Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
33b0561a by Salvatore Bonaccorso at 2024-07-07T15:45:58+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
CVE-2024-40605 (An issue was discovered in the Foreground skin for MediaWiki
through 1 ...)
- TODO: check
+ NOT-FOR-US: Foreground skin for MediaWiki
CVE-2024-40604 (An issue was discovered in the Nimbus skin for MediaWiki
through 1.42. ...)
- TODO: check
+ NOT-FOR-US: Nimbus skin for MediaWiki
CVE-2024-40603 (An issue was discovered in the ArticleRatings extension for
MediaWiki ...)
- TODO: check
+ NOT-FOR-US: ArticleRatings extension for MediaWiki
CVE-2024-40602 (An issue was discovered in the Tempo skin for MediaWiki
through 1.42.1 ...)
- TODO: check
+ NOT-FOR-US: Tempo skin for MediaWiki
CVE-2024-40601 (An issue was discovered in the MediaWikiChat extension for
MediaWiki t ...)
- TODO: check
+ NOT-FOR-US: MediaWikiChat extension for MediaWiki
CVE-2024-40600 (An issue was discovered in the Metrolook skin for MediaWiki
through 1. ...)
- TODO: check
+ NOT-FOR-US: Metrolook skin for MediaWiki
CVE-2024-40599 (An issue was discovered in the GuMaxDD skin for MediaWiki
through 1.42 ...)
- TODO: check
+ NOT-FOR-US: GuMaxDD skin for MediaWiki
CVE-2024-40598 (An issue was discovered in the CheckUser extension for
MediaWiki throu ...)
- TODO: check
+ NOT-FOR-US: CheckUser extension for MediaWiki
CVE-2024-40597 (An issue was discovered in the CheckUser extension for
MediaWiki throu ...)
- TODO: check
+ NOT-FOR-US: CheckUser extension for MediaWiki
CVE-2024-40596 (An issue was discovered in the CheckUser extension for
MediaWiki throu ...)
- TODO: check
+ NOT-FOR-US: CheckUser extension for MediaWiki
CVE-2024-6095 (A vulnerability in the /models/apply endpoint of mudler/localai
versio ...)
NOT-FOR-US: mudler/localai
CVE-2024-5616 (A Cross-Site Request Forgery (CSRF) vulnerability exists in
mudler/Loc ...)
@@ -69,7 +69,7 @@ CVE-2023-39327 [Malicious files can cause the program to
enter a large loop]
- openjpeg2 <unfixed>
NOTE: https://github.com/uclouvain/openjpeg/issues/1472
CVE-2024-6526 (A vulnerability classified as problematic has been found in
CodeIgnite ...)
- TODO: check
+ NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
CVE-2024-6525 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
D-Link DA ...)
NOT-FOR-US: D-Link
CVE-2024-6524 (A vulnerability was found in ShopXO up to 6.1.0. It has been
declared ...)
@@ -96,7 +96,7 @@ CVE-2024-39689 (Certifi is a curated collection of Root
Certificates for validat
NOTE:
https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
NOTE: Debian's python-certifi is patched to return the location of
Debian-provided CA certificates
CVE-2024-39687 (Fedify is a TypeScript library for building federated server
apps powe ...)
- TODO: check
+ NOT-FOR-US: Fedify
CVE-2024-39321 (Traefik is an HTTP reverse proxy and load balancer. Versions
prior to ...)
- traefik <itp> (bug #983289)
CVE-2024-39210 (Best House Rental Management System v1.0 was discovered to
contain an ...)
@@ -154,7 +154,7 @@ CVE-2024-27710 (An issue in Eskooly Free Online School
management Software v.3.0
CVE-2024-27709 (SQL Injection vulnerability in Eskooly Web Product v.3.0
allows a remo ...)
NOT-FOR-US: Eskooly Web Product
CVE-2024-23998 (goanother Another Redis Desktop Manager =<1.6.1 is vulnerable
to Cross ...)
- TODO: check
+ NOT-FOR-US: goanother Another Redis Desktop Manager
CVE-2024-23997 (Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting
(XSS) v ...)
NOT-FOR-US: Lukas Bach yana
CVE-2024-23588 (HCL Nomad server on Domino fails to properly handle users
configured w ...)
@@ -360,7 +360,7 @@ CVE-2024-39353 (Mattermost versions 9.5.x <= 9.5.5 and
9.8.0 fail to sanitize th
CVE-2024-39248 (A cross-site scripting (XSS) vulnerability in SimpCMS v0.1
allows atta ...)
NOT-FOR-US: SimpCMS
CVE-2024-39223 (An authentication bypass in the SSH service of gost v2.11.5
allows att ...)
- TODO: check
+ NOT-FOR-US: GO Simple Tunnel
CVE-2024-39220 (BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD,
AV-01KBD, ...)
NOT-FOR-US: BAS-IP
CVE-2024-37726 (Insecure Permissions vulnerability in Micro-Star International
Co., Lt ...)
@@ -479,7 +479,7 @@ CVE-2024-2234 (The Himer WordPress theme before 2.1.1 does
not sanitise and esca
CVE-2024-2233 (The Himer WordPress theme before 2.1.1 does not have CSRF
checks in so ...)
NOT-FOR-US: WordPress theme
CVE-2024-2231 (The allows any authenticated user to join a private group due
to a mi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2040 (The Himer WordPress theme before 2.1.1 does not have CSRF
checks in so ...)
NOT-FOR-US: WordPress theme
CVE-2024-24791 (The net/http HTTP/1.1 client mishandled the case where a
server respon ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33b0561a7d7f0f2978aa1c3df5b7d18a68846e1b
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33b0561a7d7f0f2978aa1c3df5b7d18a68846e1b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
