Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c89cf818 by Moritz Muehlenhoff at 2024-11-10T21:03:08+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1305,7 +1305,7 @@ CVE-2024-6626 (The EleForms \u2013 All In One Form
Integration including DB for
CVE-2024-52043 (Generation of Error Message Containing Sensitive Informationin
HumHub ...)
NOT-FOR-US: HumHub
CVE-2024-51756 (The cap-std project is organized around the eponymous
`cap-std` crate, ...)
- TODO: check
+ NOT-FOR-US: Rust crate cap-std
CVE-2024-51745 (Wasmtime is a fast and secure runtime for WebAssembly.
Wasmtime's file ...)
NOT-FOR-US: wasmtime
CVE-2024-51358 (An issue in Linux Server Heimdall v.2.6.1 allows a remote
attacker to ...)
@@ -2820,7 +2820,7 @@ CVE-2024-43933 (Cross-Site Request Forgery (CSRF)
vulnerability in WPMobile.App
CVE-2024-43930 (Cross-Site Request Forgery (CSRF) vulnerability in eyecix
JobSearch al ...)
NOT-FOR-US: WordPress plugin
CVE-2024-43383 (Deserialization of Untrusted Data vulnerability in Apache
Lucene.Net.R ...)
- TODO: check
+ NOT-FOR-US: Apache Lucene.Net.Replicator
CVE-2024-42835 (langflow v1.0.12 was discovered to contain a remote code
execution (RC ...)
NOT-FOR-US: langflow-ai/langflow
CVE-2024-42515 (Glossarizer through 1.5.2 improperly tries to convert text
into HTML. ...)
@@ -3138,7 +3138,7 @@ CVE-2024-48063 (In PyTorch <=2.4.1, the RemoteModule has
Deserialization RCE. NO
NOTE:
https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c
NOTE: Non issue as only documented to be used for internal
communication:
NOTE:
https://github.com/pytorch/pytorch/security/policy#using-distributed-features
- TODO: should probably be rejected, similar as CVE-2024-5480 got
rejected, MITRE contacted
+ NOTE: should probably be rejected, similar as CVE-2024-5480 got
rejected, MITRE contacted
CVE-2024-44081 (In Jitsi Meet before 2.0.9779, the functionality to share a
video file ...)
- jitsi-meet <itp> (bug #760485)
CVE-2024-44080 (In Jitsi Meet before 2.0.9779, the functionality to share an
image usi ...)
@@ -6864,7 +6864,7 @@ CVE-2023-52917 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2024-8625 (The TS Poll WordPress plugin before 2.4.0 does not sanitize
and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2024-49215 (An issue was discovered in Sangoma Asterisk through 18.20.0,
19.x and ...)
- TODO: seems bogus, reached out to upstream
+ NOTE: seems bogus, reached out to upstream
CVE-2024-43689 (Stack-based buffer overflow vulnerability exists in
WAB-I1750-PS and W ...)
NOT-FOR-US: ELECOM
CVE-2024-10202 (Administrative Management System from Wellchoose has an OS
Command Inj ...)
@@ -353190,7 +353190,7 @@ CVE-2020-11923 (An issue was discovered in WiZ Colors
A60 1.14.0. API credential
CVE-2020-11922 (An issue was discovered in WiZ Colors A60 1.14.0. The device
sends unn ...)
NOT-FOR-US: WiZ Colors A60
CVE-2020-11921 (An issue was discovered in Lush 2 through 2020-02-25. Due to
the lack ...)
- TODO: check
+ NOT-FOR-US: Lush 2
CVE-2020-11920 (An issue was discovered in Svakom Siime Eye
14.1.00000001.3.330.0.0.3. ...)
NOT-FOR-US: Svakom Siime Eye
CVE-2020-11919 (An issue was discovered in Siime Eye
14.1.00000001.3.330.0.0.3.14. The ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c89cf8180c2bf702044908fce693878a5db78073
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c89cf8180c2bf702044908fce693878a5db78073
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
