[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu May 9 12:13:15 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
44945c52 by Moritz Muehlenhoff at 2024-05-09T13:12:40+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -132,7 +132,7 @@ CVE-2024-34546 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2024-34414 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-34347 (@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environm ...)
- TODO: check
+ NOT-FOR-US: @hoppscotch/cli
CVE-2024-34257 (TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the ap ...)
NOT-FOR-US: TOTOLINK
CVE-2024-34255 (jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in ...)
@@ -147,13 +147,13 @@ CVE-2024-33608 (When IPsec is configured on a virtual server, undisclosed traffi
CVE-2024-33604 (A reflected cross-site scripting (XSS) vulnerability exist in undisclo ...)
NOT-FOR-US: F5 BIG-IP
CVE-2024-33574 (Missing Authorization vulnerability in appsbd Vitepos.This issue affec ...)
- TODO: check
+ NOT-FOR-US: appsbd Vitepos
CVE-2024-33573 (Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This ...)
NOT-FOR-US: WordPress plugin
CVE-2024-33382 (An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of se ...)
NOT-FOR-US: Open5GS
CVE-2024-32980 (Spin is the developer tool for building and running serverless applica ...)
- TODO: check
+ NOT-FOR-US: Spin
CVE-2024-32886 (Vitess is a database clustering system for horizontal scaling of MySQL ...)
NOT-FOR-US: Vitess
CVE-2024-32761 (Under certain conditions, a potential data leak may occur in the Traff ...)
@@ -181,7 +181,7 @@ CVE-2024-28132 (Exposure of Sensitive Information vulnerability exists in the GS
CVE-2024-27202 (A DOM-based cross-site scripting (XSS) vulnerability exists in an undi ...)
NOT-FOR-US: F5 BIG-IP
CVE-2024-26579 (Deserialization of Untrusted Data vulnerability in Apache InLong.This ...)
- TODO: check
+ NOT-FOR-US: Apache InLong
CVE-2024-26026 (An SQL injection vulnerability exists in the BIG-IP Next Central Manag ...)
NOT-FOR-US: F5 BIG-IP
CVE-2024-25560 (When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic c ...)
@@ -225,15 +225,15 @@ CVE-2024-25515 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL inject
CVE-2024-24908 (Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitra ...)
NOT-FOR-US: Dell
CVE-2024-24833 (Missing Authorization vulnerability in Leevio Happy Addons for Element ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22460 (Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecu ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-21793 (An OData injection vulnerability exists in the BIG-IP Next Central Man ...)
- TODO: check
+ NOT-FOR-US: BIG-IP
CVE-2024-1438 (Missing Authorization vulnerability in PressFore Rolo Slider.This issu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41651 (Missing Authorization vulnerability in Multi-column Tag Map.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27397 [netfilter: nf_tables: use timestamp to check for set element timeout]
- linux 6.7.7-1
NOTE: https://git.kernel.org/linus/7395dfacfff65e9938ac0889dafa1ab01e987d15 (6.8-rc4)
@@ -407,7 +407,7 @@ CVE-2024-4538 (IDOR vulnerability in Janto Ticketing Software affecting version
CVE-2024-4537 (IDOR vulnerability in Janto Ticketing Software affecting version 4.3r1 ...)
NOT-FOR-US: Janto Ticketing Software
CVE-2024-4536 (In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the ED ...)
- TODO: check
+ NOT-FOR-US: Eclipse Dataspace Components
CVE-2024-4346 (The Startklar Elementor Addons plugin for WordPress is vulnerable to a ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4345 (The Startklar Elementor Addons plugin for WordPress is vulnerable to a ...)
@@ -415,11 +415,11 @@ CVE-2024-4345 (The Startklar Elementor Addons plugin for WordPress is vulnerable
CVE-2024-34523 (AChecker 1.5 allows remote attackers to read the contents of arbitrary ...)
NOT-FOR-US: AChecker
CVE-2024-34517 (The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE privi ...)
- TODO: check
+ NOT-FOR-US: Neo4j Cypher
CVE-2024-34342 (react-pdf displays PDFs in React apps. If PDF.js is used to load a mal ...)
- TODO: check
+ NOT-FOR-US: react-pdf
CVE-2024-34341 (Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, ...)
- TODO: check
+ NOT-FOR-US: Trix
CVE-2024-34315 (CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vune ...)
NOT-FOR-US: CmsEasy
CVE-2024-34314 (CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vune ...)
@@ -447,7 +447,7 @@ CVE-2024-33780 (MP-SPDZ v0.3.8 was discovered to contain a segmentation violatio
CVE-2024-33748 (Cross-site scripting (XSS) vulnerability in the search function in Mvn ...)
NOT-FOR-US: MvnRepository MS Basic
CVE-2024-33434 (An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f ...)
- TODO: check
+ NOT-FOR-US: tiagorlampert CHAOS
CVE-2024-33164 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
NOT-FOR-US: J2EEFAST
CVE-2024-33161 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44945c524215f68155629581206e99b79aafd6d8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44945c524215f68155629581206e99b79aafd6d8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240509/6f121250/attachment.htm>
More information about the debian-security-tracker-commits
mailing list