[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 2 20:34:34 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
390d06e4 by Salvatore Bonaccorso at 2024-07-02T21:33:12+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2024-5419 (The Void Contact Form 7 Widget For Elementor Page Builder plugin
CVE-2024-5349 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5322 (The N-central server is vulnerable to session rebinding of already aut ...)
- TODO: check
+ NOT-FOR-US: N-able Technologies N-central Server
CVE-2024-5219 (The Easy Google Maps plugin for WordPress is vulnerable to Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4679 (Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible ...)
@@ -33,15 +33,15 @@ CVE-2024-4627 (The Rank Math SEO WordPress plugin before 1.0.219 does not sanit
CVE-2024-3999 (The EazyDocs WordPress plugin before 2.5.0 does not sanitise and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3513 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-39314 (toy-blog is a headless content management system implementation. Start ...)
- TODO: check
+ NOT-FOR-US: toy-blog
CVE-2024-39313 (toy-blog is a headless content management system implementation. Start ...)
- TODO: check
+ NOT-FOR-US: toy-blog
CVE-2024-39310 (The Basil recipe theme for WordPress is vulnerable to Persistent Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-39309 (Parse Server is an open source backend that can be deployed to any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2024-39305 (Envoy is a cloud-native, open source edge and service proxy. Prior to ...)
TODO: check
CVE-2024-38368 (trunk.cocoapods.org is the authentication server for the CoacoaPods de ...)
@@ -51,29 +51,29 @@ CVE-2024-38367 (trunk.cocoapods.org is the authentication server for the CoacoaP
CVE-2024-38366 (trunk.cocoapods.org is the authentication server for the CoacoaPods de ...)
TODO: check
CVE-2024-37765 (Machform up to version 19 is affected by an authenticated Blind SQL in ...)
- TODO: check
+ NOT-FOR-US: Machform
CVE-2024-37764 (MachForm up to version 19 is affected by an authenticated stored cross ...)
- TODO: check
+ NOT-FOR-US: Machform
CVE-2024-37763 (MachForm up to version 19 is affected by an unauthenticated stored cro ...)
- TODO: check
+ NOT-FOR-US: Machform
CVE-2024-37762 (MachForm up to version 21 is affected by an authenticated unrestricted ...)
- TODO: check
+ NOT-FOR-US: Machform
CVE-2024-37479 (Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37134 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an impr ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-37133 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an impr ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-37132 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an inco ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-37126 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an impr ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-32854 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an impr ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-32853 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an exec ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-32852 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-32230 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size- ...)
TODO: check
CVE-2024-32229 (FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandsh ...)
@@ -81,37 +81,37 @@ CVE-2024-32229 (FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_til
CVE-2024-32228 (FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavc ...)
TODO: check
CVE-2024-2819 (Incorrect Default Permissions, Improper Preservation of Permissions vu ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2024-28200 (The N-central server is vulnerable to an authentication bypass of the ...)
- TODO: check
+ NOT-FOR-US: N-able Technologies N-central Server
CVE-2024-23737 (Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify ...)
- TODO: check
+ NOT-FOR-US: savignano S/Notify
CVE-2024-23736 (Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify ...)
- TODO: check
+ NOT-FOR-US: savignano S/Notify
CVE-2024-1427 (The The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Add ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0158 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-41928 (The device is observed to accept deprecated TLS protocols, increasing ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41927 (The server supports at least one cipher suite which is on the NCSC-NL ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41926 (The webserver utilizes basic authentication for its user login to the ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41923 (The user management section of the web application permits the creatio ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41922 (A 'Cross-site Scripting' (XSS) vulnerability, characterized by imprope ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41921 (A vulnerability allows attackers to download source code or an executa ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41920 (The vulnerability allows attackers access to the root account without ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41919 (Hardcoded credentials are discovered within the application's source c ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41918 (A vulnerability allows unauthorized access to functionality inadequate ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2023-41917 (Inadequate input validation exposes the system to potential remote cod ...)
- TODO: check
+ NOT-FOR-US: Kiloview
CVE-2024-6425 (Incorrect Provision of Specified Functionality vulnerability in MESboo ...)
NOT-FOR-US: MESbook
CVE-2024-6424 (External server-side request vulnerability in MESbook 20221021.03 vers ...)
@@ -129,7 +129,7 @@ CVE-2024-39879 (In JetBrains TeamCity before 2024.03.3 application token could b
CVE-2024-39878 (In JetBrains TeamCity before 2024.03.3 private key could be exposed vi ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2024-39853 (adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype p ...)
- TODO: check
+ NOT-FOR-US: ratio-swiper Nodejs module
CVE-2024-39430 (In faceid servive, there is a possible out of bounds write due to a mi ...)
NOT-FOR-US: Unisoc
CVE-2024-39429 (In faceid servive, there is a possible out of bounds write due to a mi ...)
@@ -147,27 +147,27 @@ CVE-2024-39249 (Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Exp
CVE-2024-39236 (Gradio v4.36.1 was discovered to contain a code injection vulnerabilit ...)
NOT-FOR-US: Gradio
CVE-2024-39018 (harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a pr ...)
- TODO: check
+ NOT-FOR-US: key-serializer Nodejs module
CVE-2024-39017 (agreejs shared v0.0.1 was discovered to contain a prototype pollution ...)
- TODO: check
+ NOT-FOR-US: shared Nodejs module
CVE-2024-39016 (che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pol ...)
- TODO: check
+ NOT-FOR-US: c3/utils-1 Nodejs module
CVE-2024-39015 (cafebazaar hod v0.4.14 was discovered to contain a prototype pollution ...)
- TODO: check
+ NOT-FOR-US: hod Nodejs module
CVE-2024-39014 (ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pol ...)
- TODO: check
+ NOT-FOR-US: cahil/utils Nodejs module
CVE-2024-39013 (2o3t-utility v0.1.2 was discovered to contain a prototype pollution vi ...)
- TODO: check
+ NOT-FOR-US: 2o3t-utility
CVE-2024-39008 (robinweser fast-loops v1.1.3 was discovered to contain a prototype pol ...)
- TODO: check
+ NOT-FOR-US: robinweser fast-loops
CVE-2024-39003 (amoyjs amoy common v1.0.10 was discovered to contain a prototype pollu ...)
- TODO: check
+ NOT-FOR-US: amoyjs amoy common
CVE-2024-39002 (rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pol ...)
- TODO: check
+ NOT-FOR-US: rjrodger jsonic-next
CVE-2024-39001 (ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollu ...)
- TODO: check
+ NOT-FOR-US: ag-grid-enterprise
CVE-2024-39000 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype ...)
- TODO: check
+ NOT-FOR-US: ratio-swiper Nodejs module
CVE-2024-38999 (jrburke requirejs v2.3.6 was discovered to contain a prototype polluti ...)
- requirejs <unfixed>
NOTE: https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
@@ -175,21 +175,21 @@ CVE-2024-38998 (jrburke requirejs v2.3.6 was discovered to contain a prototype p
- requirejs <unfixed>
NOTE: https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
CVE-2024-38997 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype ...)
- TODO: check
+ NOT-FOR-US: ratio-swiper Nodejs module
CVE-2024-38996 (ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discover ...)
- TODO: check
+ NOT-FOR-US: ag-grid-community
CVE-2024-38994 (amoyjs amoy common v1.0.10 was discovered to contain a prototype pollu ...)
- TODO: check
+ NOT-FOR-US: amoyjs amoy common
CVE-2024-38993 (rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pol ...)
- TODO: check
+ NOT-FOR-US: jsonic-next Nodejs module
CVE-2024-38992 (airvertco frappejs v0.0.11 was discovered to contain a prototype pollu ...)
- TODO: check
+ NOT-FOR-US: frappejs Nodejs module
CVE-2024-38991 (akbr patch-into v1.0.1 was discovered to contain a prototype pollution ...)
- TODO: check
+ NOT-FOR-US: patch-into Nodejs module
CVE-2024-38990 (Tada5hi sp-common v0.5.4 was discovered to contain a prototype polluti ...)
- TODO: check
+ NOT-FOR-US: Tada5hi sp-common
CVE-2024-38987 (aofl cli-lib v3.14.0 was discovered to contain a prototype pollution v ...)
- TODO: check
+ NOT-FOR-US: aofl cli-lib
CVE-2024-38953 (phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in t ...)
NOT-FOR-US: phpok
CVE-2024-38513 (Fiber is an Express-inspired web framework written in Go A vulnerabili ...)
@@ -197,9 +197,9 @@ CVE-2024-38513 (Fiber is an Express-inspired web framework written in Go A vulne
CVE-2024-37298 (gorilla/schema converts structs to and from form values. Prior to vers ...)
TODO: check
CVE-2024-37146 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2024-37145 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2024-36997 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
NOT-FOR-US: Splunk Enterprise
CVE-2024-36996 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/390d06e40b5d0be55ad1563307c71b0bb37fe0b7
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/390d06e40b5d0be55ad1563307c71b0bb37fe0b7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240702/2544f229/attachment.htm>
More information about the debian-security-tracker-commits
mailing list