[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Dec 6 12:33:22 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
666f581f by Moritz Muehlenhoff at 2024-12-06T13:13:54+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8,7 +8,7 @@ CVE-2024-6219 (Mark Laing discovered in LXD's PKI mode, until version 5.21.1, th
CVE-2024-6156 (Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could ...)
TODO: check
CVE-2024-54140 (sigstore-java is a sigstore java client for interacting with sigstore ...)
- TODO: check
+ NOT-FOR-US: sigstore-java
CVE-2024-53589 (GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary F ...)
TODO: check
CVE-2024-53523 (JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable ...)
@@ -20,25 +20,25 @@ CVE-2024-52798 (path-to-regexp turns path strings into a regular expressions. In
CVE-2024-49041 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-38920 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)
- TODO: check
+ NOT-FOR-US: ros-navigation
CVE-2024-38910 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)
- TODO: check
+ NOT-FOR-US: ros-navigation
CVE-2024-37863 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)
- TODO: check
+ NOT-FOR-US: ros-navigation
CVE-2024-37862 (Buffer Overflow vulnerability in Open Robotic Robotic Operating System ...)
- TODO: check
+ NOT-FOR-US: ros-navigation
CVE-2024-37861 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)
- TODO: check
+ NOT-FOR-US: ros-navigation
CVE-2024-37860 (Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 ...)
- TODO: check
+ NOT-FOR-US: ros-navigation
CVE-2024-30964 (Insecure Permissions vulnerability in Open Robotics Robotic Operating ...)
- TODO: check
+ NOT-FOR-US: ros-navigation
CVE-2024-30963 (Buffer Overflow vulnerability in Open Robotics Robotic Operating Syste ...)
- TODO: check
+ NOT-FOR-US: ros-planning
CVE-2024-30962 (Buffer Overflow vulnerability in Open Robotics Robotic Operating Syste ...)
- TODO: check
+ NOT-FOR-US: ros-planning
CVE-2024-30961 (Insecure Permissions vulnerability in Open Robotics Robotic Operating ...)
- TODO: check
+ NOT-FOR-US: ros-planning
CVE-2024-12064
REJECTED
CVE-2024-11585 (The WP Hide & Security Enhancer plugin for WordPress is vulnerable to ...)
@@ -50,9 +50,9 @@ CVE-2024-11201 (The myCred \u2013 Loyalty Points and Rewards plugin for WordPres
CVE-2024-11178 (The Login With OTP plugin for WordPress is vulnerable to authenticatio ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11149 (In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits p ...)
- TODO: check
+ NOT-FOR-US: OpenBSD
CVE-2024-10933 (In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, ex ...)
- TODO: check
+ NOT-FOR-US: OpenBSD
CVE-2024-10836 (The Flixita theme for WordPress is vulnerable to Reflected Cross-Site ...)
NOT-FOR-US: WordPress theme
CVE-2024-10578 (The Pubnews theme for WordPress is vulnerable to unauthorized arbitrar ...)
@@ -91,7 +91,7 @@ CVE-2024-53856 (rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1,
- rust-pgp 0.14.2-1
NOTE: https://github.com/rpgp/rpgp/security/advisories/GHSA-9rmp-2568-59rv
CVE-2024-53846 (OTP is a set of Erlang libraries, which consists of the Erlang runtime ...)
- TODO: check
+ NOT-FOR-US: Erlang OTP
CVE-2024-53703 (A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv ...)
NOT-FOR-US: SonicWall
CVE-2024-53702 (Use of cryptographically weak pseudo-random number generator (PRNG) vu ...)
@@ -111,7 +111,7 @@ CVE-2024-52564 (Inclusion of undocumented features or chicken bits issue exists
CVE-2024-52271 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
NOT-FOR-US: Documenso
CVE-2024-52270 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
- TODO: check
+ NOT-FOR-US: DropBox Sign
CVE-2024-51555 (Default Credentail vulnerabilities allows access to an Aspect device u ...)
NOT-FOR-US: ABB
CVE-2024-51554 (Default Credentail vulnerabilities in ASPECT on Linux allows access to ...)
@@ -187,9 +187,9 @@ CVE-2024-12130 (An \u201cout of bounds read\u201d code execution vulnerability e
CVE-2024-12094 (This vulnerability exists in the Tinxy mobile app due to storage of lo ...)
NOT-FOR-US: Tinxy mobile app
CVE-2024-11942 (A vulnerability in Drupal Core allows File Manipulation.This issue aff ...)
- TODO: check
+ - drupal7 <removed>
CVE-2024-11941 (A vulnerability in Drupal Core allows Excessive Allocation.This issue ...)
- TODO: check
+ - drupal7 <removed>
CVE-2024-11779 (The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11420 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
@@ -209,7 +209,7 @@ CVE-2024-11156 (An \u201cout of bounds write\u201d code execution vulnerability
CVE-2024-11155 (A \u201cuse after free\u201d code execution vulnerability exists in t ...)
NOT-FOR-US: Rockwell Automation
CVE-2024-11148 (In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, ht ...)
- TODO: check
+ NOT-FOR-US: OpenBSD
CVE-2024-10937 (The Related Posts, Inline Related Posts, Contextual Related Posts, Rel ...)
NOT-FOR-US: WordPress plugin
CVE-2024-10848 (The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site S ...)
@@ -221,9 +221,9 @@ CVE-2024-10716 (Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an
CVE-2024-10056 (The Contact Form Builder by vcita plugin for WordPress is vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2023-50913 (Oxide control plane software before 5 allows SSRF.)
- TODO: check
+ NOT-FOR-US: Oxide
CVE-2023-48010 (STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism ...)
- TODO: check
+ NOT-FOR-US: STMicroelectronics SPC58
CVE-2024-54675 (app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2. ...)
NOT-FOR-US: MISP
CVE-2024-54674 (app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through ...)
@@ -343,11 +343,11 @@ CVE-2024-12148 (Incorrect authorization in permission validation component in De
CVE-2024-12147 (A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has bee ...)
NOT-FOR-US: Netgear
CVE-2024-12138 (A vulnerability classified as critical was found in horilla up to 1.2. ...)
- TODO: check
+ NOT-FOR-US: horilla
CVE-2024-12107 (Double-Free Vulnerability in uD3TN BPv7 Caused by Malformed Endpoint I ...)
NOT-FOR-US: uD3TN
CVE-2024-12056 (The Client secret is not checked when using the OAuth Password grant t ...)
- TODO: check
+ NOT-FOR-US: PcVue
CVE-2024-11952 (The Classic Addons \u2013 WPBakery Page Builder plugin for WordPress i ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11935 (The Email Address Obfuscation plugin for WordPress is vulnerable to St ...)
@@ -464,7 +464,7 @@ CVE-2024-46625 (An authenticated arbitrary file upload vulnerability in the /doc
CVE-2024-46624 (An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers ...)
NOT-FOR-US: InfoDom Performa 365
CVE-2024-45757 (An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, ...)
- TODO: check
+ NOT-FOR-US: centreon-bam
CVE-2024-45717 (The SolarWinds Platform was susceptible to a XSS vulnerability that af ...)
NOT-FOR-US: SolarWinds
CVE-2024-45207 (DLL injection in Veeam Agent for Windows can occur if the system's PAT ...)
@@ -766,7 +766,7 @@ CVE-2024-53981 (python-multipart is a streaming multipart parser for Python. Whe
NOTE: Fixed by: https://github.com/Kludex/python-multipart/commit/9205a0ec8c646b9f705430a6bfb52bd957b76c19 (0.0.18)
NOTE: Fixed by: https://github.com/Kludex/python-multipart/commit/c4fe4d3cebc08c660e57dd709af1ffa7059b3177 (0.0.19)
CVE-2024-53900 (Mongoose before 8.8.3 can improperly use $where in match, leading to s ...)
- TODO: check
+ NOT-FOR-US: Mongoose
CVE-2024-53862 (Argo Workflows is an open source container-native workflow engine for ...)
NOT-FOR-US: Argo Workflows
CVE-2024-53793 (Cross-Site Request Forgery (CSRF) vulnerability in eDoc Intelligence L ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/666f581f28f8e96babad171c379e268a96bde0ed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/666f581f28f8e96babad171c379e268a96bde0ed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241206/a48b2273/attachment.htm>
More information about the debian-security-tracker-commits
mailing list