Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 390d06e4 by Salvatore Bonaccorso at 2024-07-02T21:33:12+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -23,7 +23,7 @@ CVE-2024-5419 (The Void Contact Form 7 Widget For Elementor Page Builder plugin CVE-2024-5349 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) NOT-FOR-US: WordPress plugin CVE-2024-5322 (The N-central server is vulnerable to session rebinding of already aut ...) - TODO: check + NOT-FOR-US: N-able Technologies N-central Server CVE-2024-5219 (The Easy Google Maps plugin for WordPress is vulnerable to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2024-4679 (Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible ...) @@ -33,15 +33,15 @@ CVE-2024-4627 (The Rank Math SEO WordPress plugin before 1.0.219 does not sanit CVE-2024-3999 (The EazyDocs WordPress plugin before 2.5.0 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2024-3513 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-39314 (toy-blog is a headless content management system implementation. Start ...) - TODO: check + NOT-FOR-US: toy-blog CVE-2024-39313 (toy-blog is a headless content management system implementation. Start ...) - TODO: check + NOT-FOR-US: toy-blog CVE-2024-39310 (The Basil recipe theme for WordPress is vulnerable to Persistent Cross ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-39309 (Parse Server is an open source backend that can be deployed to any inf ...) - TODO: check + NOT-FOR-US: Parse Server CVE-2024-39305 (Envoy is a cloud-native, open source edge and service proxy. Prior to ...) TODO: check CVE-2024-38368 (trunk.cocoapods.org is the authentication server for the CoacoaPods de ...) @@ -51,29 +51,29 @@ CVE-2024-38367 (trunk.cocoapods.org is the authentication server for the CoacoaP CVE-2024-38366 (trunk.cocoapods.org is the authentication server for the CoacoaPods de ...) TODO: check CVE-2024-37765 (Machform up to version 19 is affected by an authenticated Blind SQL in ...) - TODO: check + NOT-FOR-US: Machform CVE-2024-37764 (MachForm up to version 19 is affected by an authenticated stored cross ...) - TODO: check + NOT-FOR-US: Machform CVE-2024-37763 (MachForm up to version 19 is affected by an unauthenticated stored cro ...) - TODO: check + NOT-FOR-US: Machform CVE-2024-37762 (MachForm up to version 21 is affected by an authenticated unrestricted ...) - TODO: check + NOT-FOR-US: Machform CVE-2024-37479 (Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-37134 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an impr ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-37133 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an impr ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-37132 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an inco ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-37126 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an impr ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-32854 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an impr ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-32853 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an exec ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-32852 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-32230 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size- ...) TODO: check CVE-2024-32229 (FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandsh ...) @@ -81,37 +81,37 @@ CVE-2024-32229 (FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_til CVE-2024-32228 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavc ...) TODO: check CVE-2024-2819 (Incorrect Default Permissions, Improper Preservation of Permissions vu ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2024-28200 (The N-central server is vulnerable to an authentication bypass of the ...) - TODO: check + NOT-FOR-US: N-able Technologies N-central Server CVE-2024-23737 (Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify ...) - TODO: check + NOT-FOR-US: savignano S/Notify CVE-2024-23736 (Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify ...) - TODO: check + NOT-FOR-US: savignano S/Notify CVE-2024-1427 (The The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Add ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0158 (Dell BIOS contains an improper input validation vulnerability. A local ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-41928 (The device is observed to accept deprecated TLS protocols, increasing ...) - TODO: check + NOT-FOR-US: Kiloview CVE-2023-41927 (The server supports at least one cipher suite which is on the NCSC-NL ...) - TODO: check + NOT-FOR-US: Kiloview CVE-2023-41926 (The webserver utilizes basic authentication for its user login to the ...) - TODO: check + NOT-FOR-US: Kiloview CVE-2023-41923 (The user management section of the web application permits the creatio ...) - TODO: check + NOT-FOR-US: Kiloview CVE-2023-41922 (A 'Cross-site Scripting' (XSS) vulnerability, characterized by imprope ...) - TODO: check + NOT-FOR-US: Kiloview CVE-2023-41921 (A vulnerability allows attackers to download source code or an executa ...) - TODO: check + NOT-FOR-US: Kiloview CVE-2023-41920 (The vulnerability allows attackers access to the root account without ...) - TODO: check + NOT-FOR-US: Kiloview CVE-2023-41919 (Hardcoded credentials are discovered within the application's source c ...) - TODO: check + NOT-FOR-US: Kiloview CVE-2023-41918 (A vulnerability allows unauthorized access to functionality inadequate ...) - TODO: check + NOT-FOR-US: Kiloview CVE-2023-41917 (Inadequate input validation exposes the system to potential remote cod ...) - TODO: check + NOT-FOR-US: Kiloview CVE-2024-6425 (Incorrect Provision of Specified Functionality vulnerability in MESboo ...) NOT-FOR-US: MESbook CVE-2024-6424 (External server-side request vulnerability in MESbook 20221021.03 vers ...) @@ -129,7 +129,7 @@ CVE-2024-39879 (In JetBrains TeamCity before 2024.03.3 application token could b CVE-2024-39878 (In JetBrains TeamCity before 2024.03.3 private key could be exposed vi ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-39853 (adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype p ...) - TODO: check + NOT-FOR-US: ratio-swiper Nodejs module CVE-2024-39430 (In faceid servive, there is a possible out of bounds write due to a mi ...) NOT-FOR-US: Unisoc CVE-2024-39429 (In faceid servive, there is a possible out of bounds write due to a mi ...) @@ -147,27 +147,27 @@ CVE-2024-39249 (Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Exp CVE-2024-39236 (Gradio v4.36.1 was discovered to contain a code injection vulnerabilit ...) NOT-FOR-US: Gradio CVE-2024-39018 (harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a pr ...) - TODO: check + NOT-FOR-US: key-serializer Nodejs module CVE-2024-39017 (agreejs shared v0.0.1 was discovered to contain a prototype pollution ...) - TODO: check + NOT-FOR-US: shared Nodejs module CVE-2024-39016 (che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pol ...) - TODO: check + NOT-FOR-US: c3/utils-1 Nodejs module CVE-2024-39015 (cafebazaar hod v0.4.14 was discovered to contain a prototype pollution ...) - TODO: check + NOT-FOR-US: hod Nodejs module CVE-2024-39014 (ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pol ...) - TODO: check + NOT-FOR-US: cahil/utils Nodejs module CVE-2024-39013 (2o3t-utility v0.1.2 was discovered to contain a prototype pollution vi ...) - TODO: check + NOT-FOR-US: 2o3t-utility CVE-2024-39008 (robinweser fast-loops v1.1.3 was discovered to contain a prototype pol ...) - TODO: check + NOT-FOR-US: robinweser fast-loops CVE-2024-39003 (amoyjs amoy common v1.0.10 was discovered to contain a prototype pollu ...) - TODO: check + NOT-FOR-US: amoyjs amoy common CVE-2024-39002 (rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pol ...) - TODO: check + NOT-FOR-US: rjrodger jsonic-next CVE-2024-39001 (ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollu ...) - TODO: check + NOT-FOR-US: ag-grid-enterprise CVE-2024-39000 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype ...) - TODO: check + NOT-FOR-US: ratio-swiper Nodejs module CVE-2024-38999 (jrburke requirejs v2.3.6 was discovered to contain a prototype polluti ...) - requirejs <unfixed> NOTE: https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a @@ -175,21 +175,21 @@ CVE-2024-38998 (jrburke requirejs v2.3.6 was discovered to contain a prototype p - requirejs <unfixed> NOTE: https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a CVE-2024-38997 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype ...) - TODO: check + NOT-FOR-US: ratio-swiper Nodejs module CVE-2024-38996 (ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discover ...) - TODO: check + NOT-FOR-US: ag-grid-community CVE-2024-38994 (amoyjs amoy common v1.0.10 was discovered to contain a prototype pollu ...) - TODO: check + NOT-FOR-US: amoyjs amoy common CVE-2024-38993 (rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pol ...) - TODO: check + NOT-FOR-US: jsonic-next Nodejs module CVE-2024-38992 (airvertco frappejs v0.0.11 was discovered to contain a prototype pollu ...) - TODO: check + NOT-FOR-US: frappejs Nodejs module CVE-2024-38991 (akbr patch-into v1.0.1 was discovered to contain a prototype pollution ...) - TODO: check + NOT-FOR-US: patch-into Nodejs module CVE-2024-38990 (Tada5hi sp-common v0.5.4 was discovered to contain a prototype polluti ...) - TODO: check + NOT-FOR-US: Tada5hi sp-common CVE-2024-38987 (aofl cli-lib v3.14.0 was discovered to contain a prototype pollution v ...) - TODO: check + NOT-FOR-US: aofl cli-lib CVE-2024-38953 (phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in t ...) NOT-FOR-US: phpok CVE-2024-38513 (Fiber is an Express-inspired web framework written in Go A vulnerabili ...) @@ -197,9 +197,9 @@ CVE-2024-38513 (Fiber is an Express-inspired web framework written in Go A vulne CVE-2024-37298 (gorilla/schema converts structs to and from form values. Prior to vers ...) TODO: check CVE-2024-37146 (Flowise is a drag & drop user interface to build a customized large la ...) - TODO: check + NOT-FOR-US: Flowise CVE-2024-37145 (Flowise is a drag & drop user interface to build a customized large la ...) - TODO: check + NOT-FOR-US: Flowise CVE-2024-36997 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...) NOT-FOR-US: Splunk Enterprise CVE-2024-36996 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/390d06e40b5d0be55ad1563307c71b0bb37fe0b7 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/390d06e40b5d0be55ad1563307c71b0bb37fe0b7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits