[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri May 24 08:06:27 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
235c5fb0 by Moritz Muehlenhoff at 2024-05-24T09:05:43+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,13 +7,13 @@ CVE-2024-5264 (Network Transfer with AES KHT in Thales Luna EFT 2.1 and above al
CVE-2024-5258 (An authorization vulnerability exists within GitLab from versions 16.1 ...)
TODO: check
CVE-2024-5202 (Arbitrary File Readin OpenText Dimensions RM allowsauthenticated users ...)
- TODO: check
+ NOT-FOR-US: OpenText Dimensions RM
CVE-2024-5201 (Privilege Escalationin OpenText Dimensions RM allows an authenticated ...)
- TODO: check
+ NOT-FOR-US: OpenText Dimensions RM
CVE-2024-5168 (Improper access control vulnerability in Prodys' Quantum Audio codec a ...)
- TODO: check
+ NOT-FOR-US: Prodys Quantum Audio codec
CVE-2024-5165 (In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several in ...)
- TODO: check
+ NOT-FOR-US: Eclipse Ditto
CVE-2024-5143 (A user with device administrative privileges can change existing SMTP ...)
NOT-FOR-US: HP
CVE-2024-5085 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is ...)
@@ -37,11 +37,11 @@ CVE-2024-35570 (An arbitrary file upload vulnerability in the component \control
CVE-2024-35375 (There is an arbitrary file upload vulnerability on the media add .php ...)
NOT-FOR-US: DedeCMS
CVE-2024-35224 (OpenProject is the leading open source project management software. Op ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2024-35223 (Dapr is a portable, event-driven, runtime for building distributed app ...)
- TODO: check
+ NOT-FOR-US: Dapr
CVE-2024-35222 (Tauri is a framework for building binaries for all major desktop platf ...)
- TODO: check
+ NOT-FOR-US: Tauri
CVE-2024-35197 (gitoxide is a pure Rust implementation of Git. On Windows, fetching re ...)
- rust-gitoxide <itp> (bug #1043208)
CVE-2024-35186 (gitoxide is a pure Rust implementation of Git. During checkout, `gix-w ...)
@@ -87,9 +87,9 @@ CVE-2024-34928 (A SQL injection vulnerability in /model/update_subject_routing.p
CVE-2024-34927 (A SQL injection vulnerability in /model/update_classroom.php in Campco ...)
NOT-FOR-US: Campcodes Complete Web-Based School Management System
CVE-2024-34060 (IrisEVTXModule is an interface module for Evtx2Splunk and Iris in orde ...)
- TODO: check
+ NOT-FOR-US: IrisEVTXModule
CVE-2024-32969 (vantage6 is an open-source infrastructure for privacy preserving analy ...)
- TODO: check
+ NOT-FOR-US: vantage6
CVE-2024-31843 (An issue was discovered in Italtel Embrace 1.6.4. The Web application ...)
NOT-FOR-US: Italtel Embrace
CVE-2024-30280 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
@@ -99,17 +99,17 @@ CVE-2024-30279 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier a
CVE-2024-2861 (The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2301 (Certain HP LaserJet Pro devices are potentially vulnerable to a Cross- ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-28188 (Jupyter Scheduler is collection of extensions for programming jobs to ...)
TODO: check
CVE-2024-26139 (OpenCTI is an open source platform allowing organizations to manage th ...)
- TODO: check
+ NOT-FOR-US: OpenCTI
CVE-2024-1815 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1814 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1803 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4859
REJECTED
CVE-2024-5241 (A vulnerability was found in Huashi Private Cloud CDN Live Streaming A ...)
@@ -153,9 +153,9 @@ CVE-2024-4486 (The Awesome Contact Form7 for Elementor plugin for WordPress is v
CVE-2024-4431 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4399 (The does not validate a parameter before making a request to it, whic ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4388 (This does not validate a path generated with user input when download ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4347 (The WP Fastest Cache plugin for WordPress is vulnerable to Directory T ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4043 (The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored ...)
@@ -182,9 +182,9 @@ CVE-2024-3201 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to S
CVE-2024-3065 (The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2220 (The Button contact VR WordPress plugin through 4.7 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2038 (The Visual Website Collaboration, Feedback & Project Management \u2013 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29853 (An authentication bypass vulnerability in Veeam Agent for Microsoft Wi ...)
NOT-FOR-US: Veeam
CVE-2024-29852 (Veeam Backup Enterprise Manager allows high-privileged users to read b ...)
@@ -196,17 +196,17 @@ CVE-2024-29850 (Veeam Backup Enterprise Manager allows account takeover via NTLM
CVE-2024-29849 (Veeam Backup Enterprise Manager allows unauthenticated users to log in ...)
NOT-FOR-US: Veeam
CVE-2024-22026 (A local privilege escalation vulnerability in EPMM before 12.1.0.0 all ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-1855 (The WPCafe \u2013 Restaurant Menu, Online Ordering for WooCommerce, Pi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6844 (The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6325 (The RomethemeForm For Elementor plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46807 (An SQL Injection vulnerability in web component of EPMM before 12.1.0. ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-46806 (An SQL Injection vulnerability in a web component of EPMM versions bef ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-36013 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/4d7b41c0e43995b0e992b9f8903109275744b658 (6.9)
@@ -245,7 +245,7 @@ CVE-2024-5194 (A vulnerability was found in Arris VAP2500 08.50. It has been dec
CVE-2024-5193 (A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been ...)
NOT-FOR-US: Ritlabs TinyWeb Server
CVE-2024-5166 (An Insecure Direct Object Reference in Google Cloud's Looker allowed m ...)
- TODO: check
+ NOT-FOR-US: Google Cloud Looker
CVE-2024-5031 (The Memberpress plugin for WordPress is vulnerable to Blind Server-Sid ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5025 (The Memberpress plugin for WordPress is vulnerable to Stored Cross-Sit ...)
@@ -280,7 +280,7 @@ CVE-2024-3495 (The Country State City Dropdown CF7 plugin for WordPress is vulne
CVE-2024-36077 (Qlik Sense Enterprise for Windows before 14.187.4 allows a remote atta ...)
NOT-FOR-US: Qlik Sense Enterprise for Windows
CVE-2024-35627 (tileserver-gl up to v4.4.10 was discovered to contain a cross-site scr ...)
- TODO: check
+ NOT-FOR-US: tileserver-gl
CVE-2024-35561 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
NOT-FOR-US: idccms
CVE-2024-35560 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
@@ -344,9 +344,9 @@ CVE-2024-31894 (IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allo
CVE-2024-31893 (IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an a ...)
NOT-FOR-US: IBM
CVE-2024-31617 (OpenLiteSpeed before 1.8.1 mishandles chunked encoding.)
- TODO: check
+ NOT-FOR-US: OpenLiteSpeed
CVE-2024-2036 (The ApplyOnline \u2013 Application Form Builder and Manager plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29421 (xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow ...)
NOT-FOR-US: xmedcon
CVE-2024-29392 (Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via Cl ...)
@@ -354,27 +354,27 @@ CVE-2024-29392 (Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS)
CVE-2024-27264 (IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local ...)
NOT-FOR-US: IBM
CVE-2024-25738 (A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/Fix ...)
- TODO: check
+ NOT-FOR-US: Open Library Foundation VuFind
CVE-2024-25737 (A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show ...)
- TODO: check
+ NOT-FOR-US: Open Library Foundation VuFind
CVE-2024-21791 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2024-20363 (Multiple Cisco products are affected by a vulnerability in the Snort I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20361 (A vulnerability in the Object Groups for Access Control Lists (ACLs) f ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20360 (A vulnerability in the web-based management interface of Cisco Firepow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20355 (A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20293 (A vulnerability in the activation of an access control list (ACL) on C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20261 (A vulnerability in the file policy feature that is used to inspect enc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-51637 (Sante PACS Server PG Patient Query SQL Injection Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Sante PACS Server PG
CVE-2023-51636 (Avira Prime Link Following Local Privilege Escalation Vulnerability. T ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2024-36010 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -4883,9 +4883,9 @@ CVE-2023-46689 (Improper neutralization in Intel(R) Power Gadget software for ma
CVE-2023-45846 (Incomplete cleanup in Intel(R) Power Gadget software for macOS all ver ...)
NOT-FOR-US: Intel
CVE-2023-45845 (Improper conditions check for some Intel(R) Wireless Bluetooth(R) prod ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-45743 (Uncontrolled search path in some Intel(R) DSA software uninstallers be ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-45736 (Insecure inherited permissions in Intel(R) Power Gadget software for W ...)
NOT-FOR-US: Intel
CVE-2023-45320 (Uncontrolled search path element in some Intel(R) VTune(TM) Profiler s ...)
@@ -4933,7 +4933,7 @@ CVE-2023-41092 (Unchecked return value in SDM firmware for Intel(R) Stratix 10 a
CVE-2023-41082 (Null pointer dereference for some Intel(R) CST software before version ...)
NOT-FOR-US: Intel
CVE-2023-40536 (Race condition for some some Intel(R) PROSet/Wireless WiFi software fo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-40155 (Uncontrolled search path for some Intel(R) CST software before version ...)
NOT-FOR-US: Intel
CVE-2023-40071 (Improper access control in some Intel(R) GPA software installers befor ...)
@@ -4947,7 +4947,7 @@ CVE-2023-39433 (Improper access control for some Intel(R) CST software before ve
CVE-2023-39163 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: WordPress plugin
CVE-2023-38654 (Improper input validation for some some Intel(R) PROSet/Wireless WiFi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38581 (Buffer overflow in Intel(R) Power Gadget software for Windows all vers ...)
NOT-FOR-US: Intel
CVE-2023-38420 (Improper conditions check in Intel(R) Power Gadget software for macOS ...)
@@ -5239,7 +5239,7 @@ CVE-2024-35185 (Minder is a software supply chain security platform. Prior to ve
CVE-2024-35184 (Paperless-ngx is a document management system that transforms physical ...)
NOT-FOR-US: Paperless-ngx
CVE-2024-35183 (wolfictl is a command line tool for working with Wolfi. A git authenti ...)
- TODO: check
+ NOT-FOR-US: wolfictl
CVE-2024-35176 (REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a den ...)
- ruby3.2 <unfixed> (bug #1071627)
- ruby3.1 <unfixed> (bug #1071626)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/235c5fb0e757931d462004138c30b77b02e81e0b
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/235c5fb0e757931d462004138c30b77b02e81e0b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240524/39cf04b9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list