Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1cceb72c by Salvatore Bonaccorso at 2024-05-06T22:30:12+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -75,7 +75,7 @@ CVE-2024-34529 (Nebari through 2024.4.1 prints the temporary
Keycloak root passw
CVE-2024-34528 (WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py
TOCTOU race ...)
TODO: check
CVE-2024-34527 (spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print
stateme ...)
- TODO: check
+ NOT-FOR-US: SolidUI
CVE-2024-34525 (FileCodeBox 2.0 stores a OneDrive password and AWS key in a
cleartext ...)
NOT-FOR-US: FileCodeBox
CVE-2024-34524 (In XLANG OpenAgents through fe73ac4, the allowed_file
protection mecha ...)
@@ -149,15 +149,15 @@ CVE-2024-34249 (wasm3 v0.5.0 was discovered to contain a
heap buffer overflow wh
CVE-2024-34246 (wasm3 v0.5.0 was discovered to contain an out-of-bound memory
read whi ...)
TODO: check
CVE-2024-34093 (An issue was discovered in Archer Platform 6 before 2024.03.
There is ...)
- TODO: check
+ NOT-FOR-US: Archer Platform
CVE-2024-34092 (An issue was discovered in Archer Platform 6 before 2024.04.
Authentic ...)
- TODO: check
+ NOT-FOR-US: Archer Platform
CVE-2024-34091 (An issue was discovered in Archer Platform 6 before 2024.04.
There is ...)
- TODO: check
+ NOT-FOR-US: Archer Platform
CVE-2024-34090 (An issue was discovered in Archer Platform 6 before 2024.04.
There is ...)
- TODO: check
+ NOT-FOR-US: Archer Platform
CVE-2024-34089 (An issue was discovered in Archer Platform 6 before 2024.04.
There is ...)
- TODO: check
+ NOT-FOR-US: Archer Platform
CVE-2024-34078 (html-sanitizer is an allowlist-based HTML cleaner. If using
`keep_typo ...)
TODO: check
CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The
debugger ...)
@@ -165,73 +165,73 @@ CVE-2024-34069 (Werkzeug is a comprehensive WSGI web
application library. The de
CVE-2024-34064 (Jinja is an extensible templating engine. The `xmlattr` filter
in affe ...)
TODO: check
CVE-2024-33912 (Missing Authorization vulnerability in Academy LMS.This issue
affects ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33910 (Missing Authorization vulnerability in Supsystic Digital
Publications ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33908 (Missing Authorization vulnerability in Themesgrove
WidgetKit.This issu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33907 (Missing Authorization vulnerability in Michael Nelson Print My
Blog.Th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33830 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
- TODO: check
+ NOT-FOR-US: idccms
CVE-2024-33829 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
- TODO: check
+ NOT-FOR-US: idccms
CVE-2024-33788 (Linksys E5600 v1.1.0.26 was discovered to contain a command
injection ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-33753 (Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier
versions allo ...)
- TODO: check
+ NOT-FOR-US: Section Camera
CVE-2024-33752 (An arbitrary file upload vulnerability exists in emlog pro
2.3.0 and p ...)
- TODO: check
+ NOT-FOR-US: Emlog Pro
CVE-2024-33749 (DedeCMS V5.7.114 is vulnerable to deletion of any file via
mail_file_m ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2024-33576 (Missing Authorization vulnerability in Ollybach WPPizza.This
issue aff ...)
- TODO: check
+ NOT-FOR-US: Ollybach WPPizza
CVE-2024-33570 (Missing Authorization vulnerability in Wpmet Metform Elementor
Contact ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33411 (A SQL injection vulnerability in /model/get_admin_profile.php
in Campc ...)
- TODO: check
+ NOT-FOR-US: Campcodes Complete Web-Based School Management System
CVE-2024-33410 (SQL injection vulnerability in /model/delete_range_grade.php
in campco ...)
- TODO: check
+ NOT-FOR-US: Campcodes Complete Web-Based School Management System
CVE-2024-33409 (SQL injection vulnerability in index.php in campcodes Complete
Web-Bas ...)
- TODO: check
+ NOT-FOR-US: Campcodes Complete Web-Based School Management System
CVE-2024-33408 (A SQL injection vulnerability in /model/get_classroom.php in
campcodes ...)
- TODO: check
+ NOT-FOR-US: Campcodes Complete Web-Based School Management System
CVE-2024-33407 (SQL injection vulnerability in /model/delete_record.php in
campcodes C ...)
- TODO: check
+ NOT-FOR-US: Campcodes Complete Web-Based School Management System
CVE-2024-33406 (SQL injection vulnerability in
/model/delete_student_grade_subject.php ...)
- TODO: check
+ NOT-FOR-US: Campcodes Complete Web-Based School Management System
CVE-2024-33405 (SQL injection vulnerability in add_friends.php in campcodes
Complete W ...)
- TODO: check
+ NOT-FOR-US: Campcodes Complete Web-Based School Management System
CVE-2024-33404 (A SQL injection vulnerability in
/model/add_student_first_payment.php ...)
- TODO: check
+ NOT-FOR-US: Campcodes Complete Web-Based School Management System
CVE-2024-33403 (A SQL injection vulnerability in /model/get_events.php in
campcodes Co ...)
- TODO: check
+ NOT-FOR-US: Campcodes Complete Web-Based School Management System
CVE-2024-33294 (An issue in Library System using PHP/MySQli with Source Code
V1.0 allo ...)
- TODO: check
+ NOT-FOR-US: Library System using PHP/MySQli with Source Code
CVE-2024-33121 (Roothub v2.6 was discovered to contain a SQL injection
vulnerability v ...)
- TODO: check
+ NOT-FOR-US: Roothub
CVE-2024-33118 (LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary
read vulne ...)
- TODO: check
+ NOT-FOR-US: LuckyFrameWeb
CVE-2024-33117 (crmeb_java v1.3.4 was discovered to contain a Server-Side
Request Forg ...)
TODO: check
CVE-2024-33113 (D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information
disclosurey ...)
- TODO: check
+ NOT-FOR-US: D-LINK
CVE-2024-33112 (D-Link DIR-845L router v1.01KRb03 and before is vulnerable to
Command ...)
- TODO: check
+ NOT-FOR-US: D-LINK
CVE-2024-33111 (D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross
Site Script ...)
- TODO: check
+ NOT-FOR-US: D-LINK
CVE-2024-33110 (D-Link DIR-845L router v1.01KRb03 and before is vulnerable to
Permissi ...)
- TODO: check
+ NOT-FOR-US: D-LINK
CVE-2024-32982 (Litestar and Starlite is an Asynchronous Server Gateway
Interface (ASG ...)
TODO: check
CVE-2024-32972 (go-ethereum (geth) is a golang execution layer implementation
of the E ...)
TODO: check
CVE-2024-32807 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2041
REJECTED
CVE-2024-26312 (Archer Platform 6 before 2024.03 contains a sensitive
information disc ...)
- TODO: check
+ NOT-FOR-US: Archer Platform
CVE-2024-23354 (Memory corruption when the IOCTL call is interrupted by a
signal.)
TODO: check
CVE-2024-23351 (Memory corruption as GPU registers beyond the last protected
range can ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cceb72cef5ae14e7da4acdaf9e316683b3a01c5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cceb72cef5ae14e7da4acdaf9e316683b3a01c5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
