Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6a406920 by Salvatore Bonaccorso at 2024-10-31T21:50:28+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -40,53 +40,53 @@ CVE-2024-50802 (A SQL Injection vulnerability was
discovered in AbanteCart 1.4.0
CVE-2024-50801 (A SQL Injection vulnerability was discovered in AbanteCart
1.4.0 in th ...)
NOT-FOR-US: AbanteCart
CVE-2024-50356 (Press, a Frappe custom app that runs Frappe Cloud, manages
infrastruct ...)
- TODO: check
+ NOT-FOR-US: Press app for Frappe
CVE-2024-50354 (gnark is a fast zk-SNARK library that offers a high-level API
to desig ...)
TODO: check
CVE-2024-50347 (Laravel Reverb provides a real-time WebSocket communication
backend fo ...)
TODO: check
CVE-2024-49685 (Cross-Site Request Forgery (CSRF) vulnerability in Smash
Balloon Custo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49674 (Cross-Site Request Forgery (CSRF) vulnerability in Lukas Huser
EKC Tou ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48910 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS
sanitizer for H ...)
TODO: check
CVE-2024-48360 (Qualitor v8.24 was discovered to contain a Server-Side Request
Forgery ...)
- TODO: check
+ NOT-FOR-US: Qualitor
CVE-2024-48359 (Qualitor v8.24 was discovered to contain a remote code
execution (RCE) ...)
- TODO: check
+ NOT-FOR-US: Qualitor
CVE-2024-48200 (An issue in MobaXterm v24.2 allows a local attacker to
escalate privil ...)
- TODO: check
+ NOT-FOR-US: MobaXterm
CVE-2024-43984 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove
Podlove Pod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43933 (Cross-Site Request Forgery (CSRF) vulnerability in
WPMobile.App allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43930 (Cross-Site Request Forgery (CSRF) vulnerability in eyecix
JobSearch al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43383 (Deserialization of Untrusted Data vulnerability in Apache
Lucene.Net.R ...)
TODO: check
CVE-2024-42835 (langflow v1.0.12 was discovered to contain a remote code
execution (RC ...)
- TODO: check
+ NOT-FOR-US: langflow-ai/langflow
CVE-2024-42515 (Glossarizer through 1.5.2 improperly tries to convert text
into HTML. ...)
TODO: check
CVE-2024-39722 (An issue was discovered in Ollama before 0.1.46. It exposes
which file ...)
- TODO: check
+ NOT-FOR-US: Ollama
CVE-2024-39721 (An issue was discovered in Ollama before 0.1.34. The
CreateModelHandle ...)
- TODO: check
+ NOT-FOR-US: Ollama
CVE-2024-39720 (An issue was discovered in Ollama before 0.1.46. An attacker
can use t ...)
- TODO: check
+ NOT-FOR-US: Ollama
CVE-2024-39719 (An issue was discovered in Ollama through 0.3.14. File
existence discl ...)
- TODO: check
+ NOT-FOR-US: Ollama
CVE-2024-39332 (Webswing 23.2.2 allows remote attackers to modify client-side
JavaScri ...)
- TODO: check
+ NOT-FOR-US: Webswing
CVE-2024-30149 (HCL AppScan Source <= 10.6.0 does not properly validate a
TLS/SSL cert ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-10454 (Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the
'/public/ ...)
- TODO: check
+ NOT-FOR-US: Clibo Manager
CVE-2023-52045 (Studio-42 eLfinder 2.1.62 contains a filename restriction
bypass leadi ...)
- TODO: check
+ NOT-FOR-US: Studio-42 eLfinder
CVE-2023-52044 (Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code
Execution (RCE) ...)
- TODO: check
+ NOT-FOR-US: Studio-42 eLfinder
CVE-2024-9708 (The Easy SVG Upload plugin for WordPress is vulnerable to
Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9700 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom
Form B ...)
@@ -136,17 +136,17 @@ CVE-2024-43382 (Snowflake JDBC driver versions >= 3.2.6
and <= 3.19.1 have an In
CVE-2024-21537 (Versions of the package lilconfig from 3.1.0 and before 3.1.1
are vuln ...)
TODO: check
CVE-2024-10561 (A vulnerability was found in Codezips Pet Shop Management
System 1.0. ...)
- TODO: check
+ NOT-FOR-US: Codezips Pet Shop Management System
CVE-2024-10559 (A vulnerability was found in SourceCodester Airport Booking
Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Airport Booking Management System
CVE-2024-10557 (A vulnerability has been found in code-projects Blood Bank
Management ...)
- TODO: check
+ NOT-FOR-US: code-projects Blood Bank Management System
CVE-2024-10556 (A vulnerability, which was classified as critical, was found
in Codezi ...)
- TODO: check
+ NOT-FOR-US: Codezips Pet Shop Management System
CVE-2024-10544 (The Woo Manage Fraud Orders plugin for WordPress is vulnerable
to Sens ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10392 (The AI Power: Complete AI Pack plugin for WordPress is
vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10086 (A vulnerability was identified in Consul and Consul Enterprise
such th ...)
TODO: check
CVE-2024-10006 (A vulnerability was identified in Consul and Consul Enterprise
(\u201c ...)
@@ -182,7 +182,7 @@ CVE-2024-51257 (DrayTek Vigor3900 1.5.1.3 allows attackers
to inject malicious c
CVE-2024-50419 (Incorrect Authorization vulnerability in Wpsoul Greenshift
\u2013 anim ...)
NOT-FOR-US: WordPress plugin
CVE-2024-50353 (ICG.AspNetCore.Utilities.CloudStorage is a collection of cloud
storage ...)
- TODO: check
+ NOT-FOR-US: ICG.AspNetCore.Utilities.CloudStorage
CVE-2024-50344 (I, Librarian is an open-source version of a PDF managing SaaS.
Supplem ...)
TODO: check
CVE-2024-48648 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
the Sag ...)
@@ -206,7 +206,7 @@ CVE-2024-48202 (icecms <=3.4.7 has a File Upload
vulnerability in FileUtils.java
CVE-2024-46531 (phpgurukul Vehicle Record Management System v1.0 was
discovered to con ...)
NOT-FOR-US: phpgurukul Vehicle Record Management System
CVE-2024-42041 (The com.videodownload.browser.videodownloader (aka
AppTool-Browser-Vid ...)
- TODO: check
+ NOT-FOR-US: com.videodownload.browser.videodownloader (aka
AppTool-Browser-Video All Video Downloader) application
CVE-2024-3935 (In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a
Mosquitt ...)
- mosquitto 2.0.20-1
NOTE:
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197
@@ -246,13 +246,13 @@ CVE-2024-24777 (A cross-site request forgery (CSRF)
vulnerability exists in the
CVE-2024-23309 (The LevelOne WBR-6012 router with firmware R0.40e6 has an
authenticati ...)
NOT-FOR-US: LevelOne WBR-6012 router
CVE-2024-10546 (A vulnerability classified as critical was found in
open-scratch Teach ...)
- TODO: check
+ NOT-FOR-US: open-scratch Teaching
CVE-2024-10525 (In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a
maliciou ...)
- mosquitto 2.0.20-1
NOTE:
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190
NOTE: https://mosquitto.org/blog/2024/10/version-2-0-19-released/
CVE-2024-10456 (Delta Electronics InfraSuite Device Master versions prior to
1.0.12 ar ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2024-10573 (An out-of-bounds write flaw was found in mpg123 when handling
crafted ...)
- mpg123 1.32.8-1 (bug #1086443)
NOTE: https://www.openwall.com/lists/oss-security/2024/10/30/2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a406920a6013bb8644de817b0747c1a3c6da7d3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a406920a6013bb8644de817b0747c1a3c6da7d3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
