Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f207610c by Moritz Muehlenhoff at 2024-11-22T16:16:57+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2024-7016 (Improper Neutralization of Input During Web
Page Generation (XSS
CVE-2024-53432 (While parsing certain malformed PLY files, PCL version 1.14.1
crashes ...)
TODO: check
CVE-2024-53429 (Open62541 v1.4.6 is has an assertion failure in
fuzz_binary_decode, wh ...)
- TODO: check
+ - open62541 <itp> (bug #985909)
CVE-2024-53426 (A heap-buffer-overflow vulnerability has been identified in
ntopng 6.2 ...)
- ntopng <unfixed> (unimportant)
NOTE: Crash in CLI tool, no security impact
@@ -31,11 +31,11 @@ CVE-2024-53334 (TOTOLINK A810R V4.1.2cu.5182_B20201026 is
vulnerable to Buffer O
CVE-2024-53333 (TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a
command i ...)
NOT-FOR-US: TOTOLINK
CVE-2024-52803 (LLama Factory enables fine-tuning of large language models. A
critical ...)
- TODO: check
+ NOT-FOR-US: LLama Factory
CVE-2024-52799 (Argo Workflows Chart is used to set up argo and its needed
dependencie ...)
- TODO: check
+ NOT-FOR-US: Argo Workflows Chart
CVE-2024-52309 (SFTPGo is a full-featured and highly configurable SFTP,
HTTP/S, FTP/S ...)
- TODO: check
+ NOT-FOR-US: SFTPGo
CVE-2024-52307 (authentik is an open-source identity provider. Due to the
usage of a n ...)
NOT-FOR-US: authentik
CVE-2024-52289 (authentik is an open-source identity provider. Redirect URIs
in the OA ...)
@@ -57,19 +57,19 @@ CVE-2024-51367 (An arbitrary file upload vulnerability in
the component \Users\u
CVE-2024-51366 (An arbitrary file upload vulnerability in the component
\Roaming\Omega ...)
NOT-FOR-US: OmegaT
CVE-2024-51365 (An arbitrary file upload vulnerability in the importSettings
method of ...)
- TODO: check
+ NOT-FOR-US: VisiCut
CVE-2024-51364 (An arbitrary file upload vulnerability in ModbusMechanic v3.0
allows a ...)
NOT-FOR-US: ModbusMechanic
CVE-2024-51337 (Cross Site Scripting vulnerability in Gibbon before v.27.0.01
and fixe ...)
NOT-FOR-US: GibbonEdu Gibbon
CVE-2024-49588 (Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to
0.543.0 ...)
- TODO: check
+ NOT-FOR-US: oracle-sidecar
CVE-2024-49529 (InDesign Desktop versions 19.0, 20.0 and earlier are affected
by an ou ...)
NOT-FOR-US: Adobe
CVE-2024-48747 (An issue in alist-tvbox v1.7.1 allows a remote attacker to
execute arb ...)
- TODO: check
+ NOT-FOR-US: alist-tvbox
CVE-2024-48288 (TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to
command inject ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-48286 (Linksys E3000 1.0.06.002_US is vulnerable to command injection
via the ...)
NOT-FOR-US: Linksys E3000
CVE-2024-47142 (AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and
IXG-2C7-L ...)
@@ -117,7 +117,7 @@ CVE-2024-11590 (A vulnerability, which was classified as
critical, has been foun
CVE-2024-11589 (A vulnerability classified as critical was found in
itsourcecode Tailo ...)
NOT-FOR-US: itsourcecode Tailoring Management System
CVE-2024-11588 (A vulnerability was found in AVL-DiTEST-DiagDev libdoip 1.0.0.
It has ...)
- TODO: check
+ NOT-FOR-US: AVL-DiTEST-DiagDev
CVE-2024-11587 (A vulnerability was found in idcCMS 1.60. It has been
classified as pr ...)
NOT-FOR-US: idcCMS
CVE-2024-11456 (The Run Contests, Raffles, and Giveaways with ContestsWP
plugin for Wo ...)
@@ -357,13 +357,13 @@ CVE-2024-45511 (An issue was discovered in Zimbra
Collaboration (ZCS) through 10
CVE-2024-45510 (An issue was discovered in Zimbra Collaboration (ZCS) through
10.0. Zi ...)
NOT-FOR-US: Zimbra
CVE-2024-44309 (A cookie management issue was addressed with improved state
management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44308 (The issue was addressed with improved checks. This issue is
fixed in S ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44307 (A buffer overflow issue was addressed with improved memory
handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44306 (A buffer overflow issue was addressed with improved memory
handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-33439 (An issue in Kasda LinkSmart Router KW5515 v1.7 and before
allows an au ...)
NOT-FOR-US: Kasda LinkSmart Router KW5515
CVE-2024-30896 (InfluxDB through 2.7.10 allows allAccess administrators to
retrieve al ...)
@@ -424,9 +424,9 @@ CVE-2024-11412 (The Shine PDF Embeder plugin for WordPress
is vulnerable to Stor
CVE-2024-11409 (The Grid View Gallery plugin for WordPress is vulnerable to
PHP Object ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11406 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Django CMS
CVE-2024-11404 (Unrestricted Upload of File with Dangerous Type, Improper
Input Valida ...)
- TODO: check
+ NOT-FOR-US: Django CMS
CVE-2024-11400 (The HUSKY \u2013 Products Filter Professional for WooCommerce
plugin f ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11388 (The Dino Game \u2013 Embed Google Chrome Dinosaur Game in
WordPress pl ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f207610c01b7f8940a7bbc80470abb0506c90390
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f207610c01b7f8940a7bbc80470abb0506c90390
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
