Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5cd290d5 by Moritz Muehlenhoff at 2024-06-19T13:00:44+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2024-5574 (The WP Magazine Modules Lite plugin for
WordPress is vulnerable t
CVE-2024-5343 (The Photo Gallery, Images, Slider in Rbs Image Gallery plugin
for Word ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5208 (An uncontrolled resource consumption vulnerability exists in
the `uplo ...)
- TODO: check
+ NOT-FOR-US: anything-llm
CVE-2024-5021 (The WordPress Picture / Portfolio / Media Gallery plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4873 (The Replace Image plugin for WordPress is vulnerable to
Insecure Direc ...)
@@ -67,7 +67,7 @@ CVE-2024-36480 (Use of hard-coded credentials issue exists in
Ricoh Streamline N
CVE-2024-36252 (Improper restriction of communication channel to intended
endpoints is ...)
NOT-FOR-US: Ricoh
CVE-2024-35298 (Improper authorization in handler for custom URL scheme issue
in 'ZOZO ...)
- TODO: check
+ NOT-FOR-US: ZOZOTOWN
CVE-2024-2381 (The AliExpress Dropshipping with AliNext Lite plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1407 (The Paid Memberships Pro \u2013 Content Restriction, User
Registration ...)
@@ -112,7 +112,7 @@ CVE-2024-38505 (In JetBrains YouTrack before 2024.2.34646
user access token was
CVE-2024-38504 (In JetBrains YouTrack before 2024.2.34646 the Guest User
Account was e ...)
NOT-FOR-US: JetBrains YouTrack
CVE-2024-38351 (Pocketbase is an open source web backend written in go. In
affected ve ...)
- TODO: check
+ NOT-FOR-US: Pocketbase
CVE-2024-38348 (CodeProjects Health Care hospital Management System v1.0 was
discovere ...)
NOT-FOR-US: CodeProjects Health Care hospital Management System
CVE-2024-38347 (CodeProjects Health Care hospital Management System v1.0 was
discovere ...)
@@ -466,15 +466,15 @@ CVE-2024-38443 (C/sorting/binary_insertion_sort.c in The
Algorithms - C through
CVE-2024-38441 (Netatalk 3.2.0 has an off-by-one error and resultant
heap-based buffer ...)
- netatalk <unfixed>
NOTE: https://github.com/Netatalk/netatalk/issues/1098
- TODO: check, upstream details have been removed
+ NOTE: upstream details have been removed, pinged MITRE for
clarification or rejection
CVE-2024-38440 (Netatalk 3.2.0 has an off-by-one error and resultant
heap-based buffer ...)
- netatalk <unfixed>
NOTE: https://github.com/Netatalk/netatalk/issues/1097
- TODO: check, upstream details have been removed
+ NOTE: upstream details have been removed, pinged MITRE for
clarification or rejection
CVE-2024-38439 (Netatalk 3.2.0 has an off-by-one error and resultant
heap-based buffer ...)
- netatalk <unfixed>
NOTE: https://github.com/Netatalk/netatalk/issues/1096
- TODO: check, upstream details have been removed
+ NOTE: upstream details have been removed, pinged MITRE for
clarification or rejection
CVE-2024-36397 (Vantiva - MediaAccess DGA2232v19.4 -CWE-79: Improper
Neutralization of ...)
NOT-FOR-US: Vantiva
CVE-2024-38428 (url.c in GNU Wget through 1.24.5 mishandles semicolons in the
userinfo ...)
@@ -1595,7 +1595,7 @@ CVE-2024-37629 (SummerNote 0.8.18 is vulnerable to Cross
Site Scripting (XSS) vi
CVE-2024-37304 (NuGet Gallery is a package repository that powers nuget.org.
The NuGet ...)
NOT-FOR-US: NuGet Gallery
CVE-2024-37300 (OAuthenticator is software that allows OAuth2 identity
providers to be ...)
- TODO: check
+ NOT-FOR-US: OAuthenticator
CVE-2024-37297 (WooCommerce is an open-source e-commerce platform built on
WordPress. ...)
NOT-FOR-US: WordPress plugin
CVE-2024-37040 (CWE-120: Buffer Copy without Checking Size of Input
(\u2018Classic Buf ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cd290d5f6f0045ede4bd850b07cc85c470b1042
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cd290d5f6f0045ede4bd850b07cc85c470b1042
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
