Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a6befb2d by Moritz Mühlenhoff at 2024-10-16T17:05:49+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -116,24 +116,24 @@ CVE-2024-45216 (Improper Authentication vulnerability in
Apache Solr. Solr inst
CVE-2024-45085 (IBM WebSphere Application Server 8.5 is vulnerable to a denial
of serv ...)
NOT-FOR-US: IBM
CVE-2024-44775 (An issue in kmqtt v0.2.7 allows attackers to cause a Denial of
Service ...)
- TODO: check
+ NOT-FOR-US: kmqtt
CVE-2024-41311 (In Libheif 1.17.6, insufficient checks in
ImageOverlay::parse() decodi ...)
- libheif 1.18.1-1
NOTE: https://github.com/strukturag/libheif/issues/1226
NOTE: https://github.com/strukturag/libheif/pull/1227
NOTE:
https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36
(v1.18.0)
CVE-2024-38204 (Improper Access Control in Imagine Cup allows an authorized
attacker t ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38190 (Missing authorization in Power Platform allows an
unauthenticated atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38139 (Improper authentication in Microsoft Dataverse allows an
authorized at ...)
NOT-FOR-US: Microsoft
CVE-2024-31955 (An issue was discovered in Samsung eMMC with KLMAG2GE4A and
KLM8G1WEMB ...)
NOT-FOR-US: MicrosoftSamsung
CVE-2024-10018 (Improper permission control in the mobile application
(com.transsion.a ...)
- TODO: check
+ NOT-FOR-US: com.transsion.aivoiceassistant
CVE-2024-10004 (Opening an external link to an HTTP website when Firefox iOS
was previ ...)
- TODO: check
+ - firefox <not-affected> (Specific to iOS)
CVE-2023-7296 (The BigBlueButton plugin for WordPress is vulnerable to Stored
Cross-S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-7295 (The Video Grid plugin for WordPress is vulnerable to Reflected
Cross-S ...)
@@ -338,17 +338,17 @@ CVE-2024-47771 (Element Desktop is a Matrix client for
desktop platforms. Elemen
CVE-2024-47080 (matrix-js-sdk is the Matrix Client-Server SDK for JavaScript
and TypeS ...)
NOT-FOR-US: matrix-js-sdk
CVE-2024-45276 (An unauthenticated remote attacker can get read access to
files in the ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2024-45275 (The devices contain two hard coded user accounts with
hardcoded passwo ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2024-45274 (An unauthenticated remote attacker can execute OS commands via
UDP on ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2024-45273 (An unauthenticated local attacker can decrypt the devices
config file ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2024-45272 (An unauthenticated remote attacker can perform a brute-force
attack on ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2024-45271 (An unauthenticated local attacker can gain admin privileges by
deployi ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2024-44337 (The package `github.com/gomarkdown/markdown` is a Go library
for parsi ...)
TODO: check
CVE-2024-41344 (A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13
allows attac ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6befb2d8931469f00c2c8a4ba91ef5707848db0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6befb2d8931469f00c2c8a4ba91ef5707848db0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
