[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Apr 10 15:03:49 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
79711349 by Moritz Muehlenhoff at 2024-04-10T16:03:25+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -134,9 +134,9 @@ CVE-2024-22450 (Dell Alienware Command Center, versions prior to 6.2.7.0, contai
CVE-2024-22448 (Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authe ...)
NOT-FOR-US: Dell
CVE-2024-21509 (Versions of the package mysql2 before 3.9.4 are vulnerable to Prototyp ...)
- TODO: check
+ NOT-FOR-US: Node mysql2
CVE-2024-21507 (Versions of the package mysql2 before 3.9.3 are vulnerable to Improper ...)
- TODO: check
+ NOT-FOR-US: Node mysql2
CVE-2024-1780 (The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1042 (The WP Radio \u2013 Worldwide Online Radio Stations Directory for Word ...)
@@ -234,13 +234,13 @@ CVE-2024-31368 (Missing Authorization vulnerability in PenciDesign Soledad.This
CVE-2024-31367 (Missing Authorization vulnerability in PenciDesign Soledad.This issue ...)
NOT-FOR-US: WordPress plugin
CVE-2024-30706 (An issue was discovered in ROS2 Dashing Diademata versions ROS_VERSION ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30704 (An insecure deserialization vulnerability has been identified in ROS2 ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30703 (An arbitrary file upload vulnerability has been discovered in ROS2 (Ro ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30702 (An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 a ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30262 (Contao is an open source content management system. Prior to version 4 ...)
NOT-FOR-US: Contao CMS
CVE-2024-30191 (A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1 ...)
@@ -926,43 +926,43 @@ CVE-2024-31047 (An issue in Academy Software Foundation openexr v.3.2.3 and befo
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1681
NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/7aa89e1d09b09d9f5dbb96976ee083a331ab9d71
CVE-2024-30701 (An insecure logging vulnerability in ROS2 Galactic Geochelone ROS_VERS ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30699 (A buffer overflow vulnerability has been discovered in the C++ compone ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30697 (An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 a ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30696 (OS command injection vulnerability in ROS2 Galactic Geochelone in ROS_ ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30695 (An issue was discovered in the default configurations of ROS2 Galactic ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30694 (A shell injection vulnerability was discovered in ROS2 (Robot Operatin ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30692 (A issue was discovered in ROS2 Galactic Geochelone versions ROS_VERSIO ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30691 (An issue was discovered in ROS2 Galactic Geochelone in version ROS_VER ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30690 (An unauthorized node injection vulnerability has been identified in RO ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30688 (An arbitrary file upload vulnerability has been discovered in ROS2 Iro ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30687 (An insecure deserialization vulnerability has been identified in ROS2 ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30686 (An issue was discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30684 (An insecure logging vulnerability has been identified within ROS2 Iron ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30683 (A buffer overflow vulnerability has been discovered in the C++ compone ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30681 (An OS command injection vulnerability has been discovered in ROS2 Iron ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30680 (Shell injection vulnerability was discovered in ROS2 (Robot Operating ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30679 (An issue was discovered in the default configurations of ROS2 Iron Irw ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30678 (An issue has been discovered in ROS2 Iron Irwini ROS_VERSION 2 and ROS ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30676 (A Denial-of-Service (DoS) vulnerability exists in ROS2 Iron Irwini ver ...)
- TODO: check
+ NOTE: Bogus report on ROS, lacks all details and apparently never reported either
CVE-2024-30218 (The ABAP Application Server of SAP NetWeaver as well as ABAP Platforma ...)
NOT-FOR-US: SAP
CVE-2024-30217 (Cash Management in SAP S/4 HANA does not perform necessary authorizati ...)
@@ -984,11 +984,11 @@ CVE-2024-27899 (Self-Registrationand Modify your own profile in User Admin Appli
CVE-2024-27898 (SAP NetWeaver application, due to insufficient input validation, allow ...)
NOT-FOR-US: SAP
CVE-2024-27632 (An issue in GNU Savane v.3.12 and before allows a remote attacker to e ...)
- TODO: check
+ NOT-FOR-US: GNU Savane
CVE-2024-27631 (Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and befo ...)
- TODO: check
+ NOT-FOR-US: GNU Savane
CVE-2024-27630 (Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and befor ...)
- TODO: check
+ NOT-FOR-US: GNU Savane
CVE-2024-25646 (Due to improper validation,SAP BusinessObject Business Intelligence La ...)
NOT-FOR-US: SAP
CVE-2024-23584 (The NMAP Importer service may expose data store credentials to authori ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7971134980ea7abc211a917ce44b4f75a70a593e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7971134980ea7abc211a917ce44b4f75a70a593e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240410/5983da70/attachment.htm>
More information about the debian-security-tracker-commits
mailing list