Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
390d06e4 by Salvatore Bonaccorso at 2024-07-02T21:33:12+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2024-5419 (The Void Contact Form 7 Widget For Elementor
Page Builder plugin
CVE-2024-5349 (The LA-Studio Element Kit for Elementor plugin for WordPress is
vulner ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5322 (The N-central server is vulnerable to session rebinding of
already aut ...)
- TODO: check
+ NOT-FOR-US: N-able Technologies N-central Server
CVE-2024-5219 (The Easy Google Maps plugin for WordPress is vulnerable to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4679 (Incorrect Default Permissions vulnerability in Hitachi
JP1/Extensible ...)
@@ -33,15 +33,15 @@ CVE-2024-4627 (The Rank Math SEO WordPress plugin before
1.0.219 does not sanit
CVE-2024-3999 (The EazyDocs WordPress plugin before 2.5.0 does not sanitise
and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3513 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for
WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-39314 (toy-blog is a headless content management system
implementation. Start ...)
- TODO: check
+ NOT-FOR-US: toy-blog
CVE-2024-39313 (toy-blog is a headless content management system
implementation. Start ...)
- TODO: check
+ NOT-FOR-US: toy-blog
CVE-2024-39310 (The Basil recipe theme for WordPress is vulnerable to
Persistent Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-39309 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2024-39305 (Envoy is a cloud-native, open source edge and service proxy.
Prior to ...)
TODO: check
CVE-2024-38368 (trunk.cocoapods.org is the authentication server for the
CoacoaPods de ...)
@@ -51,29 +51,29 @@ CVE-2024-38367 (trunk.cocoapods.org is the authentication
server for the CoacoaP
CVE-2024-38366 (trunk.cocoapods.org is the authentication server for the
CoacoaPods de ...)
TODO: check
CVE-2024-37765 (Machform up to version 19 is affected by an authenticated
Blind SQL in ...)
- TODO: check
+ NOT-FOR-US: Machform
CVE-2024-37764 (MachForm up to version 19 is affected by an authenticated
stored cross ...)
- TODO: check
+ NOT-FOR-US: Machform
CVE-2024-37763 (MachForm up to version 19 is affected by an unauthenticated
stored cro ...)
- TODO: check
+ NOT-FOR-US: Machform
CVE-2024-37762 (MachForm up to version 21 is affected by an authenticated
unrestricted ...)
- TODO: check
+ NOT-FOR-US: Machform
CVE-2024-37479 (Local File Inclusion vulnerability in LA-Studio LA-Studio
Element Kit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37134 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain
an impr ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-37133 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain
an impr ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-37132 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain
an inco ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-37126 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain
an impr ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-32854 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain
an impr ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-32853 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain
an exec ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-32852 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain
use of ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-32230 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a
negative-size- ...)
TODO: check
CVE-2024-32229 (FFmpeg 7.0 contains a heap-buffer-overflow at
libavfilter/vf_tiltandsh ...)
@@ -81,37 +81,37 @@ CVE-2024-32229 (FFmpeg 7.0 contains a heap-buffer-overflow
at libavfilter/vf_til
CVE-2024-32228 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV
at libavc ...)
TODO: check
CVE-2024-2819 (Incorrect Default Permissions, Improper Preservation of
Permissions vu ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2024-28200 (The N-central server is vulnerable to an authentication bypass
of the ...)
- TODO: check
+ NOT-FOR-US: N-able Technologies N-central Server
CVE-2024-23737 (Cross Site Request Forgery (CSRF) vulnerability in savignano
S/Notify ...)
- TODO: check
+ NOT-FOR-US: savignano S/Notify
CVE-2024-23736 (Cross Site Request Forgery (CSRF) vulnerability in savignano
S/Notify ...)
- TODO: check
+ NOT-FOR-US: savignano S/Notify
CVE-2024-1427 (The The Post Grid \u2013 Shortcode, Gutenberg Blocks and
Elementor Add ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0158 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-41928 (The device is observed to accept deprecated TLS protocols,
increasing ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41927 (The server supports at least one cipher suite which is on the
NCSC-NL ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41926 (The webserver utilizes basic authentication for its user login
to the ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41923 (The user management section of the web application permits the
creatio ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41922 (A 'Cross-site Scripting' (XSS) vulnerability, characterized by
imprope ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41921 (A vulnerability allows attackers to download source code or an
executa ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41920 (The vulnerability allows attackers access to the root account
without ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41919 (Hardcoded credentials are discovered within the application's
source c ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41918 (A vulnerability allows unauthorized access to functionality
inadequate ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41917 (Inadequate input validation exposes the system to potential
remote cod ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2024-6425 (Incorrect Provision of Specified Functionality vulnerability in
MESboo ...)
NOT-FOR-US: MESbook
CVE-2024-6424 (External server-side request vulnerability in MESbook
20221021.03 vers ...)
@@ -129,7 +129,7 @@ CVE-2024-39879 (In JetBrains TeamCity before 2024.03.3
application token could b
CVE-2024-39878 (In JetBrains TeamCity before 2024.03.3 private key could be
exposed vi ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2024-39853 (adolph_dudu ratio-swiper 0.0.2 was discovered to contain a
prototype p ...)
- TODO: check
+ NOT-FOR-US: ratio-swiper Nodejs module
CVE-2024-39430 (In faceid servive, there is a possible out of bounds write due
to a mi ...)
NOT-FOR-US: Unisoc
CVE-2024-39429 (In faceid servive, there is a possible out of bounds write due
to a mi ...)
@@ -147,27 +147,27 @@ CVE-2024-39249 (Async <= 2.6.4 and <= 3.2.5 are
vulnerable to ReDoS (Regular Exp
CVE-2024-39236 (Gradio v4.36.1 was discovered to contain a code injection
vulnerabilit ...)
NOT-FOR-US: Gradio
CVE-2024-39018 (harvey-woo cat5th/key-serializer v0.2.5 was discovered to
contain a pr ...)
- TODO: check
+ NOT-FOR-US: key-serializer Nodejs module
CVE-2024-39017 (agreejs shared v0.0.1 was discovered to contain a prototype
pollution ...)
- TODO: check
+ NOT-FOR-US: shared Nodejs module
CVE-2024-39016 (che3vinci c3/utils-1 1.0.131 was discovered to contain a
prototype pol ...)
- TODO: check
+ NOT-FOR-US: c3/utils-1 Nodejs module
CVE-2024-39015 (cafebazaar hod v0.4.14 was discovered to contain a prototype
pollution ...)
- TODO: check
+ NOT-FOR-US: hod Nodejs module
CVE-2024-39014 (ahilfoley cahil/utils v2.3.2 was discovered to contain a
prototype pol ...)
- TODO: check
+ NOT-FOR-US: cahil/utils Nodejs module
CVE-2024-39013 (2o3t-utility v0.1.2 was discovered to contain a prototype
pollution vi ...)
- TODO: check
+ NOT-FOR-US: 2o3t-utility
CVE-2024-39008 (robinweser fast-loops v1.1.3 was discovered to contain a
prototype pol ...)
- TODO: check
+ NOT-FOR-US: robinweser fast-loops
CVE-2024-39003 (amoyjs amoy common v1.0.10 was discovered to contain a
prototype pollu ...)
- TODO: check
+ NOT-FOR-US: amoyjs amoy common
CVE-2024-39002 (rjrodger jsonic-next v2.12.1 was discovered to contain a
prototype pol ...)
- TODO: check
+ NOT-FOR-US: rjrodger jsonic-next
CVE-2024-39001 (ag-grid-enterprise v31.3.2 was discovered to contain a
prototype pollu ...)
- TODO: check
+ NOT-FOR-US: ag-grid-enterprise
CVE-2024-39000 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a
prototype ...)
- TODO: check
+ NOT-FOR-US: ratio-swiper Nodejs module
CVE-2024-38999 (jrburke requirejs v2.3.6 was discovered to contain a prototype
polluti ...)
- requirejs <unfixed>
NOTE: https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
@@ -175,21 +175,21 @@ CVE-2024-38998 (jrburke requirejs v2.3.6 was discovered
to contain a prototype p
- requirejs <unfixed>
NOTE: https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
CVE-2024-38997 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a
prototype ...)
- TODO: check
+ NOT-FOR-US: ratio-swiper Nodejs module
CVE-2024-38996 (ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were
discover ...)
- TODO: check
+ NOT-FOR-US: ag-grid-community
CVE-2024-38994 (amoyjs amoy common v1.0.10 was discovered to contain a
prototype pollu ...)
- TODO: check
+ NOT-FOR-US: amoyjs amoy common
CVE-2024-38993 (rjrodger jsonic-next v2.12.1 was discovered to contain a
prototype pol ...)
- TODO: check
+ NOT-FOR-US: jsonic-next Nodejs module
CVE-2024-38992 (airvertco frappejs v0.0.11 was discovered to contain a
prototype pollu ...)
- TODO: check
+ NOT-FOR-US: frappejs Nodejs module
CVE-2024-38991 (akbr patch-into v1.0.1 was discovered to contain a prototype
pollution ...)
- TODO: check
+ NOT-FOR-US: patch-into Nodejs module
CVE-2024-38990 (Tada5hi sp-common v0.5.4 was discovered to contain a prototype
polluti ...)
- TODO: check
+ NOT-FOR-US: Tada5hi sp-common
CVE-2024-38987 (aofl cli-lib v3.14.0 was discovered to contain a prototype
pollution v ...)
- TODO: check
+ NOT-FOR-US: aofl cli-lib
CVE-2024-38953 (phpok 6.4.003 contains a Cross Site Scripting (XSS)
vulnerability in t ...)
NOT-FOR-US: phpok
CVE-2024-38513 (Fiber is an Express-inspired web framework written in Go A
vulnerabili ...)
@@ -197,9 +197,9 @@ CVE-2024-38513 (Fiber is an Express-inspired web framework
written in Go A vulne
CVE-2024-37298 (gorilla/schema converts structs to and from form values. Prior
to vers ...)
TODO: check
CVE-2024-37146 (Flowise is a drag & drop user interface to build a customized
large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2024-37145 (Flowise is a drag & drop user interface to build a customized
large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2024-36997 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10
and Splun ...)
NOT-FOR-US: Splunk Enterprise
CVE-2024-36996 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10
and Splun ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/390d06e40b5d0be55ad1563307c71b0bb37fe0b7
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/390d06e40b5d0be55ad1563307c71b0bb37fe0b7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
