Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 33b0561a by Salvatore Bonaccorso at 2024-07-07T15:45:58+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,23 +1,23 @@ CVE-2024-40605 (An issue was discovered in the Foreground skin for MediaWiki through 1 ...) - TODO: check + NOT-FOR-US: Foreground skin for MediaWiki CVE-2024-40604 (An issue was discovered in the Nimbus skin for MediaWiki through 1.42. ...) - TODO: check + NOT-FOR-US: Nimbus skin for MediaWiki CVE-2024-40603 (An issue was discovered in the ArticleRatings extension for MediaWiki ...) - TODO: check + NOT-FOR-US: ArticleRatings extension for MediaWiki CVE-2024-40602 (An issue was discovered in the Tempo skin for MediaWiki through 1.42.1 ...) - TODO: check + NOT-FOR-US: Tempo skin for MediaWiki CVE-2024-40601 (An issue was discovered in the MediaWikiChat extension for MediaWiki t ...) - TODO: check + NOT-FOR-US: MediaWikiChat extension for MediaWiki CVE-2024-40600 (An issue was discovered in the Metrolook skin for MediaWiki through 1. ...) - TODO: check + NOT-FOR-US: Metrolook skin for MediaWiki CVE-2024-40599 (An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42 ...) - TODO: check + NOT-FOR-US: GuMaxDD skin for MediaWiki CVE-2024-40598 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) - TODO: check + NOT-FOR-US: CheckUser extension for MediaWiki CVE-2024-40597 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) - TODO: check + NOT-FOR-US: CheckUser extension for MediaWiki CVE-2024-40596 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) - TODO: check + NOT-FOR-US: CheckUser extension for MediaWiki CVE-2024-6095 (A vulnerability in the /models/apply endpoint of mudler/localai versio ...) NOT-FOR-US: mudler/localai CVE-2024-5616 (A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/Loc ...) @@ -69,7 +69,7 @@ CVE-2023-39327 [Malicious files can cause the program to enter a large loop] - openjpeg2 <unfixed> NOTE: https://github.com/uclouvain/openjpeg/issues/1472 CVE-2024-6526 (A vulnerability classified as problematic has been found in CodeIgnite ...) - TODO: check + NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2024-6525 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DA ...) NOT-FOR-US: D-Link CVE-2024-6524 (A vulnerability was found in ShopXO up to 6.1.0. It has been declared ...) @@ -96,7 +96,7 @@ CVE-2024-39689 (Certifi is a curated collection of Root Certificates for validat NOTE: https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc NOTE: Debian's python-certifi is patched to return the location of Debian-provided CA certificates CVE-2024-39687 (Fedify is a TypeScript library for building federated server apps powe ...) - TODO: check + NOT-FOR-US: Fedify CVE-2024-39321 (Traefik is an HTTP reverse proxy and load balancer. Versions prior to ...) - traefik <itp> (bug #983289) CVE-2024-39210 (Best House Rental Management System v1.0 was discovered to contain an ...) @@ -154,7 +154,7 @@ CVE-2024-27710 (An issue in Eskooly Free Online School management Software v.3.0 CVE-2024-27709 (SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remo ...) NOT-FOR-US: Eskooly Web Product CVE-2024-23998 (goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross ...) - TODO: check + NOT-FOR-US: goanother Another Redis Desktop Manager CVE-2024-23997 (Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) v ...) NOT-FOR-US: Lukas Bach yana CVE-2024-23588 (HCL Nomad server on Domino fails to properly handle users configured w ...) @@ -360,7 +360,7 @@ CVE-2024-39353 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize th CVE-2024-39248 (A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows atta ...) NOT-FOR-US: SimpCMS CVE-2024-39223 (An authentication bypass in the SSH service of gost v2.11.5 allows att ...) - TODO: check + NOT-FOR-US: GO Simple Tunnel CVE-2024-39220 (BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, ...) NOT-FOR-US: BAS-IP CVE-2024-37726 (Insecure Permissions vulnerability in Micro-Star International Co., Lt ...) @@ -479,7 +479,7 @@ CVE-2024-2234 (The Himer WordPress theme before 2.1.1 does not sanitise and esca CVE-2024-2233 (The Himer WordPress theme before 2.1.1 does not have CSRF checks in so ...) NOT-FOR-US: WordPress theme CVE-2024-2231 (The allows any authenticated user to join a private group due to a mi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2040 (The Himer WordPress theme before 2.1.1 does not have CSRF checks in so ...) NOT-FOR-US: WordPress theme CVE-2024-24791 (The net/http HTTP/1.1 client mishandled the case where a server respon ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33b0561a7d7f0f2978aa1c3df5b7d18a68846e1b -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33b0561a7d7f0f2978aa1c3df5b7d18a68846e1b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits