[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jun 7 12:52:22 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
031634f2 by Moritz Muehlenhoff at 2024-06-07T13:51:38+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -327,49 +327,50 @@ CVE-2024-30369 (A10 Thunder ADC Incorrect Permission Assignment Local Privilege
 CVE-2024-30368 (A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution ...)
 	NOT-FOR-US: A10 Thunder ADC
 CVE-2024-2965 (A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader`  ...)
-	TODO: check
+	NOT-FOR-US: langchain
 CVE-2024-2928 (A Local File Inclusion (LFI) vulnerability was identified in mlflow/ml ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2024-2914 (A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting v ...)
-	TODO: check
+	NOT-FOR-US: deepjavalibrary/djl
 CVE-2024-2624 (A path traversal and arbitrary file upload vulnerability exists in the ...)
-	TODO: check
+	NOT-FOR-US: lollms-webui
 CVE-2024-2548 (A path traversal vulnerability exists in the parisneo/lollms-webui app ...)
-	TODO: check
+	NOT-FOR-US: lollms-webui
 CVE-2024-2383 (A clickjacking vulnerability exists in zenml-io/zenml versions up to a ...)
-	TODO: check
+	NOT-FOR-US: zenml
 CVE-2024-2362 (A path traversal vulnerability exists in the parisneo/lollms-webui ver ...)
-	TODO: check
+	NOT-FOR-US: lollms-webui
 CVE-2024-2360 (parisneo/lollms-webui is vulnerable to path traversal attacks that can ...)
-	TODO: check
+	NOT-FOR-US: lollms-webui
 CVE-2024-2359 (A vulnerability in the parisneo/lollms-webui version 9.3 allows attack ...)
-	TODO: check
+	NOT-FOR-US: lollms-webui
 CVE-2024-2288 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the profil ...)
-	TODO: check
+	NOT-FOR-US: lollms-webui
 CVE-2024-2213 (An issue was discovered in zenml-io/zenml versions up to and including ...)
-	TODO: check
+	NOT-FOR-US: zenml
 CVE-2024-2171 (A stored Cross-Site Scripting (XSS) vulnerability was identified in th ...)
-	TODO: check
+	NOT-FOR-US: zenml
 CVE-2024-2035 (An improper authorization vulnerability exists in the zenml-io/zenml r ...)
-	TODO: check
+	NOT-FOR-US: zenml
 CVE-2024-2032 (A race condition vulnerability exists in zenml-io/zenml versions up to ...)
-	TODO: check
+	NOT-FOR-US: zenml
 CVE-2024-28995 (SolarWinds Serv-U was susceptible to a directory transversal vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2024-23793 (The file upload feature in OTRS and ((OTRS)) Community Edition has a p ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Issue is listed as specific to >= 7.x, so won't affect Znuny which forked from 6.x
 CVE-2024-22326 (IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.4 ...)
 	NOT-FOR-US: IBM
 CVE-2024-1881 (AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: AutoGPT
 CVE-2024-1880 (An OS command injection vulnerability exists in the MacOS Text-To-Spee ...)
-	TODO: check
+	NOT-FOR-US: AutoGPT
 CVE-2024-1879 (A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravi ...)
-	TODO: check
+	NOT-FOR-US: AutoGPT
 CVE-2024-1873 (parisneo/lollms-webui is vulnerable to path traversal and denial of se ...)
-	TODO: check
+	NOT-FOR-US: lollms-webui
 CVE-2024-0520 (A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code  ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2023-45192 (IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is  ...)
 	NOT-FOR-US: IBM
 CVE-2024-5665 (The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPr ...)
@@ -441,7 +442,7 @@ CVE-2024-1175 (The WP-Recall \u2013 Registration, Profile, Commerce & More plugi
 CVE-2024-0972 (The BuddyPress Members Only plugin for WordPress is vulnerable to Sens ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-0912 (Under certain circumstances the Microsoft\xae Internet Information Ser ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls
 CVE-2024-0910 (The Restrict for Elementor plugin for WordPress is vulnerable to Sensi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-6968 (The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Re ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/031634f2a942614ca2ff0a595f30473227c3b354

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/031634f2a942614ca2ff0a595f30473227c3b354
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240607/5380520e/attachment.htm>

More information about the debian-security-tracker-commits mailing list