Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
381f223c by Moritz Muehlenhoff at 2024-06-18T13:15:14+02:00
new libcdio issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -166,23 +166,23 @@ CVE-2024-37159 (Evmos is the Ethereum Virtual Machine
(EVM) Hub on the Cosmos Ne
CVE-2024-37158 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos
Network. ...)
NOT-FOR-US: Evmos
CVE-2024-36583 (A Prototype Pollution issue in byondreal accessor <= 1.0.0
allows an a ...)
- TODO: check
+ NOT-FOR-US: byondreal accessor
CVE-2024-36582 (alexbinary object-deep-assign 1.0.11 is vulnerable to
Prototype Pollut ...)
NOT-FOR-US: Node object-deep-assign
CVE-2024-36581 (A Prototype Pollution issue in abw badger-database 1.2.1
allows an att ...)
- TODO: check
+ NOT-FOR-US: badger-database
CVE-2024-36580 (A Prototype Pollution issue in cdr0 sg 1.0.10 allows an
attacker to ex ...)
- TODO: check
+ NOT-FOR-US: cdr0-sg
CVE-2024-36578 (akbr update 1.0.0 is vulnerable to Prototype Pollution via
update/inde ...)
NOT-FOR-US: akbr/update
CVE-2024-36577 (apphp js-object-resolver < 3.1.1 is vulnerable to Prototype
Pollution ...)
- TODO: check
+ NOT-FOR-US: js-object-resolver
CVE-2024-36575 (A Prototype Pollution issue in getsetprop 1.1.0 allows an
attacker to ...)
- TODO: check
+ NOT-FOR-US: getsetprop
CVE-2024-36574 (A Prototype Pollution issue in flatten-json 1.0.1 allows an
attacker t ...)
- TODO: check
+ NOT-FOR-US: AllanLancioni/flatten-json
CVE-2024-36573 (almela obx before v.0.0.4 has a Prototype Pollution issue
which allows ...)
- TODO: check
+ NOT-FOR-US: almela obx
CVE-2024-36543 (Incorrect access control in the Kafka Connect REST API in the
STRIMZI ...)
NOT-FOR-US: STRIMZI
CVE-2024-36527 (puppeteer-renderer v.3.2.0 and before is vulnerable to
Directory Trave ...)
@@ -439,7 +439,10 @@ CVE-2024-37182 (Mattermost Desktop App versions <=5.7.0
fail to correctly prompt
CVE-2024-36656 (In MintHCM 4.0.3, a registered user can execute arbitrary
JavaScript c ...)
NOT-FOR-US: MintHCM
CVE-2024-36600 (Buffer Overflow Vulnerability in libcdio v2.1.0 allows an
attacker to ...)
- TODO: check
+ - libcdio <unfixed>
+ [bookworm] - libcdio <no-dsa> (Minor issue)
+ [bullseye] - libcdio <no-dsa> (Minor issue)
+ NOTE: https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600
CVE-2024-36599 (A cross-site scripting (XSS) vulnerability in Aegon Life v1.0
allows a ...)
NOT-FOR-US: Aegon Life
CVE-2024-36598 (An arbitrary file upload vulnerability in Aegon Life v1.0
allows attac ...)
@@ -451,9 +454,9 @@ CVE-2024-36459 (A CRLF cross-site scripting vulnerability
has been identified in
CVE-2024-36287 (Mattermost Desktop App versions <=5.7.0 fail to disable
certain Electr ...)
NOT-FOR-US: Mattermost Desktop App
CVE-2024-34694 (LNbits is a Lightning wallet and accounts system. Paying
invoices in E ...)
- TODO: check
+ NOT-FOR-US: LNbits
CVE-2024-34539 (Hardcoded credentials in TerraMaster TOS firmware through 5.1
allow a ...)
- TODO: check
+ NOT-FOR-US: TerraMaster
CVE-2024-34012 (Local privilege escalation due to insecure folder permissions.
The fol ...)
NOT-FOR-US: Acronis Cloud Manager
CVE-2024-33377 (LB-LINK BL-W1210M v2.0 was discovered to contain a
clickjacking vulner ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/381f223ccc086c33c6b2fa6409a2b87f942d405a
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/381f223ccc086c33c6b2fa6409a2b87f942d405a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
