Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bb520a5b by Moritz Muehlenhoff at 2024-11-18T16:21:33+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43,15 +43,15 @@ CVE-2024-52913 (In Bitcoin Core before 0.21.0, an attacker
could prevent a node
CVE-2024-52912 (Bitcoin Core before 0.21.0 allows a network split that is
resultant fr ...)
- bitcoin <removed>
CVE-2024-49574 (Zohocorp ManageEngine ADAudit Plus versions below 8123 are
vulnerable ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine ADAudit Plus
CVE-2024-43704 (Software installed and run as a non-privileged user may
conduct improp ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2024-38828 (Spring MVC controller methods with an @RequestBody
byte[]method parame ...)
- libspring-java <unfixed> (unimportant)
NOTE: https://spring.io/security/cve-2024-38828
NOTE: Only supported for building applications shipped in Debian, see
README.Debian.security
CVE-2024-22067 (ZTE NH8091 product has an improper permission control
vulnerability. D ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2024-11315 (The DVC from TRCore has a Path Traversal vulnerability and
does not re ...)
NOT-FOR-US: TRCore DVC
CVE-2024-11314 (The DVC from TRCore has a Path Traversal vulnerability and
does not re ...)
@@ -69,13 +69,13 @@ CVE-2024-11309 (The DVC from TRCore has a Path Traversal
vulnerability, allowing
CVE-2024-11308 (The DVC from TRCore encrypts files using a hardcoded key.
Attackers ca ...)
NOT-FOR-US: TRCore DVC
CVE-2024-11306 (A vulnerability, which was classified as critical, has been
found in A ...)
- TODO: check
+ NOT-FOR-US: Altenergy Power Control Software
CVE-2024-11305 (A vulnerability classified as critical was found in Altenergy
Power Co ...)
- TODO: check
+ NOT-FOR-US: Altenergy Power Control Software
CVE-2019-25220 (Bitcoin Core before 24.0.1 allows remote attackers to cause a
denial o ...)
- bitcoin <removed>
CVE-2015-20111 (miniupnp before 4c90b87, as used in Bitcoin Core before 0.12
and other ...)
- TODO: check
+ - bitcoin <removed>
CVE-2024-52876 (Holy Stone Remote ID Module HSRID01, firmware distributed with
the Dro ...)
NOT-FOR-US: Holy Stone Remote ID Module HSRID01
CVE-2024-52872 (In Flagsmith before 2.134.1, the get_document endpoint is not
correctl ...)
@@ -174,7 +174,7 @@ CVE-2024-11262 (A vulnerability has been found in
SourceCodester Student Record
CVE-2024-11261 (A vulnerability, which was classified as critical, was found
in Source ...)
NOT-FOR-US: SourceCodester Student Record Management System
CVE-2024-11217 (A vulnerability was found in the OAuth-server. OAuth-server
logs the O ...)
- TODO: check
+ NOT-FOR-US: OpenShift (internal oauth-server)
CVE-2024-11118 (The 404 Error Monitor plugin for WordPress is vulnerable to
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11094 (The 404 Solution plugin for WordPress is vulnerable to
Sensitive Infor ...)
@@ -511,7 +511,7 @@ CVE-2024-11237 (A vulnerability, which was classified as
critical, has been foun
CVE-2024-11182 (An XSS issue was discovered in MDaemon Email Server before
version24 ...)
NOT-FOR-US: MDaemon
CVE-2024-10934 (In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata
021, a ...)
- TODO: check
+ NOT-FOR-US: OpenBSD
CVE-2024-10691
REJECTED
CVE-2024-10534 (Origin Validation Error vulnerability in Dataprom Informatics
Personne ...)
@@ -644,7 +644,7 @@ CVE-2024-5125 (parisneo/lollms-webui version 9.6 is
vulnerable to Cross-Site Scr
CVE-2024-52524 (Giskard is an evaluation and testing framework for AI systems.
A Remot ...)
NOT-FOR-US: Giskard
CVE-2024-52505 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix
messaging ...)
- TODO: check
+ NOT-FOR-US: matrix-appservice-irc
CVE-2024-52396 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: realmag777 WOLF
CVE-2024-52393 (Improper Neutralization of Special Elements Used in a Template
Engine ...)
@@ -682,7 +682,7 @@ CVE-2024-52370 (Unrestricted Upload of File with Dangerous
Type vulnerability in
CVE-2024-52369 (Unrestricted Upload of File with Dangerous Type vulnerability
in Optim ...)
NOT-FOR-US: WordPress plugin
CVE-2024-52302 (common-user-management is a robust Spring Boot application
featuring u ...)
- TODO: check
+ NOT-FOR-US: common-user-management
CVE-2024-51688 (Cross-Site Request Forgery (CSRF) vulnerability in FraudLabs
Pro Fraud ...)
NOT-FOR-US: WordPress plugin
CVE-2024-50843 (A Directory listing issue was found in PHPGurukul User
Registration & ...)
@@ -738,7 +738,7 @@ CVE-2024-49025 (Microsoft Edge (Chromium-based) Information
Disclosure Vulnerabi
CVE-2024-48284 (A Reflected Cross-Site Scripting (XSS) vulnerability was found
in the ...)
NOT-FOR-US: PHPGurukul User Registration & Login and User Management
System
CVE-2024-47916 (Boa web server - CWE-22: Improper Limitation of a Pathname to
a Restri ...)
- TODO: check
+ - boa <removed>
CVE-2024-47915 (VaeMendis - CWE-200: Exposure of Sensitive Information to an
Unauthor ...)
NOT-FOR-US: VaeMendis
CVE-2024-47914 (VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF))
@@ -772,7 +772,7 @@ CVE-2024-2551 (A null pointer dereference vulnerability in
Palo Alto Networks PA
CVE-2024-2550 (A null pointer dereference vulnerability in the GlobalProtect
gateway ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2024-1682 (An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an
audio f ...)
- TODO: check
+ NOT-FOR-US: psf/requests documentation
CVE-2024-11215 (Absolute path traversal (incorrect restriction of a path to a
restrict ...)
NOT-FOR-US: EasyPHP web server
CVE-2024-11214 (A vulnerability has been found in SourceCodester Best Employee
Managem ...)
@@ -792,7 +792,7 @@ CVE-2024-11208 (A vulnerability was found in Apereo CAS 6.6
and classified as pr
CVE-2024-11207 (A vulnerability has been found in Apereo CAS 6.6 and
classified as pro ...)
NOT-FOR-US: Apereo CAS
CVE-2024-11136 (The default TCL Camera application exposes a provider
vulnerable to pa ...)
- TODO: check
+ NOT-FOR-US: TCL
CVE-2024-10962 (The Migration, Backup, Staging \u2013 WPvivid plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2024-10921 (An authorized user may trigger crashes or receive the contents
of buff ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb520a5b76f67c62f2d717594b9a682bd4312adc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb520a5b76f67c62f2d717594b9a682bd4312adc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
