Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e30d0302 by Moritz Muehlenhoff at 2024-05-29T11:29:48+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,11 +15,11 @@ CVE-2024-3937 (The Playlist for Youtube WordPress plugin
through 1.32 does not s
CVE-2024-3921 (The Gianism WordPress plugin through 5.1.0 does not sanitise
and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3050 (The Site Reviews WordPress plugin before 7.0.0 retrieves client
IP add ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-36112 (Nautobot is a Network Source of Truth and Network Automation
Platform. ...)
- TODO: check
+ NOT-FOR-US: Nautobot
CVE-2024-35548 (A SQL injection vulnerability in Mybatis plus versions below
3.5.6 all ...)
- TODO: check
+ NOT-FOR-US: Mybatis
CVE-2024-35511 (phpgurukul Men Salon Management System v2.0 is vulnerable to
SQL Injec ...)
NOT-FOR-US: phpgurukul Men Salon Management System
CVE-2024-35240 (Umbraco Commerce is an open source dotnet ecommerce solution.
In affec ...)
@@ -29,17 +29,17 @@ CVE-2024-35239 (Umbraco Commerce is an open source dotnet
web forms solution. In
CVE-2024-35226 (Smarty is a template engine for PHP, facilitating the
separation of pr ...)
TODO: check
CVE-2024-23580 (HCL DRYiCE Optibot Reset Station is impacted byinsecure
encryption of ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-23579 (HCL DRYiCE Optibot Reset Station is impacted by insecure
encryption of ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-22641 (TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular
Express ...)
TODO: check
CVE-2024-21512 (Versions of the package mysql2 before 3.9.8 are vulnerable to
Prototyp ...)
- TODO: check
+ NOT-FOR-US: Node mysql2
CVE-2024-0434 (The WordPress Tour & Travel Booking Plugin for WooCommerce
\u2013 WpTr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6743 (The Unlimited Elements For Elementor (Free Widgets, Addons,
Templates) ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-36015 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e (6.10-rc1)
@@ -74,13 +74,13 @@ CVE-2024-36472 (In GNOME Shell through 45.7, a portal
helper can be launched aut
- gnome-shell <unfixed> (bug #1072124)
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688
CVE-2024-36110 (ansibleguy-webui is an open source WebUI for using Ansible.
Multiple f ...)
- TODO: check
+ NOT-FOR-US: ansibleguy-webui
CVE-2024-36109 (CoCalc is web-based software that enables collaboration in
research, t ...)
- TODO: check
+ NOT-FOR-US: CoCalc
CVE-2024-36107 (MinIO is a High Performance Object Storage released under GNU
Affero G ...)
- minio <itp> (bug #859207)
CVE-2024-35621 (A cross-site scripting (XSS) vulnerability in the Edit
function of For ...)
- TODO: check
+ NOT-FOR-US: Formwork
CVE-2024-35583 (A cross-site scripting (XSS) vulnerability in Sourcecodester
Laborator ...)
NOT-FOR-US: Sourcecodester Laboratory Management System
CVE-2024-35582 (A cross-site scripting (XSS) vulnerability in Sourcecodester
Laborator ...)
@@ -88,7 +88,7 @@ CVE-2024-35582 (A cross-site scripting (XSS) vulnerability in
Sourcecodester Lab
CVE-2024-35581 (A cross-site scripting (XSS) vulnerability in Sourcecodester
Laborator ...)
NOT-FOR-US: Sourcecodester Laboratory Management System
CVE-2024-35563 (CDG-Server-V5.6.2.126.139 and earlier was discovered to
contain a SQL ...)
- TODO: check
+ NOT-FOR-US: CDG-Server
CVE-2024-35510 (An arbitrary file upload vulnerability in
/dede/file_manage_control.ph ...)
NOT-FOR-US: DedeCMS
CVE-2024-35403 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to
contain a sta ...)
@@ -144,13 +144,13 @@ CVE-2024-33450 (SQL Injection in Finereport v.8.0 allows
a remote attacker to ob
CVE-2024-33402 (A SQL injection vulnerability in /model/approve_petty_cash.php
in camp ...)
NOT-FOR-US: campcodes Complete Web-Based School Management System
CVE-2024-30212 (If a SCSI READ(10) command is initiated via USB using the
largest LBA ...)
- TODO: check
+ NOT-FOR-US: Microchip MPLAB
CVE-2024-30165 (Amazon AWS Client VPN before 3.9.1 on macOS has a buffer
overflow that ...)
NOT-FOR-US: Amazon AWS Client VPN
CVE-2024-30164 (Amazon AWS Client VPN has a buffer overflow that could
potentially all ...)
NOT-FOR-US: Amazon AWS Client VPN
CVE-2024-2451 (Improper fingerprint validation in the TeamViewer Client (Full
& Host) ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2024-2199 (A denial of service vulnerability was found in 389-ds-base ldap
server ...)
TODO: check
CVE-2024-29072 (A privilege escalation vulnerability exists in the Foxit
Reader 2024.2 ...)
@@ -160,7 +160,7 @@ CVE-2024-28061 (An issue was discovered in Apiris Kafeo
6.4.4. It permits a bypa
CVE-2024-28060 (An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL
hijackin ...)
NOT-FOR-US: Apiris Kafeo
CVE-2024-26024 (SUBNET Solutions Inc. has identified vulnerabilities in
third-party co ...)
- TODO: check
+ NOT-FOR-US: SUBNET Substation Server
CVE-2024-24963 (A stack-based buffer overflow vulnerability exists in the
Programming ...)
NOT-FOR-US: AutomationDirect
CVE-2024-24962 (A stack-based buffer overflow vulnerability exists in the
Programming ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e30d030287f7102a19f75c42f578523a42bde16e
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e30d030287f7102a19f75c42f578523a42bde16e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
