotiation functionality
potentially leading to DoS a
CVE-2024-23554 (Cross-Site Request Forgery (CSRF) on Session Token
vulnerability that ...)
NOT-FOR-US: HCL
CVE-2023-52424 (The IEEE 802.11 standard sometimes enables an adversary to
trick a vic ...)
- TODO: check
+ NOT-FOR-US: IEEE 802.11 standard
CVE-2024-5072 (Improper input validation in PAM JIT elevation feature in
Devolutions ...)
NOT-FOR-US: Devolutions Server
CVE-2024-5066 (A vulnerability classified as critical was found in PHPGurukul
Online ...)
@@ -3810,7 +3810,7 @@ CVE-2024-34370 (Improper Privilege Management
vulnerability in WPFactory EAN for
CVE-2024-34241 (A cross-site scripting (XSS) vulnerability in Rocketsoft
Rocket LMS 1. ...)
NOT-FOR-US: Rocketsoft Rocket LMS
CVE-2024-34058 (The WebTop package for NethServer 7 and 8 allows stored XSS
(for examp ...)
- TODO: check
+ NOT-FOR-US: WebTop package for NethServer
CVE-2024-33917 (Authentication Bypass by Spoofing vulnerability in
webtechideas WTI Li ...)
NOT-FOR-US: WordPress plugin
CVE-2024-33644 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
@@ -4556,7 +4556,7 @@ CVE-2023-40071 (Improper access control in some Intel(R)
GPA software installers
CVE-2023-40070 (Improper access control in some Intel(R) Power Gadget software
for mac ...)
NOT-FOR-US: Intel
CVE-2023-39929 (Uncontrolled search path in some Libva software maintained by
Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39433 (Improper access control for some Intel(R) CST software before
version ...)
NOT-FOR-US: Intel
CVE-2023-39163 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
@@ -4564,49 +4564,49 @@ CVE-2023-39163 (Improper Limitation of a Pathname to a
Restricted Directory ('Pa
CVE-2023-38654 (Improper input validation for some some Intel(R)
PROSet/Wireless WiFi ...)
TODO: check
CVE-2023-38581 (Buffer overflow in Intel(R) Power Gadget software for Windows
all vers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38420 (Improper conditions check in Intel(R) Power Gadget software
for macOS ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38417 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi softw ...)
- firmware-nonfree <unfixed>
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html
TODO: check, likely fixed in 20240513 tag update
CVE-2023-38399 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37999 (Improper Privilege Management vulnerability in HasThemes HT
Mega allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37888 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37866 (Improper Privilege Management vulnerability in Crocoblock
JetFormBuild ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37389 (Improper Privilege Management vulnerability in SAASPROJECT
Booking Pac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37385 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-35881 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-35192 (Uncontrolled search path in some Intel(R) GPA Framework
software befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-34186 (Missing Authorization vulnerability in Imran Sayed Headless
CMS.This i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33321 (Missing Authorization vulnerability in Metagauss EventPrime
allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33310 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32297 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32244 (Improper Privilege Management vulnerability in XTemos Woodmart
Core al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32129 (Missing Authorization vulnerability in Sparkle WP Editorialmag
editori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32110 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28402 (Improper input validation in some Intel(R) BIOS Guard firmware
may all ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28383 (Improper conditions check in some Intel(R) BIOS PPAM firmware
may allo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27504 (Improper conditions check in some Intel(R) BIOS Guard firmware
may all ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22662 (Improper input validation of EpsdSrMgmtConfig in UEFI firmware
for som ...)
NOT-FOR-US: Intel
CVE-2024-21823 (Hardware logic with insecure de-synchronization in Intel(R)
DSA and In ...)
@@ -5196,7 +5196,7 @@ CVE-2024-35109 (idccms v1.35 was discovered to contain a
Cross-Site Request Forg
CVE-2024-35108 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
NOT-FOR-US: idccms
CVE-2024-32888 (The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver
that provi ...)
- TODO: check
+ NOT-FOR-US: Amazon JDBC Driver for Redshift
CVE-2024-31556 (An issue in Reportico Web before v.8.1.0 allows a local
attacker to ex ...)
NOT-FOR-US: Reportico Web
CVE-2024-31483 (An authenticated sensitive information disclosure
vulnerability exists ...)
@@ -5621,9 +5621,9 @@ CVE-2024-22268 (VMware Workstation and Fusion contain a
heap buffer-overflow vul
CVE-2024-22267 (VMware Workstation and Fusion contain a use-after-free
vulnerability i ...)
NOT-FOR-US: VMware
CVE-2024-1914 (An attacker who successfully exploited these vulnerabilities
could cau ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-1913 (An attacker who successfully exploited these vulnerabilities
could cau ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-1630 (Path traversal vulnerability in
\u201cgetAllFolderContents\u201d funct ...)
NOT-FOR-US: GE HealthCare
CVE-2024-1629 (Path traversal vulnerability in \u201cdeleteFiles\u201d
function of Co ...)
@@ -5653,7 +5653,7 @@ CVE-2023-44247 (A double free vulnerability [CWE-415] in
Fortinet FortiOS before
CVE-2023-40720 (An authorization bypass through user-controlled key
vulnerability [CWE ...)
NOT-FOR-US: FortiGuard
CVE-2023-36640 (A use of externally-controlled format string in Fortinet
FortiProxy ve ...)
- TODO: check
+ NOT-FOR-US: FortiNet
CVE-2023-35841 (Exposed IOCTL with Insufficient Access Control in Phoenix
WinFlash Dri ...)
TODO: check
CVE-2024-4778 (Memory safety bugs present in Firefox 125. Some of these bugs
showed e ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d96f0d551544caac183a5ddc815ac1e6afea2db
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d96f0d551544caac183a5ddc815ac1e6afea2db
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
