Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7ab64d94 by Moritz Muehlenhoff at 2024-12-10T13:58:10+01:00
NFUs
drop confirmed TODO item
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -783,7 +783,7 @@ CVE-2024-42196 (HCL Launch stores potentially sensitive
information in log files
CVE-2024-30129 (The HTTP host header can be manipulated and cause the
application to b ...)
NOT-FOR-US: HCL
CVE-2024-21571 (Snyk has identified a remote code execution (RCE)
vulnerability in all ...)
- TODO: check
+ NOT-FOR-US: Snyk Code Agent
CVE-2024-12254 (Starting in Python 3.12.0, the
asyncio._SelectorSocketTransport.writel ...)
- python3.13 <unfixed> (bug #1089235)
- python3.12 <unfixed> (bug #1089236)
@@ -794,7 +794,6 @@ CVE-2024-12254 (Starting in Python 3.12.0, the
asyncio._SelectorSocketTransport.
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/
NOTE:
https://github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82
(3.13-branch)
NOTE:
https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5
(3.12-branch)
- TODO: Double-check affected status for python3.11
CVE-2024-12155 (The SV100 Companion plugin for WordPress is vulnerable to
unauthorized ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12110 (The Gold Addons for Elementor plugin for WordPress is
vulnerable to un ...)
@@ -854,15 +853,15 @@ CVE-2024-10879 (The ForumWP \u2013 Forum & Discussion
Board plugin for WordPress
CVE-2024-10849 (The NewsMash theme for WordPress is vulnerable to Stored
Cross-Site Sc ...)
NOT-FOR-US: WordPress plugin
CVE-2024-10776 (Lua apps can be deployed, removed, started, reloaded or
stopped withou ...)
- TODO: check
+ NOT-FOR-US: SICK
CVE-2024-10774 (Unauthenticated CROWN APIs allow access to critical functions.
This le ...)
- TODO: check
+ NOT-FOR-US: SICK
CVE-2024-10773 (The product is vulnerable to pass-the-hash attacks in
combination with ...)
- TODO: check
+ NOT-FOR-US: SICK
CVE-2024-10772 (Since the firmware update is not validated, an attacker can
install mo ...)
- TODO: check
+ NOT-FOR-US: SICK
CVE-2024-10771 (Due to missing input validation during one step of the
firmware update ...)
- TODO: check
+ NOT-FOR-US: SICK
CVE-2024-10692 (The PowerPack Elementor Addons (Free Widgets, Extensions and
Templates ...)
NOT-FOR-US: WordPress plugin
CVE-2024-10689 (The XLTab \u2013 Accordions and Tabs for Elementor Page
Builder plugin ...)
@@ -2187,7 +2186,7 @@ CVE-2024-53505 (A SQL injection vulnerability has been
identified in Siyuan 3.1.
CVE-2024-53504 (A SQL injection vulnerability has been identified in Siyuan
3.1.11 via ...)
NOT-FOR-US: Siyuan
CVE-2024-52810 (@intlify/shared is a shared library for the intlify project.
The lates ...)
- TODO: check
+ NOT-FOR-US: intlify
CVE-2024-52809 (vue-i18n is an internationalization plugin for Vue.js. In
affected ve ...)
NOT-FOR-US: vue-i18n plugin for Vue.js
CVE-2024-52801 (sftpgo is a full-featured and highly configurable event-driven
file tr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ab64d94f3fbf734dd41b3960765c0346df036c3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ab64d94f3fbf734dd41b3960765c0346df036c3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
