Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
18239b5e by Moritz Muehlenhoff at 2024-06-05T14:24:33+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -776,7 +776,7 @@ CVE-2024-31907 (IBM Planning Analytics Local 2.0 and 2.1 is
vulnerable to cross-
CVE-2024-31889 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to
cross-site s ...)
NOT-FOR-US: IBM
CVE-2024-31030 (An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows
remote ...)
- TODO: check
+ NOT-FOR-US: FreeCoAP
CVE-2024-29848 (An unrestricted file upload vulnerability in web component of
Ivanti A ...)
NOT-FOR-US: Ivanti
CVE-2024-29846 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
@@ -939,7 +939,7 @@ CVE-2024-4355 (The Block Bad Bots and Stop Bad Bots
Crawlers and Spiders and Ant
CVE-2024-4330 (A path traversal vulnerability was identified in the
parisneo/lollms-w ...)
NOT-FOR-US: parisneo/lollms-webui
CVE-2024-3924 (A code injection vulnerability exists in the
huggingface/text-generati ...)
- TODO: check
+ NOT-FOR-US: huggingface/text-generation-inference
CVE-2024-3584 (qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal
due to ...)
NOT-FOR-US: qdrant
CVE-2024-3583 (The Simple Like Page Plugin plugin for WordPress is vulnerable
to Stor ...)
@@ -951,7 +951,7 @@ CVE-2024-3300 (An unsafe .NET object deserialization
vulnerability in DELMIA Apr
CVE-2024-36118 (MeterSphere is a test management and interface testing tool.
In affect ...)
NOT-FOR-US: MeterSphere
CVE-2024-35504 (A cross-site scripting (XSS) vulnerability in the login page
of FineSo ...)
- TODO: check
+ NOT-FOR-US: FineSoft
CVE-2024-35469 (A SQL injection vulnerability in /hrm/user/ in SourceCodester
Human Re ...)
NOT-FOR-US: SourceCodester Human Resource Management System
CVE-2024-35468 (A SQL injection vulnerability in /hrm/index.php in
SourceCodester Huma ...)
@@ -1466,7 +1466,7 @@ CVE-2024-3063 (The WPB Elementor Addons plugin for
WordPress is vulnerable to St
CVE-2024-36267 (Path traversal vulnerability exists in Redmine DMSF Plugin
versions pr ...)
NOT-FOR-US: Redmine DMSF Plugin
CVE-2024-36114 (Aircompressor is a library with ports of the Snappy, LZO, LZ4,
and Zst ...)
- TODO: check
+ NOT-FOR-US: Aircompressor
CVE-2024-35221 (Rubygems.org is the Ruby community's gem hosting service. A
Gem publis ...)
NOT-FOR-US: Rubygems.org gem hosting service
CVE-2024-2253 (The Testimonial Carousel For Elementor plugin for WordPress is
vulnera ...)
@@ -1521,7 +1521,7 @@ CVE-2024-36016 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.8.12-1
NOTE:
https://git.kernel.org/linus/47388e807f85948eefc403a8a5fdc5b406a65d5a (6.10-rc1)
CVE-2024-35512 (An issue in hmq v1.5.5 allows attackers to cause a Denial of
Service ( ...)
- TODO: check
+ NOT-FOR-US: hmq
CVE-2024-35492 (Cesanta Mongoose commit b316989 was discovered to contain a
NULL point ...)
NOT-FOR-US: Cesenta Mongoose
CVE-2024-35434 (Irontec Sngrep v1.8.1 was discovered to contain a heap buffer
overflow ...)
@@ -1531,7 +1531,7 @@ CVE-2024-35434 (Irontec Sngrep v1.8.1 was discovered to
contain a heap buffer ov
NOTE: Fixed by:
https://github.com/irontec/sngrep/commit/da80ced1e3cf6321f748b08e145a829bcc3c90e5
NOTE: Crash in CLI tool, no security impact
CVE-2024-35333 (A stack-buffer-overflow vulnerability exists in the
read_charset_decl ...)
- TODO: check
+ NOT-FOR-US: html2xhtml
CVE-2024-35311 (Yubico YubiKey 5 Series before 5.7.0, Security Key Series
before 5.7.0 ...)
NOT-FOR-US: Yubico YubiKey
CVE-2024-35284 (A vulnerability in the legacy chat component of Mitel
MiContact Center ...)
@@ -168524,19 +168524,19 @@ CVE-2022-28660 (The querier component in Grafana
Enterprise Logs 1.1.x through 1
CVE-2022-28659
RESERVED
CVE-2022-28658 (Apport argument parsing mishandles filename splitting on older
kernels ...)
- TODO: check
+ NOT-FOR-US: Apport
CVE-2022-28657 (Apport does not disable python crash handler before entering
chroot)
- TODO: check
+ NOT-FOR-US: Apport
CVE-2022-28656 (is_closing_session() allows users to consume RAM in the Apport
process)
- TODO: check
+ NOT-FOR-US: Apport
CVE-2022-28655 (is_closing_session() allows users to create arbitrary tcp dbus
connect ...)
- TODO: check
+ NOT-FOR-US: Apport
CVE-2022-28654 (is_closing_session() allows users to fill up apport.log)
- TODO: check
+ NOT-FOR-US: Apport
CVE-2022-28653
RESERVED
CVE-2022-28652 (~/.config/apport/settings parsing is vulnerable to "billion
laughs" at ...)
- TODO: check
+ NOT-FOR-US: Apport
CVE-2022-1235 (Weak secrethash can be brute-forced in GitHub repository
livehelpercha ...)
NOT-FOR-US: livehelperchat
CVE-2022-1234 (XSS in livehelperchat in GitHub repository
livehelperchat/livehelperch ...)
@@ -194993,7 +194993,7 @@ CVE-2022-21824 (Due to the formatting logic of the
"console.table()" function it
NOTE:
https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#prototype-pollution-via-console-table-properties-low-cve-2022-21824
NOTE:
https://github.com/nodejs/node/commit/be69403528da99bf3df9e1dc47186f18ba59cb5e
(v12.x)
CVE-2021-44534 (Insufficient user input filtering leads to arbitrary file read
by non- ...)
- TODO: check
+ NOT-FOR-US: ExpressionEngine
CVE-2021-44533 (Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not
handle m ...)
{DSA-5170-1}
- nodejs 12.22.9~dfsg-1 (bug #1004177)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18239b5ebe40d6af7f677a8cfb422f17f6f7aa51
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18239b5ebe40d6af7f677a8cfb422f17f6f7aa51
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
