Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 18239b5e by Moritz Muehlenhoff at 2024-06-05T14:24:33+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -776,7 +776,7 @@ CVE-2024-31907 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross- CVE-2024-31889 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2024-31030 (An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote ...) - TODO: check + NOT-FOR-US: FreeCoAP CVE-2024-29848 (An unrestricted file upload vulnerability in web component of Ivanti A ...) NOT-FOR-US: Ivanti CVE-2024-29846 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) @@ -939,7 +939,7 @@ CVE-2024-4355 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Ant CVE-2024-4330 (A path traversal vulnerability was identified in the parisneo/lollms-w ...) NOT-FOR-US: parisneo/lollms-webui CVE-2024-3924 (A code injection vulnerability exists in the huggingface/text-generati ...) - TODO: check + NOT-FOR-US: huggingface/text-generation-inference CVE-2024-3584 (qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to ...) NOT-FOR-US: qdrant CVE-2024-3583 (The Simple Like Page Plugin plugin for WordPress is vulnerable to Stor ...) @@ -951,7 +951,7 @@ CVE-2024-3300 (An unsafe .NET object deserialization vulnerability in DELMIA Apr CVE-2024-36118 (MeterSphere is a test management and interface testing tool. In affect ...) NOT-FOR-US: MeterSphere CVE-2024-35504 (A cross-site scripting (XSS) vulnerability in the login page of FineSo ...) - TODO: check + NOT-FOR-US: FineSoft CVE-2024-35469 (A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Re ...) NOT-FOR-US: SourceCodester Human Resource Management System CVE-2024-35468 (A SQL injection vulnerability in /hrm/index.php in SourceCodester Huma ...) @@ -1466,7 +1466,7 @@ CVE-2024-3063 (The WPB Elementor Addons plugin for WordPress is vulnerable to St CVE-2024-36267 (Path traversal vulnerability exists in Redmine DMSF Plugin versions pr ...) NOT-FOR-US: Redmine DMSF Plugin CVE-2024-36114 (Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zst ...) - TODO: check + NOT-FOR-US: Aircompressor CVE-2024-35221 (Rubygems.org is the Ruby community's gem hosting service. A Gem publis ...) NOT-FOR-US: Rubygems.org gem hosting service CVE-2024-2253 (The Testimonial Carousel For Elementor plugin for WordPress is vulnera ...) @@ -1521,7 +1521,7 @@ CVE-2024-36016 (In the Linux kernel, the following vulnerability has been resolv - linux 6.8.12-1 NOTE: https://git.kernel.org/linus/47388e807f85948eefc403a8a5fdc5b406a65d5a (6.10-rc1) CVE-2024-35512 (An issue in hmq v1.5.5 allows attackers to cause a Denial of Service ( ...) - TODO: check + NOT-FOR-US: hmq CVE-2024-35492 (Cesanta Mongoose commit b316989 was discovered to contain a NULL point ...) NOT-FOR-US: Cesenta Mongoose CVE-2024-35434 (Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow ...) @@ -1531,7 +1531,7 @@ CVE-2024-35434 (Irontec Sngrep v1.8.1 was discovered to contain a heap buffer ov NOTE: Fixed by: https://github.com/irontec/sngrep/commit/da80ced1e3cf6321f748b08e145a829bcc3c90e5 NOTE: Crash in CLI tool, no security impact CVE-2024-35333 (A stack-buffer-overflow vulnerability exists in the read_charset_decl ...) - TODO: check + NOT-FOR-US: html2xhtml CVE-2024-35311 (Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0 ...) NOT-FOR-US: Yubico YubiKey CVE-2024-35284 (A vulnerability in the legacy chat component of Mitel MiContact Center ...) @@ -168524,19 +168524,19 @@ CVE-2022-28660 (The querier component in Grafana Enterprise Logs 1.1.x through 1 CVE-2022-28659 RESERVED CVE-2022-28658 (Apport argument parsing mishandles filename splitting on older kernels ...) - TODO: check + NOT-FOR-US: Apport CVE-2022-28657 (Apport does not disable python crash handler before entering chroot) - TODO: check + NOT-FOR-US: Apport CVE-2022-28656 (is_closing_session() allows users to consume RAM in the Apport process) - TODO: check + NOT-FOR-US: Apport CVE-2022-28655 (is_closing_session() allows users to create arbitrary tcp dbus connect ...) - TODO: check + NOT-FOR-US: Apport CVE-2022-28654 (is_closing_session() allows users to fill up apport.log) - TODO: check + NOT-FOR-US: Apport CVE-2022-28653 RESERVED CVE-2022-28652 (~/.config/apport/settings parsing is vulnerable to "billion laughs" at ...) - TODO: check + NOT-FOR-US: Apport CVE-2022-1235 (Weak secrethash can be brute-forced in GitHub repository livehelpercha ...) NOT-FOR-US: livehelperchat CVE-2022-1234 (XSS in livehelperchat in GitHub repository livehelperchat/livehelperch ...) @@ -194993,7 +194993,7 @@ CVE-2022-21824 (Due to the formatting logic of the "console.table()" function it NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#prototype-pollution-via-console-table-properties-low-cve-2022-21824 NOTE: https://github.com/nodejs/node/commit/be69403528da99bf3df9e1dc47186f18ba59cb5e (v12.x) CVE-2021-44534 (Insufficient user input filtering leads to arbitrary file read by non- ...) - TODO: check + NOT-FOR-US: ExpressionEngine CVE-2021-44533 (Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle m ...) {DSA-5170-1} - nodejs 12.22.9~dfsg-1 (bug #1004177) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18239b5ebe40d6af7f677a8cfb422f17f6f7aa51 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18239b5ebe40d6af7f677a8cfb422f17f6f7aa51 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits