[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed May 22 09:40:21 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
619e7ca5 by Moritz Muehlenhoff at 2024-05-22T10:39:49+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -287,7 +287,7 @@ CVE-2024-5157
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-4988 (The mobile application (com.transsion.videocallenhancer) interface has ...)
- TODO: check
+ NOT-FOR-US: com.transsion.videocallenhancer
CVE-2024-4876 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4875 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...)
@@ -305,107 +305,107 @@ CVE-2024-4553 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for Wo
CVE-2024-4452 (The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4435 (When storing unbounded types in a BTreeMap, a node is represented as a ...)
- TODO: check
+ NOT-FOR-US: ic-stable-structures
CVE-2024-4420 (There exists a Denial of service vulnerability in Tink-cc in versions ...)
- TODO: check
+ NOT-FOR-US: Tink-cc
CVE-2024-4361 (The Page Builder by SiteOrigin plugin for WordPress is vulnerable to S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4154 (In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulner ...)
NOT-FOR-US: lunary-ai/lunary
CVE-2024-3345 (The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3268 (The YouTube Video Gallery by YouTube Showcase \u2013 Video Gallery Plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-36052 (RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the s ...)
TODO: check
CVE-2024-36039 (PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON ...)
TODO: check
CVE-2024-35386 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...)
- TODO: check
+ NOT-FOR-US: Cesenta MJS
CVE-2024-35385 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...)
- TODO: check
+ NOT-FOR-US: Cesenta MJS
CVE-2024-35384 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...)
- TODO: check
+ NOT-FOR-US: Cesenta MJS
CVE-2024-35361 (MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/ ...)
- TODO: check
+ NOT-FOR-US: MTab Bookmark
CVE-2024-35218 (Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stor ...)
NOT-FOR-US: Umbraco CMS
CVE-2024-35180 (OMERO.web provides a web based client and plugin infrastructure. There ...)
- TODO: check
+ NOT-FOR-US: OMERO.web
CVE-2024-35061 (NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exc ...)
- TODO: check
+ NOT-FOR-US: NASA AIT-Core
CVE-2024-35060 (An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows att ...)
- TODO: check
+ NOT-FOR-US: NASA AIT-Core
CVE-2024-35059 (An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows a ...)
- TODO: check
+ NOT-FOR-US: NASA AIT-Core
CVE-2024-35058 (An issue in the API wait function of NASA AIT-Core v2.5.2 allows attac ...)
- TODO: check
+ NOT-FOR-US: NASA AIT-Core
CVE-2024-35057 (An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary ...)
- TODO: check
+ NOT-FOR-US: NASA AIT-Core
CVE-2024-35056 (NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection ...)
- TODO: check
+ NOT-FOR-US: NASA AIT-Core
CVE-2024-34274 (OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untr ...)
- TODO: check
+ NOT-FOR-US: OpenBD
CVE-2024-34240 (QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) r ...)
- TODO: check
+ NOT-FOR-US: QDOCS Smart School
CVE-2024-34071 (Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco ...)
- TODO: check
+ NOT-FOR-US: Umbraco
CVE-2024-33529 (ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2024-33528 (A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7. ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2024-33527 (A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Us ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2024-33526 (A Stored Cross-site Scripting (XSS) vulnerability in the "Import of us ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2024-33525 (A Stored Cross-site Scripting (XSS) vulnerability in the "Import of or ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2024-31989 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2024-31847 (An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site ...)
- TODO: check
+ NOT-FOR-US: Italtel Embrace
CVE-2024-31845 (An issue was discovered in Italtel Embrace 1.6.4. The product does not ...)
- TODO: check
+ NOT-FOR-US: Italtel Embrace
CVE-2024-31844 (An issue was discovered in Italtel Embrace 1.6.4. The server does not ...)
- TODO: check
+ NOT-FOR-US: Italtel Embrace
CVE-2024-31840 (An issue was discovered in Italtel Embrace 1.6.4. The web application ...)
- TODO: check
+ NOT-FOR-US: Italtel Embrace
CVE-2024-31757 (An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before ...)
- TODO: check
+ NOT-FOR-US: TeraByte Unlimited Image for Windows
CVE-2024-31756 (An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and ...)
- TODO: check
+ NOT-FOR-US: MarvinTest Solutions Hardware Access Driver#
CVE-2024-27130 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: Qnap
CVE-2024-27129 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: Qnap
CVE-2024-27128 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: Qnap
CVE-2024-27127 (Adouble free vulnerabilityhas been reported to affect several QNAP ope ...)
- TODO: check
+ NOT-FOR-US: Qnap
CVE-2024-25724 (In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer ...)
- TODO: check
+ NOT-FOR-US: RTI Connext Professional
CVE-2024-22275 (The vCenter Server contains a partial file read vulnerability.A malici ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-22274 (The vCenter Server contains an authenticated remote code execution vul ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-22273 (The storage controllers on VMware ESXi, Workstation, and Fusion have o ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-21902 (An incorrect permission assignment for critical resource vulnerability ...)
- TODO: check
+ NOT-FOR-US: Qnap
CVE-2024-1721 (Improper Verification of Cryptographic Signature vulnerability in HYPR ...)
- TODO: check
+ NOT-FOR-US: HYPR Passwordless
CVE-2023-3943 (Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices ...)
- TODO: check
+ NOT-FOR-US: ZkTeco
CVE-2023-3942 (An 'SQL Injection' vulnerability, due to improper neutralization of sp ...)
- TODO: check
+ NOT-FOR-US: ZkTeco
CVE-2023-3941 (Relative Path Traversal vulnerability in ZkTeco-based OEM devices allo ...)
- TODO: check
+ NOT-FOR-US: ZkTeco
CVE-2023-3940 (Relative Path Traversal vulnerability in ZkTeco-based OEM devices allo ...)
- TODO: check
+ NOT-FOR-US: ZkTeco
CVE-2023-3939 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
- TODO: check
+ NOT-FOR-US: ZkTeco
CVE-2023-3938 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: ZkTeco
CVE-2023-52879 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.6.8-1
[bookworm] - linux 6.1.64-1
@@ -2230,7 +2230,7 @@ CVE-2024-2189 (The Social Icons Widget & Block by WPZOOM WordPress plugin before
CVE-2024-0816 (The buffer overflow vulnerability in the DX3300-T1 firmware version V5 ...)
NOT-FOR-US: Zyxel
CVE-2023-37929 (The buffer overflow vulnerability in the CGI program of the VMG3625-T5 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2024-5137 (A vulnerability classified as problematic was found in PHPGurukul Dire ...)
NOT-FOR-US: PHPGurukul Directory Management System
CVE-2024-5136 (A vulnerability classified as problematic has been found in PHPGurukul ...)
@@ -2246,7 +2246,7 @@ CVE-2024-4151 (An Improper Access Control vulnerability exists in lunary-ai/luna
CVE-2024-3761 (In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at `pac ...)
NOT-FOR-US: lunary-ai/lunary
CVE-2024-3482 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified ...)
- TODO: check
+ NOT-FOR-US: ArcSight Enterprise Security Manager
CVE-2024-35580 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpv ...)
NOT-FOR-US: Tenda
CVE-2024-35579 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/619e7ca57fa7a94cc6bfd4038d0a09592c513762
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/619e7ca57fa7a94cc6bfd4038d0a09592c513762
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240522/f310dc39/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list