Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2eefd8e9 by Moritz Muehlenhoff at 2024-06-03T18:02:41+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,11 +1,11 @@ CVE-2024-5590 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) - TODO: check + NOT-FOR-US: Netentsec CVE-2024-5589 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) - TODO: check + NOT-FOR-US: Netentsec CVE-2024-5311 (DigiWin EasyFlow .NET lacks validation for certain input parameters. A ...) - TODO: check + NOT-FOR-US: DigiWin EasyFlow .NET CVE-2024-37031 (The Active Admin (aka activeadmin) framework before 3.2.2 for Ruby on ...) - TODO: check + NOT-FOR-US: Active Admin (aka activeadmin) framework CVE-2024-36964 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.8.11-1 [bullseye] - linux 5.10.218-1 @@ -32,47 +32,47 @@ CVE-2024-36960 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux 5.10.218-1 NOTE: https://git.kernel.org/linus/a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c (6.9-rc7) CVE-2024-36042 (Silverpeas before 6.3.5 allows authentication bypass by omitting the P ...) - TODO: check + NOT-FOR-US: Silverpeas CVE-2024-35643 (Cross Site Scripting (XSS) vulnerability in Xabier Miranda WP Back But ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-35642 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-35641 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-35640 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31493 (An improper removal of sensitive information before storage or transfe ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2024-23107 (An exposure of sensitive information to an unauthorized actor vulnerab ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2024-20075 (In eemgpu, there is a possible out of bounds write due to a missing bo ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20074 (In dmc, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20073 (In wlan service, there is a possible out of bounds write due to improp ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20072 (In wlan driver, there is a possible out of bounds write due to imprope ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20071 (In wlan driver, there is a possible out of bounds read due to improper ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20070 (In modem, there is a possible information disclosure due to using risk ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20069 (In modem, there is a possible selection of less-secure algorithm durin ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20068 (In modem, there is a possible system crash due to improper input valid ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20067 (In modem, there is a possible out of bounds write due to improper inpu ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20066 (In modem, there is a possible out of bounds write due to an incorrect ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-20065 (In telephony, there is a possible information disclosure due to a miss ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-51436 (Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX ver ...) - TODO: check + NOT-FOR-US: UNIVERSAL PASSPORT RX CVE-2023-48789 (A client-side enforcement of server-side security in Fortinet FortiPor ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2023-42427 (Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX ver ...) - TODO: check + NOT-FOR-US: UNIVERSAL PASSPORT RX CVE-2024-5588 (A vulnerability was found in itsourcecode Learning Management System 1 ...) NOT-FOR-US: itsourcecode Learning Management System CVE-2024-5587 (A vulnerability was found in Casdoor up to 1.335.0. It has been classi ...) @@ -205,7 +205,7 @@ CVE-2024-36843 (libmodbus v3.1.6 was discovered to contain a heap overflow via t CVE-2024-36120 (javascript-deobfuscator removes common JavaScript obfuscation techniqu ...) TODO: check CVE-2024-36108 (casgate is an Open Source Identity and Access Management system. In af ...) - TODO: check + NOT-FOR-US: casgate CVE-2024-35196 (Sentry is a developer-first error tracking and performance monitoring ...) NOT-FOR-US: Sentry CVE-2024-35142 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a ...) @@ -307,7 +307,7 @@ CVE-2024-37017 (asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-re CVE-2024-36246 (Missing authorization vulnerability exists in Unifier and Unifier Cast ...) NOT-FOR-US: Unifier and Unifier Cast CVE-2024-36119 (Statamic is a, Laravel + Git powered CMS designed for building website ...) - TODO: check + NOT-FOR-US: Statamic CVE-2024-32850 (Improper neutralization of special elements used in a command ('Comman ...) NOT-FOR-US: SkyBridge CVE-2024-2793 (The Visual Website Collaboration, Feedback & Project Management \u2013 ...) @@ -976,7 +976,7 @@ CVE-2024-36016 (In the Linux kernel, the following vulnerability has been resolv CVE-2024-35512 (An issue in hmq v1.5.5 allows attackers to cause a Denial of Service ( ...) TODO: check CVE-2024-35492 (Cesanta Mongoose commit b316989 was discovered to contain a NULL point ...) - TODO: check + NOT-FOR-US: Cesenta Mongoose CVE-2024-35434 (Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow ...) - sngrep <unfixed> (unimportant) NOTE: https://github.com/inputzero/Security-Advisories/blob/main/CVE-XXXX-XXXX.md @@ -986,7 +986,7 @@ CVE-2024-35434 (Irontec Sngrep v1.8.1 was discovered to contain a heap buffer ov CVE-2024-35333 (A stack-buffer-overflow vulnerability exists in the read_charset_decl ...) TODO: check CVE-2024-35311 (Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0 ...) - TODO: check + NOT-FOR-US: Yubico YubiKey CVE-2024-35284 (A vulnerability in the legacy chat component of Mitel MiContact Center ...) NOT-FOR-US: Mitel CVE-2024-35283 (A vulnerability in the Ignite component of Mitel MiContact Center Busi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2eefd8e9fdf6be3768a86e5febfc7fcff60a97d9 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2eefd8e9fdf6be3768a86e5febfc7fcff60a97d9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits