Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
235c5fb0 by Moritz Muehlenhoff at 2024-05-24T09:05:43+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,13 +7,13 @@ CVE-2024-5264 (Network Transfer with AES KHT in Thales Luna
EFT 2.1 and above al
CVE-2024-5258 (An authorization vulnerability exists within GitLab from
versions 16.1 ...)
TODO: check
CVE-2024-5202 (Arbitrary File Readin OpenText Dimensions RM
allowsauthenticated users ...)
- TODO: check
+ NOT-FOR-US: OpenText Dimensions RM
CVE-2024-5201 (Privilege Escalationin OpenText Dimensions RM allows an
authenticated ...)
- TODO: check
+ NOT-FOR-US: OpenText Dimensions RM
CVE-2024-5168 (Improper access control vulnerability in Prodys' Quantum Audio
codec a ...)
- TODO: check
+ NOT-FOR-US: Prodys Quantum Audio codec
CVE-2024-5165 (In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of
several in ...)
- TODO: check
+ NOT-FOR-US: Eclipse Ditto
CVE-2024-5143 (A user with device administrative privileges can change
existing SMTP ...)
NOT-FOR-US: HP
CVE-2024-5085 (The Hash Form \u2013 Drag & Drop Form Builder plugin for
WordPress is ...)
@@ -37,11 +37,11 @@ CVE-2024-35570 (An arbitrary file upload vulnerability in
the component \control
CVE-2024-35375 (There is an arbitrary file upload vulnerability on the media
add .php ...)
NOT-FOR-US: DedeCMS
CVE-2024-35224 (OpenProject is the leading open source project management
software. Op ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2024-35223 (Dapr is a portable, event-driven, runtime for building
distributed app ...)
- TODO: check
+ NOT-FOR-US: Dapr
CVE-2024-35222 (Tauri is a framework for building binaries for all major
desktop platf ...)
- TODO: check
+ NOT-FOR-US: Tauri
CVE-2024-35197 (gitoxide is a pure Rust implementation of Git. On Windows,
fetching re ...)
- rust-gitoxide <itp> (bug #1043208)
CVE-2024-35186 (gitoxide is a pure Rust implementation of Git. During
checkout, `gix-w ...)
@@ -87,9 +87,9 @@ CVE-2024-34928 (A SQL injection vulnerability in
/model/update_subject_routing.p
CVE-2024-34927 (A SQL injection vulnerability in /model/update_classroom.php
in Campco ...)
NOT-FOR-US: Campcodes Complete Web-Based School Management System
CVE-2024-34060 (IrisEVTXModule is an interface module for Evtx2Splunk and Iris
in orde ...)
- TODO: check
+ NOT-FOR-US: IrisEVTXModule
CVE-2024-32969 (vantage6 is an open-source infrastructure for privacy
preserving analy ...)
- TODO: check
+ NOT-FOR-US: vantage6
CVE-2024-31843 (An issue was discovered in Italtel Embrace 1.6.4. The Web
application ...)
NOT-FOR-US: Italtel Embrace
CVE-2024-30280 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier
are aff ...)
@@ -99,17 +99,17 @@ CVE-2024-30279 (Acrobat Reader versions 20.005.30574,
24.002.20736 and earlier a
CVE-2024-2861 (The ProfilePress plugin for WordPress is vulnerable to Stored
Cross-Si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2301 (Certain HP LaserJet Pro devices are potentially vulnerable to a
Cross- ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-28188 (Jupyter Scheduler is collection of extensions for programming
jobs to ...)
TODO: check
CVE-2024-26139 (OpenCTI is an open source platform allowing organizations to
manage th ...)
- TODO: check
+ NOT-FOR-US: OpenCTI
CVE-2024-1815 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1814 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1803 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia,
Embed You ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4859
REJECTED
CVE-2024-5241 (A vulnerability was found in Huashi Private Cloud CDN Live
Streaming A ...)
@@ -153,9 +153,9 @@ CVE-2024-4486 (The Awesome Contact Form7 for Elementor
plugin for WordPress is v
CVE-2024-4431 (The LA-Studio Element Kit for Elementor plugin for WordPress is
vulner ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4399 (The does not validate a parameter before making a request to
it, whic ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4388 (This does not validate a path generated with user input when
download ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4347 (The WP Fastest Cache plugin for WordPress is vulnerable to
Directory T ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4043 (The WP Ultimate Post Grid plugin for WordPress is vulnerable to
Stored ...)
@@ -182,9 +182,9 @@ CVE-2024-3201 (The WP DSGVO Tools (GDPR) plugin for
WordPress is vulnerable to S
CVE-2024-3065 (The PayPal Pay Now, Buy Now, Donation and Cart Buttons
Shortcode plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2220 (The Button contact VR WordPress plugin through 4.7 does not
sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2038 (The Visual Website Collaboration, Feedback & Project Management
\u2013 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29853 (An authentication bypass vulnerability in Veeam Agent for
Microsoft Wi ...)
NOT-FOR-US: Veeam
CVE-2024-29852 (Veeam Backup Enterprise Manager allows high-privileged users
to read b ...)
@@ -196,17 +196,17 @@ CVE-2024-29850 (Veeam Backup Enterprise Manager allows
account takeover via NTLM
CVE-2024-29849 (Veeam Backup Enterprise Manager allows unauthenticated users
to log in ...)
NOT-FOR-US: Veeam
CVE-2024-22026 (A local privilege escalation vulnerability in EPMM before
12.1.0.0 all ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-1855 (The WPCafe \u2013 Restaurant Menu, Online Ordering for
WooCommerce, Pi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6844 (The iframe plugin for WordPress is vulnerable to Stored
Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6325 (The RomethemeForm For Elementor plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46807 (An SQL Injection vulnerability in web component of EPMM before
12.1.0. ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-46806 (An SQL Injection vulnerability in a web component of EPMM
versions bef ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-36013 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/4d7b41c0e43995b0e992b9f8903109275744b658 (6.9)
@@ -245,7 +245,7 @@ CVE-2024-5194 (A vulnerability was found in Arris VAP2500
08.50. It has been dec
CVE-2024-5193 (A vulnerability was found in Ritlabs TinyWeb Server 1.94. It
has been ...)
NOT-FOR-US: Ritlabs TinyWeb Server
CVE-2024-5166 (An Insecure Direct Object Reference in Google Cloud's Looker
allowed m ...)
- TODO: check
+ NOT-FOR-US: Google Cloud Looker
CVE-2024-5031 (The Memberpress plugin for WordPress is vulnerable to Blind
Server-Sid ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5025 (The Memberpress plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
@@ -280,7 +280,7 @@ CVE-2024-3495 (The Country State City Dropdown CF7 plugin
for WordPress is vulne
CVE-2024-36077 (Qlik Sense Enterprise for Windows before 14.187.4 allows a
remote atta ...)
NOT-FOR-US: Qlik Sense Enterprise for Windows
CVE-2024-35627 (tileserver-gl up to v4.4.10 was discovered to contain a
cross-site scr ...)
- TODO: check
+ NOT-FOR-US: tileserver-gl
CVE-2024-35561 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
NOT-FOR-US: idccms
CVE-2024-35560 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
@@ -344,9 +344,9 @@ CVE-2024-31894 (IBM App Connect Enterprise 12.0.1.0 through
12.0.12.1 could allo
CVE-2024-31893 (IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could
allow an a ...)
NOT-FOR-US: IBM
CVE-2024-31617 (OpenLiteSpeed before 1.8.1 mishandles chunked encoding.)
- TODO: check
+ NOT-FOR-US: OpenLiteSpeed
CVE-2024-2036 (The ApplyOnline \u2013 Application Form Builder and Manager
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29421 (xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer
Overflow ...)
NOT-FOR-US: xmedcon
CVE-2024-29392 (Silverpeas Core 6.3 is vulnerable to Cross Site Scripting
(XSS) via Cl ...)
@@ -354,27 +354,27 @@ CVE-2024-29392 (Silverpeas Core 6.3 is vulnerable to
Cross Site Scripting (XSS)
CVE-2024-27264 (IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow
a local ...)
NOT-FOR-US: IBM
CVE-2024-25738 (A Server-Side Request Forgery (SSRF) vulnerability in the
/Upgrade/Fix ...)
- TODO: check
+ NOT-FOR-US: Open Library Foundation VuFind
CVE-2024-25737 (A Server-Side Request Forgery (SSRF) vulnerability in the
/Cover/Show ...)
- TODO: check
+ NOT-FOR-US: Open Library Foundation VuFind
CVE-2024-21791 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2024-20363 (Multiple Cisco products are affected by a vulnerability in the
Snort I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20361 (A vulnerability in the Object Groups for Access Control Lists
(ACLs) f ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20360 (A vulnerability in the web-based management interface of Cisco
Firepow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20355 (A vulnerability in the implementation of SAML 2.0 single
sign-on (SSO) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20293 (A vulnerability in the activation of an access control list
(ACL) on C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20261 (A vulnerability in the file policy feature that is used to
inspect enc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-51637 (Sante PACS Server PG Patient Query SQL Injection Remote Code
Execution ...)
- TODO: check
+ NOT-FOR-US: Sante PACS Server PG
CVE-2023-51636 (Avira Prime Link Following Local Privilege Escalation
Vulnerability. T ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2024-36010 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -4883,9 +4883,9 @@ CVE-2023-46689 (Improper neutralization in Intel(R) Power
Gadget software for ma
CVE-2023-45846 (Incomplete cleanup in Intel(R) Power Gadget software for macOS
all ver ...)
NOT-FOR-US: Intel
CVE-2023-45845 (Improper conditions check for some Intel(R) Wireless
Bluetooth(R) prod ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-45743 (Uncontrolled search path in some Intel(R) DSA software
uninstallers be ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-45736 (Insecure inherited permissions in Intel(R) Power Gadget
software for W ...)
NOT-FOR-US: Intel
CVE-2023-45320 (Uncontrolled search path element in some Intel(R) VTune(TM)
Profiler s ...)
@@ -4933,7 +4933,7 @@ CVE-2023-41092 (Unchecked return value in SDM firmware
for Intel(R) Stratix 10 a
CVE-2023-41082 (Null pointer dereference for some Intel(R) CST software before
version ...)
NOT-FOR-US: Intel
CVE-2023-40536 (Race condition for some some Intel(R) PROSet/Wireless WiFi
software fo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-40155 (Uncontrolled search path for some Intel(R) CST software before
version ...)
NOT-FOR-US: Intel
CVE-2023-40071 (Improper access control in some Intel(R) GPA software
installers befor ...)
@@ -4947,7 +4947,7 @@ CVE-2023-39433 (Improper access control for some Intel(R)
CST software before ve
CVE-2023-39163 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: WordPress plugin
CVE-2023-38654 (Improper input validation for some some Intel(R)
PROSet/Wireless WiFi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38581 (Buffer overflow in Intel(R) Power Gadget software for Windows
all vers ...)
NOT-FOR-US: Intel
CVE-2023-38420 (Improper conditions check in Intel(R) Power Gadget software
for macOS ...)
@@ -5239,7 +5239,7 @@ CVE-2024-35185 (Minder is a software supply chain
security platform. Prior to ve
CVE-2024-35184 (Paperless-ngx is a document management system that transforms
physical ...)
NOT-FOR-US: Paperless-ngx
CVE-2024-35183 (wolfictl is a command line tool for working with Wolfi. A git
authenti ...)
- TODO: check
+ NOT-FOR-US: wolfictl
CVE-2024-35176 (REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6
has a den ...)
- ruby3.2 <unfixed> (bug #1071627)
- ruby3.1 <unfixed> (bug #1071626)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/235c5fb0e757931d462004138c30b77b02e81e0b
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/235c5fb0e757931d462004138c30b77b02e81e0b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
