[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 6 21:48:25 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8c8a51fd by Salvatore Bonaccorso at 2024-06-06T22:47:49+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2024-5657 (The CraftCMS plugin Two-Factor Authentication in versions 3.3.1,
CVE-2024-5609
REJECTED
CVE-2024-5552 (kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Serv ...)
- TODO: check
+ NOT-FOR-US: kubeflow
CVE-2024-5550 (In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information ...)
TODO: check
CVE-2024-5509 (Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remot ...)
@@ -69,7 +69,7 @@ CVE-2024-5256 (Sonos Era 100 SMB2 Message Handling Integer Underflow Information
CVE-2024-5248 (In lunary-ai/lunary version 1.2.5, an improper access control vulnerab ...)
NOT-FOR-US: lunary-ai/lunary
CVE-2024-5225 (An SQL Injection vulnerability exists in the berriai/litellm repositor ...)
- TODO: check
+ NOT-FOR-US: berriai/litellm
CVE-2024-5221 (The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5206 (A sensitive data leakage vulnerability was identified in scikit-learn' ...)
@@ -105,23 +105,23 @@ CVE-2024-5038 (The Colibri Page Builder plugin for WordPress is vulnerable to St
CVE-2024-4941 (A local file inclusion vulnerability exists in the JSON component of g ...)
NOT-FOR-US: Gradio
CVE-2024-4890 (A blind SQL injection vulnerability exists in the berriai/litellm appl ...)
- TODO: check
+ NOT-FOR-US: berriai/litellm
CVE-2024-4889 (A code injection vulnerability exists in the berriai/litellm applicati ...)
- TODO: check
+ NOT-FOR-US: berriai/litellm
CVE-2024-4888 (BerriAI's litellm, in its latest version, is vulnerable to arbitrary f ...)
- TODO: check
+ NOT-FOR-US: berriai/litellm
CVE-2024-4881 (A path traversal vulnerability exists in the parisneo/lollms applicati ...)
NOT-FOR-US: parisneo/lollms
CVE-2024-4851 (A Server-Side Request Forgery (SSRF) vulnerability exists in the stang ...)
TODO: check
CVE-2024-4325 (A Server-Side Request Forgery (SSRF) vulnerability exists in the gradi ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-4320 (A remote code execution (RCE) vulnerability exists in the '/install_ex ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2024-3504 (An improper access control vulnerability exists in lunary-ai/lunary ve ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-3429 (A path traversal vulnerability exists in the parisneo/lollms applicati ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms
CVE-2024-3408 (man-group/dtale version 3.10.0 is vulnerable to an authentication bypa ...)
TODO: check
CVE-2024-3404 (In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 2024 ...)
@@ -155,7 +155,7 @@ CVE-2024-3095 (A Server-Side Request Forgery (SSRF) vulnerability exists in the
CVE-2024-3033 (An improper authorization vulnerability exists in the mintplex-labs/an ...)
TODO: check
CVE-2024-37364 (Ariane Allegro Scenario Player through 2024-03-05, when Ariane Duo kio ...)
- TODO: check
+ NOT-FOR-US: Ariane Allegro Scenario Player
CVE-2024-37156 (The SuluFormBundle adds support for creating dynamic forms in Sulu Adm ...)
TODO: check
CVE-2024-37154 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. ...)
@@ -163,11 +163,11 @@ CVE-2024-37154 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Ne
CVE-2024-37153 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. ...)
TODO: check
CVE-2024-37152 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2024-37150 (An issue in `.npmrc` support in Deno 1.44.0 was discovered where Deno ...)
TODO: check
CVE-2024-36779 (Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injec ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Stock Management System
CVE-2024-36745 (An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a De ...)
TODO: check
CVE-2024-36743 (An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a De ...)
@@ -191,15 +191,15 @@ CVE-2024-36730 (Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows
CVE-2024-36399 (Kanboard is project management software that focuses on the Kanban met ...)
TODO: check
CVE-2024-36394 (SysAid - CWE-78: Improper Neutralization of Special Elements used in a ...)
- TODO: check
+ NOT-FOR-US: SysAid
CVE-2024-36393 (SysAid - CWE-89: Improper Neutralization of Special Elements used in a ...)
- TODO: check
+ NOT-FOR-US: SysAid
CVE-2024-36106 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2024-35178 (The Jupyter Server provides the backend for Jupyter web applications. ...)
TODO: check
CVE-2024-34832 (Directory Traversal vulnerability in CubeCart v.6.5.5 and before allow ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2024-32873 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. ...)
TODO: check
CVE-2024-30375 (Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Exec ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c8a51fdc3f927d23969ec728013cbac41a05b15
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c8a51fdc3f927d23969ec728013cbac41a05b15
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240606/dbd9cf11/attachment.htm>
More information about the debian-security-tracker-commits
mailing list