[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun May 5 15:59:48 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4dfe70e2 by Moritz Muehlenhoff at 2024-05-05T16:47:53+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28,13 +28,13 @@ CVE-2024-34484 (OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers t
CVE-2024-34483 (OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows attackers ...)
NOT-FOR-US: Faucet SDN Ryu
CVE-2024-34478 (btcd before 0.24.0 does not correctly implement the consensus rules ou ...)
- TODO: check
+ NOT-FOR-US: btcd
CVE-2024-34476 (Open5GS before 2.7.1 is vulnerable to a reachable assertion that can c ...)
NOT-FOR-US: Open5GS
CVE-2024-34475 (Open5GS before 2.7.1 is vulnerable to a reachable assertion that can c ...)
NOT-FOR-US: Open5GS
CVE-2024-34473 (An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An a ...)
- TODO: check
+ NOT-FOR-US: O-RAN Near-RT
CVE-2024-34469 (Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module ...)
NOT-FOR-US: Rukovoditel
CVE-2024-34468 (Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.)
@@ -45,7 +45,7 @@ CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during attachment preview.
- sogo <unfixed>
NOTE: https://github.com/Alinto/sogo/commit/2e37e59ed140d4aee0ff2fba579ca5f83f2c5920
CVE-2023-52729 (TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error ...)
- TODO: check
+ NOT-FOR-US: SimpleNetwork
CVE-2024-3868 (The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3240 (The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injec ...)
@@ -87,7 +87,7 @@ CVE-2024-4156 (The Essential Addons for Elementor \u2013 Best Elementor Template
CVE-2024-4133 (The ARMember \u2013 Membership Plugin, Content Restriction, Member Lev ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4128 (This vulnerability was a potential CSRF attack.When running the Fireba ...)
- TODO: check
+ NOT-FOR-US: Firebase emulator
CVE-2024-4097 (The Cost Calculator Builder plugin for WordPress is vulnerable to Stor ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4092 (The Slider Revolution plugin for WordPress is vulnerable to Stored Cro ...)
@@ -295,19 +295,19 @@ CVE-2024-34402 (An issue was discovered in uriparser through 0.9.7. ComposeQuery
CVE-2024-34401 (Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insert_quiz/ ...)
NOT-FOR-US: Savsoft Quiz
CVE-2024-34394 (libxmljs2 is vulnerable to a type confusion vulnerability when parsing ...)
- TODO: check
+ NOT-FOR-US: libxmljs2
CVE-2024-34393 (libxmljs2 is vulnerable to a type confusion vulnerability when parsing ...)
- TODO: check
+ NOT-FOR-US: libxmljs2
CVE-2024-34392 (libxmljs is vulnerable to a type confusion vulnerability when parsing ...)
- TODO: check
+ NOT-FOR-US: libxmljs2
CVE-2024-34391 (libxmljs is vulnerable to a type confusion vulnerability when parsing ...)
- TODO: check
+ NOT-FOR-US: libxmljs2
CVE-2024-34075 (kurwov is a fast, dependency-free library for creating Markov Chains. ...)
NOT-FOR-US: kurwov
CVE-2024-34073 (sagemaker-python-sdk is a library for training and deploying machine l ...)
- TODO: check
+ NOT-FOR-US: sagemaker-python-sdk
CVE-2024-34072 (sagemaker-python-sdk is a library for training and deploying machine l ...)
- TODO: check
+ NOT-FOR-US: sagemaker-python-sdk
CVE-2024-34068 (Pterodactyl wings is the server control plane for Pterodactyl Panel. A ...)
NOT-FOR-US: Pterodactyl wings
CVE-2024-34067 (Pterodactyl is a free, open-source game server management panel built ...)
@@ -315,7 +315,7 @@ CVE-2024-34067 (Pterodactyl is a free, open-source game server management panel
CVE-2024-34066 (Pterodactyl wings is the server control plane for Pterodactyl Panel. I ...)
NOT-FOR-US: Pterodactyl wings
CVE-2024-34063 (vodozemac is an implementation of Olm and Megolm in pure Rust. Version ...)
- TODO: check
+ NOT-FOR-US: vodozemac
CVE-2024-34062 (tqdm is an open source progress bar for Python and CLI. Any optional n ...)
- tqdm 4.66.4-1 (bug #1070372)
NOTE: https://github.com/tqdm/tqdm/security/advisories/GHSA-g7vv-2v7x-gj9p
@@ -429,11 +429,11 @@ CVE-2024-33786 (An arbitrary file upload vulnerability in Zhongcheng Kexin Ticke
CVE-2024-33530 (In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi me ...)
- jitsi-meet <itp> (bug #760485)
CVE-2024-33398 (There is a ClusterRole in piraeus-operator v2.5.0 and earlier which ha ...)
- TODO: check
+ NOT-FOR-US: piraeus-operator
CVE-2024-33396 (An issue in karmada-io karmada v1.9.0 and before allows a local attack ...)
- TODO: check
+ NOT-FOR-US: karmada
CVE-2024-33394 (An issue in kubevirt kubevirt v1.2.0 and before allows a local attacke ...)
- TODO: check
+ NOT-FOR-US: KubeVirt
CVE-2024-33305 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...)
NOT-FOR-US: SourceCodester Laboratory Management System
CVE-2024-33303 (SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scrip ...)
@@ -441,7 +441,7 @@ CVE-2024-33303 (SourceCodester Product Show Room 1.0 is vulnerable to Cross Site
CVE-2024-33302 (SourceCodester Product Show Room 1.0 and before is vulnerable to Cross ...)
NOT-FOR-US: SourceCodester Product Show Room
CVE-2024-32986 (PWAsForFirefox is a tool to install, manage and use Progressive Web Ap ...)
- TODO: check
+ NOT-FOR-US: PWAsForFirefox
CVE-2024-32831 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-32810 (Missing Authorization vulnerability in ShortPixel ShortPixel Critical ...)
@@ -449,7 +449,7 @@ CVE-2024-32810 (Missing Authorization vulnerability in ShortPixel ShortPixel Cri
CVE-2024-32638 (Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling' ...)
NOT-FOR-US: Apache APISIX
CVE-2024-32359 (An RBAC authorization risk in Carina v0.13.0 and earlier allows local ...)
- TODO: check
+ NOT-FOR-US: Carina
CVE-2024-32114 (In Apache ActiveMQ 6.x, the default configuration doesn't secure the A ...)
- activemq <not-affected> (Vulnerable code introduced later)
NOTE: https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt
@@ -546,9 +546,9 @@ CVE-2024-2082 (The EleForms \u2013 All In One Form Integration including DB for
CVE-2024-2043 (The EleForms \u2013 All In One Form Integration including DB for Eleme ...)
NOT-FOR-US: WordPress plugin
CVE-2024-29417 (Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1 ...)
- TODO: check
+ NOT-FOR-US: Horacius
CVE-2024-29309 (An issue in Alfresco Content Services v.23.3.0.7 allows a remote attac ...)
- TODO: check
+ NOT-FOR-US: Alfresco
CVE-2024-28519 (A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld ...)
NOT-FOR-US: MicroWorld Technologies Inc eScan Antivirus
CVE-2024-28072 (A highly privileged account can overwrite arbitrary files on the syste ...)
@@ -562,11 +562,11 @@ CVE-2024-25047 (IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12
CVE-2024-24710 (Missing Authorization vulnerability in SlickRemix Feed Them Social.Thi ...)
NOT-FOR-US: WordPress plugin
CVE-2024-23914 (Use of Externally-Controlled Format String vulnerability in Merge DICO ...)
- TODO: check
+ NOT-FOR-US: Merge DICOM Toolkit
CVE-2024-23913 (Use of Out-of-range Pointer Offset vulnerability in Merge DICOM Toolki ...)
- TODO: check
+ NOT-FOR-US: Merge DICOM Toolkit
CVE-2024-23912 (Out-of-bounds Read vulnerability in Merge DICOM Toolkit C/C++ on Windo ...)
- TODO: check
+ NOT-FOR-US: Merge DICOM Toolkit
CVE-2024-23462 (An Improper Validation of Integrity Check Value vulnerability in Zscal ...)
NOT-FOR-US: Zscaler
CVE-2024-23461 (An Improper Validation of Integrity Check Value vulnerability in Zscal ...)
@@ -622,7 +622,7 @@ CVE-2024-1415 (The Responsive Contact Form Builder & Lead Generation Plugin plug
CVE-2024-1396 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1395 (Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture K ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2024-1386 (The MailerLite \u2013 Signup forms (official) plugin for WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1348 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...)
@@ -630,7 +630,7 @@ CVE-2024-1348 (The Shortcodes and extra features for Phlox theme plugin for Word
CVE-2024-1173 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1067 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2024-0908 (The Advanced Post Block \u2013 Display Posts, Pages, or Custom Posts o ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0848 (The AA Cash Calculator plugin for WordPress is vulnerable to Reflected ...)
@@ -658,7 +658,7 @@ CVE-2023-6961 (The WP Meta SEO plugin for WordPress is vulnerable to Stored Cros
CVE-2023-6731 (The WP Show Posts plugin for WordPress is vulnerable to unauthorized a ...)
NOT-FOR-US: WordPress plugin
CVE-2023-6363 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2023-6214 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2023-51633 (Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerabil ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dfe70e2b1f5008d66a0ebf6e05b86de1a4384ce
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dfe70e2b1f5008d66a0ebf6e05b86de1a4384ce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240505/f52a5ff2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list