[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jan 31 09:48:32 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c6a86e5f by Moritz Muehlenhoff at 2024-01-31T10:48:08+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2024-23745 (In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to th
CVE-2024-22569 (Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allo ...)
NOT-FOR-US: POSCMS
CVE-2024-22236 (In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0. ...)
- TODO: check
+ NOT-FOR-US: Spring Cloud Contract
CVE-2024-1069 (The Contact Form Entries plugin for WordPress is vulnerable to arbitra ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1012 (A vulnerability, which was classified as critical, has been found in W ...)
@@ -50,11 +50,11 @@ CVE-2024-1077 (Use after free in Network in Google Chrome prior to 121.0.6167.13
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-24565 (CrateDB is a distributed SQL database that makes it simple to store an ...)
- TODO: check
+ NOT-FOR-US: CrateDB
CVE-2024-24558 (TanStack Query supplies asynchronous state management, server-state ut ...)
NOT-FOR-US: TanStack Query
CVE-2024-24556 (urql is a GraphQL client that exposes a set of helpers for several fra ...)
- TODO: check
+ NOT-FOR-US: urql
CVE-2024-24333 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
NOT-FOR-US: TOTOLINK
CVE-2024-24332 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
@@ -76,9 +76,9 @@ CVE-2024-24325 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contai
CVE-2024-24324 (TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hard ...)
NOT-FOR-US: TOTOLINK
CVE-2024-23841 (apollo-client-nextjs is the Apollo Client support for the Next.js App ...)
- TODO: check
+ NOT-FOR-US: apollo-client-nextjs
CVE-2024-23840 (GoReleaser builds Go binaries for several platforms, creates a GitHub ...)
- TODO: check
+ NOT-FOR-US: GoReleaser
CVE-2024-23838 (TrueLayer.NET is the .Net client for TrueLayer. The vulnerability cou ...)
NOT-FOR-US: TrueLayer.NET
CVE-2024-23825 (TablePress is a table plugin for Wordpress. For importing tables, Tabl ...)
@@ -102,7 +102,7 @@ CVE-2024-21649 (The vantage6 technology enables to manage and deploy privacy enh
CVE-2024-21388 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-1063 (Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF ...)
- TODO: check
+ NOT-FOR-US: Appwrite
CVE-2024-1061 (The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affecte ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1036 (A vulnerability was found in openBI up to 1.0.8 and classified as crit ...)
@@ -204,7 +204,7 @@ CVE-2024-21803 (Use After Free vulnerability in Linux Linux kernel kernel on Lin
- linux <unfixed>
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8081
CVE-2024-21488 (Versions of the package network before 0.7.0 are vulnerable to Arbitra ...)
- TODO: check
+ NOT-FOR-US: Node network
CVE-2024-1029 (A vulnerability was found in Cogites eReserv 7.7.58 and classified as ...)
NOT-FOR-US: Cogites eReserv
CVE-2024-1028 (A vulnerability has been found in SourceCodester Facebook News Feed Li ...)
@@ -237,7 +237,7 @@ CVE-2023-52071 (tiny-curl-8_4_0 , curl-8_4_0 and curl-8_5_0 were discovered to c
CVE-2023-51982 (CrateDB 5.5.1 is contains an authentication bypass vulnerability in th ...)
NOT-FOR-US: CrateDB
CVE-2023-51843 (react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as h ...)
- TODO: check
+ NOT-FOR-US: react-dashboard
CVE-2023-51837 (Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Va ...)
NOT-FOR-US: Ylianst MeshCentral
CVE-2023-51813 (Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source In ...)
@@ -289,11 +289,14 @@ CVE-2024-23826 (spbu_se_site is the website of the Department of System Programm
CVE-2024-23822 (Thruk is a multibackend monitoring webinterface. Prior to 3.12, the T ...)
NOT-FOR-US: Thruk
CVE-2024-23792 (When adding attachments to ticket comments, another user can add atta ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Issue is listed as specific to >= 7.x, so won't affect Znuny which forked from 6.x
CVE-2024-23791 (Insertion of debug information into log file during building the elast ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Issue is listed as specific to >= 7.x, so won't affect Znuny which forked from 6.x
CVE-2024-23790 (Improper Input Validation vulnerability in the upload functionality fo ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Issue is listed as specific to >= 7.x, so won't affect Znuny which forked from 6.x
CVE-2024-23747 (The Moderna Sistemas ModernaNet Hospital Management System 2024 is sus ...)
NOT-FOR-US: Moderna Sistemas ModernaNet Hospital Management System
CVE-2024-23441 (Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerabi ...)
@@ -41702,7 +41705,7 @@ CVE-2023-30972
CVE-2023-30971
RESERVED
CVE-2023-30970 (Gotham Table service and Forward App were found to be vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: Gotham Table service and Forward App
CVE-2023-30969 (The Palantir Tiles1 service was found to be vulnerable to an API wide ...)
NOT-FOR-US: Palantir
CVE-2023-30968
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6a86e5fc80f560410bf0327a7350bb4879b393a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6a86e5fc80f560410bf0327a7350bb4879b393a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240131/c1def198/attachment.htm>
More information about the debian-security-tracker-commits
mailing list