Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2f8f5eb9 by Moritz Muehlenhoff at 2024-04-11T13:38:21+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22,15 +22,15 @@ CVE-2024-3612 (A vulnerability was found in SourceCodester
Warehouse Management
CVE-2024-3285 (The Slider, Gallery, and Carousel by MetaSlider \u2013
Responsive Word ...)
NOT-FOR-US: WordPress plugin
CVE-2024-32001 (SpiceDB is a graph database purpose-built for storing and
evaluating a ...)
- TODO: check
+ NOT-FOR-US: SpiceDB
CVE-2024-31999 (@festify/secure-session creates a secure stateless cookie
session for ...)
- TODO: check
+ NOT-FOR-US: @festify/secure-session
CVE-2024-31997 (XWiki Platform is a generic wiki platform. Prior to versions
4.10.19, ...)
NOT-FOR-US: XWiki
CVE-2024-31996 (XWiki Platform is a generic wiki platform. Starting in version
3.0.1 a ...)
NOT-FOR-US: XWiki
CVE-2024-31995 (`@digitalbazaar/zcap` provides JavaScript reference
implementation for ...)
- TODO: check
+ NOT-FOR-US: @digitalbazaar/zcap
CVE-2024-31988 (XWiki Platform is a generic wiki platform. Starting in version
13.9-rc ...)
NOT-FOR-US: XWiki
CVE-2024-31987 (XWiki Platform is a generic wiki platform. Starting in version
6.4-mil ...)
@@ -46,73 +46,73 @@ CVE-2024-30916 (An issue was discovered in eProsima FastDDS
v.2.14.0 and before,
CVE-2024-30915 (An issue was discovered in OpenDDS commit
b1c534032bb62ad4ae32609778de ...)
TODO: check
CVE-2024-30885 (Reflected Cross-Site Scripting (XSS) vulnerability in HadSky
v7.6.3, a ...)
- TODO: check
+ NOT-FOR-US: HadSky
CVE-2024-30884 (Reflected Cross-Site Scripting (XSS) vulnerability in Discuz!
version ...)
- TODO: check
+ NOT-FOR-US: Discuz!
CVE-2024-30883 (Reflected Cross Site Scripting (XSS) vulnerability in
RageFrame2 v2.6. ...)
- TODO: check
+ NOT-FOR-US: RageFrame2
CVE-2024-30880 (Reflected Cross Site Scripting (XSS) vulnerability in
RageFrame2 v2.6. ...)
- TODO: check
+ NOT-FOR-US: RageFrame2
CVE-2024-30879 (Reflected Cross Site Scripting (XSS) vulnerability in
RageFrame2 v2.6. ...)
- TODO: check
+ NOT-FOR-US: RageFrame2
CVE-2024-30878 (A cross-site scripting (XSS) vulnerability in RageFrame2
v2.6.43, allo ...)
- TODO: check
+ NOT-FOR-US: RageFrame2
CVE-2024-30728 (An issue was discovered in the default configurations of ROS
(Robot Op ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never
reported either
CVE-2024-2966 (The Element Pack Elementor Addons (Header Footer, Template
Library, Dy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29903 (Cosign provides code signing and transparency for containers
and binar ...)
- TODO: check
+ NOT-FOR-US: Cosign
CVE-2024-29902 (Cosign provides code signing and transparency for containers
and binar ...)
- TODO: check
+ NOT-FOR-US: Cosign
CVE-2024-29504 (Cross Site Scripting vulnerability in Summernote v.0.8.18 and
before a ...)
- TODO: check
+ NOT-FOR-US: Summernote
CVE-2024-29460 (An issue in PX4 Autopilot v.1.14.0 allows an attacker to
manipulate th ...)
- TODO: check
+ NOT-FOR-US: PX4 Autopilot
CVE-2024-29455 (An arbitrary file upload vulnerability has been discovered in
ROS2 Hum ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never
reported either
CVE-2024-29452 (An insecure deserialization vulnerability has been identified
in ROS2 ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never
reported either
CVE-2024-29450 (An issue has been discovered in the permission and access
control comp ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never
reported either
CVE-2024-29449 (An issue was discovered in ROS2 Humble Hawksbill in
ROS_VERSION 2 and ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never
reported either
CVE-2024-29448 (A buffer overflow vulnerability has been discovered in the C++
compone ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never
reported either
CVE-2024-29447 (An issue was discovered in the default configurations of ROS2
Humble H ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never
reported either
CVE-2024-29445 (An issue was discovered in ROS2 (Robot Operating System 2)
Humble Hawk ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never
reported either
CVE-2024-29444 (An OS command injection vulnerability has been discovered in
ROS2 (Rob ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never
reported either
CVE-2024-29443 (A shell injection vulnerability was discovered in ROS2 (Robot
Operatin ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never
reported either
CVE-2024-29441 (An issue was discovered in ROS2 (Robot Operating System 2)
Humble Hawk ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never
reported either
CVE-2024-29439 (An unauthorized node injection vulnerability has been
identified in RO ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never
reported either
CVE-2024-29399 (An issue was discovered in GNU Savane v.3.13 and before,
allows a remo ...)
- TODO: check
+ NOT-FOR-US: GNU Savane
CVE-2024-29220 (Ninja Forms prior to 3.8.1 contains a cross-site scripting
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-26362 (HTML injection vulnerability in Enpass Password Manager
Desktop Client ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-26019 (Ninja Forms prior to 3.8.1 contains a cross-site scripting
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25572 (Cross-site request forgery (CSRF) vulnerability exists in
Ninja Forms ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-21508 (Versions of the package mysql2 before 3.9.4 are vulnerable to
Remote C ...)
- TODO: check
+ NOT-FOR-US: Node mysql2
CVE-2023-6811 (The Language Translate Widget for WordPress \u2013 ConveyThis
plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6257 (The Inline Related Posts WordPress plugin before 3.6.0 does not
ensure ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3570 (A stored Cross-Site Scripting (XSS) vulnerability exists in the
chat f ...)
- TODO: check
+ NOT-FOR-US: anything-llm
CVE-2024-3569 (A Denial of Service (DoS) vulnerability exists in the
mintplex-labs/an ...)
- TODO: check
+ NOT-FOR-US: anything-llm
CVE-2024-3568 (The huggingface/transformers library is vulnerable to arbitrary
code e ...)
- TODO: check
+ NOT-FOR-US: huggingface/transformers
CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in
the upda ...)
- qemu <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274339
@@ -144,17 +144,17 @@ CVE-2024-3383 (A vulnerability in how Palo Alto Networks
PAN-OS software process
CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that
enable ...)
NOT-FOR-US: Palo Alto Networks
CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with
manage ...)
- TODO: check
+ NOT-FOR-US: anything-llm
CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome
prior to 1 ...)
- chromium 123.0.6312.122-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-3101 (In mintplex-labs/anything-llm, an improper input validation
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: anything-llm
CVE-2024-3098 (A vulnerability was identified in the `exec_utils` class of the
`llama ...)
- TODO: check
+ NOT-FOR-US: anything-llm
CVE-2024-3025 (mintplex-labs/anything-llm is vulnerable to path traversal
attacks due ...)
- TODO: check
+ NOT-FOR-US: anything-llm
CVE-2024-31984 (XWiki Platform is a generic wiki platform. Starting in version
7.2-rc- ...)
NOT-FOR-US: XWiki
CVE-2024-31983 (XWiki Platform is a generic wiki platform. In multilingual
wikis, tran ...)
@@ -240,7 +240,7 @@ CVE-2024-31230 (Missing Authorization vulnerability in
ShortPixel ShortPixel Ada
CVE-2024-31214 (Traccar is an open source GPS tracking system. Traccar
versions 5.1 th ...)
NOT-FOR-US: Traccar
CVE-2024-2952 (BerriAI/litellm is vulnerable to Server-Side Template Injection
(SSTI) ...)
- TODO: check
+ NOT-FOR-US: BerriAI/litellm
CVE-2024-2731 (Users with low privileges (all permissions deselected in the
administr ...)
NOT-FOR-US: Mautic
CVE-2024-2730 (Mautic uses predictable page indices for unpublished landing
pages, th ...)
@@ -248,13 +248,13 @@ CVE-2024-2730 (Mautic uses predictable page indices for
unpublished landing page
CVE-2024-2221 (qdrant/qdrant is vulnerable to a path traversal and arbitrary
file upl ...)
NOT-FOR-US: qdrant
CVE-2024-2217 (gaizhenbiao/chuanhuchatgpt is vulnerable to improper access
control, a ...)
- TODO: check
+ NOT-FOR-US: gaizhenbiao/chuanhuchatgpt
CVE-2024-2196 (aimhubio/aim is vulnerable to Cross-Site Request Forgery
(CSRF), allow ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-2195 (A critical Remote Code Execution (RCE) vulnerability was
identified in ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-2029 (A command injection vulnerability exists in the
`TranscriptEndpoint` o ...)
- TODO: check
+ NOT-FOR-US: mudler/localai
CVE-2024-29502 (An issue in Secure Lockdown Multi Application Edition
v2.00.219 allows ...)
NOT-FOR-US: Secure Lockdown Multi Application
CVE-2024-29500 (An issue in the kiosk mode of Secure Lockdown Multi
Application Editio ...)
@@ -324,11 +324,11 @@ CVE-2024-20758 (Adobe Commerce versions 2.4.6-p4,
2.4.5-p6, 2.4.4-p7, 2.4.7-beta
CVE-2024-20737 (After Effects versions 24.1, 23.6.2 and earlier are affected
by an out ...)
NOT-FOR-US: Adobe
CVE-2024-1902 (lunary-ai/lunary is vulnerable to a session reuse attack,
allowing a r ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-1741 (lunary-ai/lunary version 1.0.1 is vulnerable to improper
authorization ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-1740 (In lunary-ai/lunary version 1.0.1, a vulnerability exists where
a user ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-1728 (gradio-app/gradio is vulnerable to a local file inclusion
vulnerabilit ...)
NOT-FOR-US: Gradio
CVE-2024-1643 (By knowing an organization's ID, an attacker can join the
organization ...)
@@ -340,7 +340,7 @@ CVE-2024-1602 (parisneo/lollms-webui is vulnerable to
stored Cross-Site Scriptin
CVE-2024-1600 (A Local File Inclusion (LFI) vulnerability exists in the
parisneo/loll ...)
TODO: check
CVE-2024-1599 (lunary-ai/lunary version 0.3.0 is vulnerable to unauthorized
project c ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-1520 (An OS Command Injection vulnerability exists in the
'/open_code_folder ...)
TODO: check
CVE-2024-1511 (The parisneo/lollms-webui repository is susceptible to a path
traversa ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f8f5eb91656545f1fe2911d3fbb657f0ae87da7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f8f5eb91656545f1fe2911d3fbb657f0ae87da7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
