Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0ba37325 by Moritz Muehlenhoff at 2024-10-08T13:51:44+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,27 +19,27 @@ CVE-2024-47968 (Improper resource shutdown in middle of
certain operations on so
CVE-2024-47967 (Improper resource initialization handling in firmware of some
Solidigm ...)
NOT-FOR-US: Solidigm DC
CVE-2024-47818 (Saltcorn is an extensible, open source, no-code database
application b ...)
- TODO: check
+ NOT-FOR-US: Saltcorn
CVE-2024-47817 (Lara-zeus Dynamic Dashboard simple way to manage widgets for
your webs ...)
- TODO: check
+ NOT-FOR-US: Lara-zeus Dynamic Dashboard
CVE-2024-47814 (Vim is an open source, command line text editor. A
use-after-free was ...)
- vim <unfixed>
NOTE: https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg
NOTE: https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3
(v9.1.0764)
CVE-2024-47782 (WikiDiscover is an extension designed for use with a
CreateWiki manage ...)
- TODO: check
+ NOT-FOR-US: WikiDiscover MediaWiki extension
CVE-2024-47781 (CreateWiki is an extension used at Miraheze for requesting &
creating ...)
NOT-FOR-US: CreateWiki MediaWiki extension
CVE-2024-47772 (Discourse is an open source platform for community discussion.
An atta ...)
NOT-FOR-US: Discourse
CVE-2024-47610 (InvenTree is an Open Source Inventory Management System. In
affected v ...)
- TODO: check
+ NOT-FOR-US: InvenTree
CVE-2024-47594 (SAP NetWeaver Enterprise Portal (KMC) does not sufficiently
encode use ...)
NOT-FOR-US: SAP
CVE-2024-47095 (Cross Site Scripting vulnerability in Follet School Solutions
Destiny ...)
- TODO: check
+ NOT-FOR-US: Follet School Solutions
CVE-2024-45919 (A security flaw has been discovered in Solvait version 24.4.2
that all ...)
- TODO: check
+ NOT-FOR-US: Solvait
CVE-2024-45874 (A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows
attackers ...)
NOT-FOR-US: VegaBird
CVE-2024-45873 (A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2
allows attack ...)
@@ -105,9 +105,9 @@ CVE-2024-34663 (Integer overflow in libSEF.quram.so prior
to SMR Oct-2024 Releas
CVE-2024-34662 (Improper access control in ActivityManager prior to SMR
Oct-2024 Relea ...)
NOT-FOR-US: Samsung
CVE-2024-21533 (All versions of the package ggit are vulnerable to Arbitrary
Argument ...)
- TODO: check
+ NOT-FOR-US: Node ggit
CVE-2024-21532 (All versions of the package ggit are vulnerable to Command
Injection v ...)
- TODO: check
+ NOT-FOR-US: Node ggit
CVE-2024-9576 (Vulnerability in Distro Linux Workbooth v2.5 that allows to
escalate p ...)
NOT-FOR-US: Distro Linux Workbooth
CVE-2024-9574 (SQL injection vulnerability in SOPlanning <1.45, via
/soplanning/www/u ...)
@@ -135,77 +135,77 @@ CVE-2024-47975 (Improper access control validation in
firmware of some Solidigm
CVE-2024-47972 (Improper resource management in firmware of some Solidigm DC
Products ...)
NOT-FOR-US: Solidigm DC
CVE-2024-47971 (Improper error handling in firmware of some SSD DC Products
may allow ...)
- TODO: check
+ NOT-FOR-US: Solidigmt
CVE-2024-47559 (Authenticated RCE via Path Traversal)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-47558 (Authenticated RCE via Path Traversal)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-47557 (Pre-Auth RCE via Path Traversal)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-47556 (Pre-Auth RCE via Path Traversal)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-47555 (Missing Authentication - User & System Configuration)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-47079 (Meshtastic is an open source, off-grid, decentralized, mesh
network bu ...)
- TODO: check
+ NOT-FOR-US: Meshtastic
CVE-2024-46446 (Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An
attacker can ...)
- TODO: check
+ NOT-FOR-US: Mecha CMS
CVE-2024-46325 (TP-Link WR740N V6 has a stack overflow vulnerability via the
ssid para ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-46300 (itsourcecode Placement Management System 1.0 is vulnerable to
Cross Si ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Placement Management System
CVE-2024-46278 (Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the
managem ...)
- TODO: check
+ NOT-FOR-US: Teedy
CVE-2024-46076 (RuoYi v4.7.9 and before has a security flaw that allows
escaping from ...)
- TODO: check
+ NOT-FOR-US: RuoYi
CVE-2024-46041 (IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to
Authenticatio ...)
- TODO: check
+ NOT-FOR-US: IoT Haat Smart Plug
CVE-2024-46040 (IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers
from Insuf ...)
- TODO: check
+ NOT-FOR-US: IoT Haat Smart Plug
CVE-2024-45933 (OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting
(XSS) which ...)
- TODO: check
+ NOT-FOR-US: OnlineNewsSite
CVE-2024-45932 (Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS)
via the ...)
- TODO: check
+ NOT-FOR-US: Krayin CRM
CVE-2024-45894 (BlueCMS 1.6 suffers from Arbitrary File Deletion via the
file_name par ...)
- TODO: check
+ NOT-FOR-US: BlueCMS
CVE-2024-45293 (PHPSpreadsheet is a pure PHP library for reading and writing
spreadshe ...)
- TODO: check
+ NOT-FOR-US: PHPSpreadsheet
CVE-2024-45292 (PHPSpreadsheet is a pure PHP library for reading and writing
spreadshe ...)
- TODO: check
+ NOT-FOR-US: PHPSpreadsheet
CVE-2024-45153 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-44674 (D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow.
In the fu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-44068 (An issue was discovered in the m2m scaler driver in Samsung
Mobile Pro ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-43047 (Memory corruption while maintaining memory maps of HLOS
memory.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-42831 (A reflected cross-site scripting (XSS) vulnerability in
Elaine's Realt ...)
- TODO: check
+ NOT-FOR-US: Elaine's Realtime CRM Automation
CVE-2024-42027 (The E2EE password entropy generated by Rocket.Chat Mobile
prior to ver ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat Mobile
CVE-2024-38425 (Information disclosure while sending implicit broadcast
containing APP ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38399 (Memory corruption while processing user packets to generate
page fault ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38397 (Transient DOS while parsing probe response and assoc response
frame.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33073 (Information disclosure while parsing the BSS parameter change
count or ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33071 (Transient DOS while parsing the MBSSID IE from the beacons
when IE len ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33070 (Transient DOS while parsing ESP IE from beacon/probe response
frame.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33069 (Transient DOS when transmission of management frame sent by
host is no ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33066 (Memory corruption while redirecting log file to any file
location with ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33065 (Memory corruption while taking snapshot when an offset
variable is set ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33064 (Information disclosure while parsing the multiple MBSSID IEs
from the ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33049 (Transient DOS while parsing noninheritance IE of Extension
element whe ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-31449 (Redis is an open source, in-memory database that persists on
disk. An ...)
- redis <unfixed>
NOTE:
https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5
@@ -220,31 +220,31 @@ CVE-2024-31227 (Redis is an open source, in-memory
database that persists on dis
NOTE:
https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh
NOTE:
https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a
(7.2.6)
CVE-2024-28710 (Cross Site Scripting vulnerability in LimeSurvey before
6.5.0+240319 a ...)
- TODO: check
+ - limesurvey <itp> (bug #472802)
CVE-2024-28709 (Cross Site Scripting vulnerability in LimeSurvey before
6.5.12+240611 ...)
- TODO: check
+ - limesurvey <itp> (bug #472802)
CVE-2024-27458 (A potential security vulnerability has been identified in the
HP Hotke ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-23379 (Memory corruption while unmapping the fastrpc map when two
threads can ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-23378 (Memory corruption while invoking IOCTL calls for MSM module
from the u ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-23376 (Memory corruption while sending the persist buffer command
packet from ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-23375 (Memory corruption during the network scan request.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-23374 (Memory corruption is possible when an attempt is made from
userspace o ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-23370 (Memory corruption when a process invokes IOCTL calls from
user-space t ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-23369 (Memory corruption when invalid length is provided from HLOS
for FRS/UD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-21455 (Memory corruption when a compat IOCTL call is followed by
another IOCT ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-6362 (A vulnerability has been discovered in Winhex affecting version
16.1 S ...)
- TODO: check
+ NOT-FOR-US: Winhex
CVE-2023-6361 (A vulnerability has been discovered in Winhex affecting version
16.1 S ...)
- TODO: check
+ NOT-FOR-US: Winhex
CVE-2024-9565 (A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA
and cla ...)
NOT-FOR-US: D-Link
CVE-2024-9564 (A vulnerability, which was classified as critical, was found in
D-Link ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ba37325385d1f0a87c0439cc025a6df753c23e5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ba37325385d1f0a87c0439cc025a6df753c23e5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
