[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jun 27 13:29:45 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6b304731 by Moritz Muehlenhoff at 2024-06-27T14:26:03+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -110,15 +110,15 @@ CVE-2024-38949 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows at
- libde265 <unfixed>
NOTE: https://github.com/strukturag/libde265/issues/460
CVE-2024-38527 (ZenUML is JavaScript-based diagramming tool that requires no server, u ...)
- TODO: check
+ NOT-FOR-US: ZenUML
CVE-2024-38520 (SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Pro ...)
NOT-FOR-US: SoftEtherVPN
CVE-2024-38375 (@fastly/js-compute is a JavaScript SDK and runtime for building Fastly ...)
- TODO: check
+ NOT-FOR-US: @fastly/js-compute
CVE-2024-38272 (There exists a vulnerability in Quickshare/Nearby where an attacker ca ...)
- TODO: check
+ NOT-FOR-US: Google Quickshare/Nearby
CVE-2024-38271 (There exists a vulnerability in Quickshare/Nearby where an attacker ca ...)
- TODO: check
+ NOT-FOR-US: Google Quickshare/Nearby
CVE-2024-37252 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-37098 (Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes Blo ...)
@@ -126,15 +126,15 @@ CVE-2024-37098 (Server-Side Request Forgery (SSRF) vulnerability in Blossom Them
CVE-2024-35545 (MAP-OS v4.45.0 and earlier was discovered to contain a cross-site scri ...)
NOT-FOR-US: MAP-OS
CVE-2024-33329 (A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows att ...)
- TODO: check
+ NOT-FOR-US: Lumisxp
CVE-2024-33328 (A cross-site scripting (XSS) vulnerability in the component main.jsp o ...)
- TODO: check
+ NOT-FOR-US: Lumisxp
CVE-2024-33327 (A cross-site scripting (XSS) vulnerability in the component UrlAccessi ...)
- TODO: check
+ NOT-FOR-US: Lumisxp
CVE-2024-33326 (A cross-site scripting (XSS) vulnerability in the component XsltResult ...)
- TODO: check
+ NOT-FOR-US: Lumisxp
CVE-2024-25637 (October is a self-hosted CMS platform based on the Laravel PHP Framewo ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2024-6060 (An information disclosure vulnerability in Phloc Webscopes 7.0.0 allow ...)
NOT-FOR-US: Phloc Webscopes
CVE-2024-5573 (The Easy Table of Contents WordPress plugin before 2.0.66 does not san ...)
@@ -188,11 +188,11 @@ CVE-2024-4105 (A vulnerability has been found in FAST/TOOLS and CI Server. The a
CVE-2024-3633 (The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitis ...)
NOT-FOR-US: WordPress plugin
CVE-2024-38526 (pdoc provides API Documentation for Python Projects. Documentation gen ...)
- TODO: check
+ NOT-FOR-US: pdoc
CVE-2024-38516 (ai-client-html is an Aimeos e-commerce HTML client component. Debug in ...)
NOT-FOR-US: ai-client-html
CVE-2024-38364 (DSpace is an open source software is a turnkey repository application ...)
- TODO: check
+ NOT-FOR-US: DSpace
CVE-2024-37855 (An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hard ...)
NOT-FOR-US: Nepstech Wifi Router
CVE-2024-37843 (Craft CMS up to v3.7.31 was discovered to contain a SQL injection vuln ...)
@@ -214,13 +214,13 @@ CVE-2024-35527 (An arbitrary file upload vulnerability in /fileupload/upload.cfm
CVE-2024-35526 (An issue in Daemon PTY Limited FarCry Core framework before 7.2.14 all ...)
NOT-FOR-US: Daemon PTY Limited FarCry Core framework
CVE-2024-34581 (The W3C XML Signature Syntax and Processing (XMLDsig) specification, s ...)
- TODO: check
+ NOT-FOR-US: W3C XML Signature Syntax and Processing (XMLDsig) specification
CVE-2024-34580 (Apache XML Security for C++ through 2.0.4 implements the XML Signature ...)
TODO: check
CVE-2024-34400 (An issue was discovered in VirtoSoftware Virto Kanban Board Web Part b ...)
- TODO: check
+ NOT-FOR-US: VirtoSoftware Virto Kanban Board
CVE-2024-30931 (Stored Cross Site Scripting vulnerability in Emby Media Server Emby Me ...)
- TODO: check
+ NOT-FOR-US: Emby Media Server
CVE-2024-30112 (HCL Connections is vulnerable to a cross-site scripting attack where a ...)
NOT-FOR-US: HCL
CVE-2024-29954 (A vulnerability in a password management API in Brocade Fabric OS vers ...)
@@ -366,7 +366,7 @@ CVE-2024-28832 (Stored XSS in the Crash Report page in Checkmk before versions 2
CVE-2024-28831 (Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3 ...)
- check-mk <removed>
CVE-2024-21827 (A leftover debug code vulnerability exists in the cli_server debug fun ...)
- TODO: check
+ NOT-FOR-US: ER7206 Omada Gigabit VPN Router
CVE-2024-0171 (Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerabi ...)
NOT-FOR-US: Dell
CVE-2023-37541 (HCL Connections contains a broken access control vulnerability that ma ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b304731c726b6219890e17131c3f2e160222930
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b304731c726b6219890e17131c3f2e160222930
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240627/853ef32a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list