Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
934336e4 by Moritz Muehlenhoff at 2024-08-08T10:06:40+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,7 +27,7 @@ CVE-2024-7579 (A vulnerability was found in Alien Technology
ALR-F800 up to 19.1
CVE-2024-7578 (A vulnerability was found in Alien Technology ALR-F800 up to
19.10.24. ...)
NOT-FOR-US: Alien Technology ALR-F800
CVE-2024-7553 (Incorrect validation of files loaded from a local untrusted
directory ...)
- TODO: check
+ - mongodb <not-affected> (Windows-specific)
CVE-2024-7355 (The Organization chart plugin for WordPress is vulnerable to
Stored Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2024-7353 (The Accept Stripe Payments plugin for WordPress is vulnerable
to Store ...)
@@ -93,15 +93,15 @@ CVE-2024-34480 (SourceCodester Computer Laboratory
Management System 1.0 allows
CVE-2024-34479 (SourceCodester Computer Laboratory Management System 1.0
allows classe ...)
NOT-FOR-US: SourceCodester Computer Laboratory Management System
CVE-2024-20479 (A vulnerability in the web-based management interface of Cisco
ISE cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20454 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20451 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20450 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20443 (A vulnerability in the web-based management interface of Cisco
ISE cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-42250 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.9.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -294,11 +294,11 @@ CVE-2024-6357 (Insecure Direct Object Reference
vulnerability identified in Open
CVE-2024-43114 (In JetBrains TeamCity before 2024.07.1 possible privilege
escalation d ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2024-43113 (The contextual menu for links could provide an opportunity for
cross-s ...)
- TODO: check
+ - firefox <not-affected> (iOS-specific)
CVE-2024-43112 (Long pressing on a download link could potentially provide a
means for ...)
- TODO: check
+ - firefox <not-affected> (iOS-specific)
CVE-2024-43111 (Long pressing on a download link could potentially allow
Javascript co ...)
- TODO: check
+ - firefox <not-affected> (iOS-specific)
CVE-2024-42400 (Multiple unauthenticated Denial-of-Service (DoS)
vulnerabilities exist ...)
NOT-FOR-US: HPE
CVE-2024-42399 (Multiple unauthenticated Denial-of-Service (DoS)
vulnerabilities exist ...)
@@ -376,11 +376,11 @@ CVE-2024-33983 (Cross-Site Scripting (XSS) vulnerability
in School Attendance Mo
CVE-2024-33982 (Cross-Site Scripting (XSS) vulnerability in School Attendance
Monitori ...)
NOT-FOR-US: School Attendance Monitoring System and School Event
Management System
CVE-2024-33981 (Cross-Site Scripting (XSS) vulnerability in PayPal, Credit
Card and De ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33980 (Cross-Site Scripting (XSS) vulnerability in PayPal, Credit
Card and De ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33979 (Cross-Site Scripting (XSS) vulnerability in PayPal, Credit
Card and De ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33978 (Cross-Site Scripting (XSS) vulnerability in E-Negosyo System
affecting ...)
NOT-FOR-US: E-Negosyo System
CVE-2024-33977 (Cross-Site Scripting (XSS) vulnerability in E-Negosyo System
affecting ...)
@@ -390,45 +390,45 @@ CVE-2024-33976 (Cross-Site Scripting (XSS) vulnerability
in E-Negosyo System aff
CVE-2024-33975 (Cross-Site Scripting (XSS) vulnerability in E-Negosyo System
affecting ...)
NOT-FOR-US: E-Negosyo System
CVE-2024-33974 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33973 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33972 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33971 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33970 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33969 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33968 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33967 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33966 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33965 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33964 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33963 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33962 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33961 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33960 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33959 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
- TODO: check
+ NOT-FOR-US: Janobe
CVE-2024-33958 (SQL injection vulnerability in E-Negosyo System affecting
version 1.0. ...)
NOT-FOR-US: E-Negosyo System
CVE-2024-33957 (SQL injection vulnerability in E-Negosyo System affecting
version 1.0. ...)
NOT-FOR-US: E-Negosyo System
CVE-2024-33897 (A compromised HMS Networks Cosy+ device could be used to
request a Cer ...)
- TODO: check
+ NOT-FOR-US: Cosy+
CVE-2024-30170 (PrivX before 34.0 allows data exfiltration and denial of
service via t ...)
- TODO: check
+ NOT-FOR-US: PrivX
CVE-2024-28740 (Cross Site Scripting vulnerability in Koha ILS 23.05 and
before allows ...)
NOT-FOR-US: Koha ILS
CVE-2024-28739 (An issue in Koha ILS 23.05 and before allows a remote attacker
to exec ...)
@@ -641,9 +641,9 @@ CVE-2024-5708 (The WPBakery Visual Composer plugin for
WordPress is vulnerable t
CVE-2024-42352 (Nuxt is a free and open-source framework to create full-stack
web appl ...)
NOT-FOR-US: Nuxt
CVE-2024-41995 (Initialization of a resource with an insecure default
vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Ricoh
CVE-2024-41820 (Kubean is a cluster lifecycle management toolchain based on
kubespray ...)
- TODO: check
+ NOT-FOR-US: Kubean
CVE-2024-41816 (Cooked is a recipe plugin for WordPress. The Cooked plugin for
WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2024-41811 (ipl/web is a set of common web components for php projects.
Some of th ...)
@@ -713,7 +713,7 @@ CVE-2024-6865
CVE-2024-6361 (Improper Neutralization vulnerability (XSS) has been discovered
in Ope ...)
NOT-FOR-US: OpenText ALM Octane
CVE-2024-4607 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel
Driver, Arm ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2024-42350 (Biscuit is an authorization token with decentralized
verification, off ...)
NOT-FOR-US: Biscuit
CVE-2024-41960 (mailcow: dockerized is an open source groupware/email suite
based on d ...)
@@ -775,7 +775,7 @@ CVE-2024-33011 (Transient DOS while parsing the MBSSID IE
from the beacons, when
CVE-2024-33010 (Transient DOS while parsing fragments of MBSSID IE from beacon
frame.)
NOT-FOR-US: Qualcomm
CVE-2024-2937 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel
Driver, Arm ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2024-23384 (Memory corruption when the mapped pages in VBO are still
mapped after ...)
NOT-FOR-US: Qualcomm
CVE-2024-23383 (Memory corruption when kernel driver attempts to trigger
hardware fenc ...)
@@ -797,9 +797,9 @@ CVE-2024-23352 (Transient DOS when NAS receives ODAC
criteria of length 1 and ty
CVE-2024-23350 (Permanent DOS when DL NAS transport receives multiple payloads
such th ...)
NOT-FOR-US: Qualcomm
CVE-2024-21980 (Improper restriction of write operations in SNP firmware could
allow a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21978 (Improper input validation in SEV-SNP could allow a malicious
hyperviso ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21481 (Memory corruption when preparing a shared memory notification
for a me ...)
NOT-FOR-US: Qualcomm
CVE-2024-21479 (Transient DOS during music playback of ALAC content.)
@@ -809,7 +809,7 @@ CVE-2024-21467 (Information disclosure while handling
beacon probe frame during
CVE-2024-21459 (Information disclosure while handling beacon or probe response
frame i ...)
NOT-FOR-US: Qualcomm
CVE-2023-31355 (Improper restriction of write operations in SNP firmware could
allow a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-7383 (A flaw was found in libnbd. The client did not always correctly
verify ...)
- libnbd 1.20.2-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2302865
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/934336e42bc976056ee2605a7175bfbbac0ccba9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/934336e42bc976056ee2605a7175bfbbac0ccba9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
