[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Apr 2 10:14:10 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
31b3f5f9 by Moritz Muehlenhoff at 2024-04-02T11:09:43+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,7 +27,7 @@ CVE-2024-3139 (A vulnerability, which was classified as critical, has been found
CVE-2024-3138 (** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS ...)
NOT-FOR-US: RosarioSISster
CVE-2024-3137 (Improper Privilege Management in uvdesk/community-skeleton)
- TODO: check
+ NOT-FOR-US: UVdesk
CVE-2024-31005 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...)
NOT-FOR-US: Bento4
CVE-2024-31004 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...)
@@ -208,15 +208,15 @@ CVE-2024-25187 (Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0
CVE-2024-24581 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...)
NOT-FOR-US: OpenHarmony
CVE-2024-23119 (Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulne ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2024-23118 (Centreon updateContactHostCommands SQL Injection Remote Code Execution ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2024-23117 (Centreon updateContactServiceCommands SQL Injection Remote Code Execut ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2024-23116 (Centreon updateLCARelation SQL Injection Remote Code Execution Vulnera ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2024-23115 (Centreon updateGroups SQL Injection Remote Code Execution Vulnerabilit ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2024-22180 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...)
NOT-FOR-US: OpenHarmony
CVE-2024-22177 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause ...)
@@ -264,7 +264,7 @@ CVE-2024-1274 (The My Calendar WordPress plugin before 3.4.24 does not sanitise
CVE-2024-1179 (TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow ...)
NOT-FOR-US: TP-Link
CVE-2024-0637 (Centreon updateDirectory SQL Injection Remote Code Execution Vulnerabi ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2023-52636 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 6.7.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -293,18 +293,18 @@ CVE-2023-52630 (In the Linux kernel, the following vulnerability has been resolv
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2a427b49d02995ea4a6ff93a1432c40fa4d36821 (6.8-rc4)
CVE-2023-51573 (Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous ...)
- TODO: check
+ NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51572 (Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remo ...)
- TODO: check
+ NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51571 (Voltronic Power ViewPower Pro SocketService Missing Authentication Den ...)
- TODO: check
+ NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51570 (Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote ...)
- TODO: check
+ NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2024-28219
- pillow <unfixed>
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
CVE-2024-3135 (The web server lacked CSRF tokens allowing an attacker to host malicio ...)
- TODO: check
+ NOT-FOR-US: LocalAI
CVE-2024-3131 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...)
NOT-FOR-US: SourceCodester Computer Laboratory Management System
CVE-2024-3130 (Hard-coded Credentialsin CoolKit eWeLlink app are before 5.4.x on Andr ...)
@@ -348,51 +348,51 @@ CVE-2024-30859 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/c
CVE-2024-30858 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fi ...)
NOT-FOR-US: netentsec NS-ASG
CVE-2024-29435 (An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary ...)
- TODO: check
+ NOT-FOR-US: Alldata
CVE-2024-29433 (A deserialization vulnerability in the FASTJSON component of Alldata v ...)
- TODO: check
+ NOT-FOR-US: Alldata
CVE-2024-28232 (Go package IceWhaleTech/CasaOS-UserService provides user management fu ...)
NOT-FOR-US: IceWhaleTech/CasaOS-UserService
CVE-2024-25574 (SQL injection vulnerability exists in GetDIAE_usListParameters.)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2024-25080 (WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attac ...)
- TODO: check
+ NOT-FOR-US: Axigen
CVE-2024-21473 (Memory corruption while redirecting log file to any file location with ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-21472 (Memory corruption in Kernel while handling GPU operations.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-21470 (Memory corruption while allocating memory for graphics.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-21468 (Memory corruption when there is failed unmap operation in GPU.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-21463 (Memory corruption while processing Codec2 during v13k decoder pitch sy ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-21454 (Transient DOS while decoding the ToBeSignedMessage in Automotive Telem ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-21453 (Transient DOS while decoding message of size that exceeds the availabl ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-21452 (Transient DOS while decoding an ASN.1 OER message containing a SEQUENC ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-6154 (A configuration setting issue in seccenter.exe as used in Bitdefender ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2023-48906 (Stack Overflow vulnerability in Btstack 1.6 and earlier allows attacke ...)
- TODO: check
+ NOT-FOR-US: Btstack
CVE-2023-43515 (Memory corruption in HLOS while running kernel address sanitizers (syz ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33115 (Memory corruption while processing buffer initialization, when trusted ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33111 (Information disclosure when VI calibration state set by ADSP is greate ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33101 (Transient DOS while processing DL NAS TRANSPORT message with payload l ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33100 (Transient DOS while processing DL NAS Transport message when message I ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33099 (Transient DOS while processing SMS container of non-standard size rece ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33023 (Memory corruption while processing finish_sign command to pass a rsp b ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-4966 (A vulnerability was found in sequentech admin-console up to 6.1.7 and ...)
- TODO: check
+ NOT-FOR-US: sequentech admin-console
CVE-2024-26655 (In the Linux kernel, the following vulnerability has been resolved: F ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -621,7 +621,7 @@ CVE-2024-3018 (The Essential Addons for Elementor plugin for WordPress is vulner
CVE-2024-2491 (The PowerPack Addons for Elementor plugin for WordPress is vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1522 (I have activated the CORS because I had a development ui that uses ano ...)
- TODO: check
+ NOT-FOR-US: lollms-webui
CVE-2024-3084 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...)
NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal
CVE-2024-2948 (The Favorites plugin for WordPress is vulnerable to Stored Cross-Site ...)
@@ -899,7 +899,7 @@ CVE-2024-29904 (CodeIgniter is a PHP full-stack web framework A vulnerability wa
CVE-2024-29901 (The AuthKit library for Next.js provides helpers for authentication an ...)
NOT-FOR-US: AuthKit library for Next.js
CVE-2024-29900 (Electron Packager bundles Electron-based application source code with ...)
- TODO: check
+ NOT-FOR-US: Electron Packager
CVE-2024-29893 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2024-29890 (DataLens is a business intelligence and data visualization system. A s ...)
@@ -909,7 +909,7 @@ CVE-2024-29686 (Server-side Template Injection (SSTI) vulnerability in Winter CM
CVE-2024-29667 (SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 ...)
NOT-FOR-US: Tongtianxing
CVE-2024-29640 (An issue in aliyundrive-webdav v.2.3.3 and before allows a remote atta ...)
- TODO: check
+ NOT-FOR-US: aliyundrive-webdav
CVE-2024-29489 (Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:23 ...)
TODO: check
CVE-2024-29316 (NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-pr ...)
@@ -1089,11 +1089,11 @@ CVE-2024-2947 (A flaw was found in Cockpit. Deleting a sosreport with a crafted
NOTE: Introduced by: https://github.com/cockpit-project/cockpit/commit/ee8f946df39779ee37071006d1d4826317f25c9a (270)
NOTE: Fixed by: https://github.com/cockpit-project/cockpit/commit/9c4cc9b6df632082538b53bdc8ee9ec1c5cad4da (314)
CVE-2024-29898 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...)
- TODO: check
+ NOT-FOR-US: CreateWiki MediaWiki extension
CVE-2024-29897 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...)
- TODO: check
+ NOT-FOR-US: CreateWiki MediaWiki extension
CVE-2024-29896 (Astro-Shield is a library to compute the subresource integrity hashes ...)
- TODO: check
+ NOT-FOR-US: Astro-Shield
CVE-2024-29882 (SRS is a simple, high-efficiency, real-time video server. SRS's `/api/ ...)
NOT-FOR-US: SRS video server
CVE-2024-29200 (Kimai is a web-based multi-user time-tracking application. The permiss ...)
@@ -1996,7 +1996,7 @@ CVE-2023-31854 (std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is dis
CVE-2023-31634 (In TeslaMate before 1.27.2, there is unauthorized access to port 4000 ...)
NOT-FOR-US: TeslaMate
CVE-2017-20190 (Some Microsoft technologies as used in Windows 8 through 11 allow a te ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-22029
- tomcat10 <not-affected> (SUSE specfic packaging issue on /usr/share/tomcat/tomcat-webapps permissions)
- tomcat9 <not-affected> (SUSE specfic packaging issue on /usr/share/tomcat/tomcat-webapps permissions)
@@ -2056,13 +2056,13 @@ CVE-2024-2891 (A vulnerability, which was classified as critical, was found in T
CVE-2024-2802
REJECTED
CVE-2024-2452 (In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control ...)
- TODO: check
+ NOT-FOR-US: Eclipse ThreadX
CVE-2024-2214 (In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in th ...)
- TODO: check
+ NOT-FOR-US: Eclipse ThreadX
CVE-2024-2212 (In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() ...)
- TODO: check
+ NOT-FOR-US: Eclipse ThreadX
CVE-2024-29883 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...)
- TODO: check
+ NOT-FOR-US: CreateWiki MediaWiki extension
CVE-2024-29881 (TinyMCE is an open source rich text editor. A cross-site scripting (X ...)
- tinymce <removed>
NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31b3f5f9da4399d16769136be4b2640dc475a215
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31b3f5f9da4399d16769136be4b2640dc475a215
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240402/0e6b306e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list