[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 31 20:50:51 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6a406920 by Salvatore Bonaccorso at 2024-10-31T21:50:28+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -40,53 +40,53 @@ CVE-2024-50802 (A SQL Injection vulnerability was discovered in AbanteCart 1.4.0
CVE-2024-50801 (A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in th ...)
NOT-FOR-US: AbanteCart
CVE-2024-50356 (Press, a Frappe custom app that runs Frappe Cloud, manages infrastruct ...)
- TODO: check
+ NOT-FOR-US: Press app for Frappe
CVE-2024-50354 (gnark is a fast zk-SNARK library that offers a high-level API to desig ...)
TODO: check
CVE-2024-50347 (Laravel Reverb provides a real-time WebSocket communication backend fo ...)
TODO: check
CVE-2024-49685 (Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49674 (Cross-Site Request Forgery (CSRF) vulnerability in Lukas Huser EKC Tou ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48910 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for H ...)
TODO: check
CVE-2024-48360 (Qualitor v8.24 was discovered to contain a Server-Side Request Forgery ...)
- TODO: check
+ NOT-FOR-US: Qualitor
CVE-2024-48359 (Qualitor v8.24 was discovered to contain a remote code execution (RCE) ...)
- TODO: check
+ NOT-FOR-US: Qualitor
CVE-2024-48200 (An issue in MobaXterm v24.2 allows a local attacker to escalate privil ...)
- TODO: check
+ NOT-FOR-US: MobaXterm
CVE-2024-43984 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Pod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43933 (Cross-Site Request Forgery (CSRF) vulnerability in WPMobile.App allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43930 (Cross-Site Request Forgery (CSRF) vulnerability in eyecix JobSearch al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43383 (Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.R ...)
TODO: check
CVE-2024-42835 (langflow v1.0.12 was discovered to contain a remote code execution (RC ...)
- TODO: check
+ NOT-FOR-US: langflow-ai/langflow
CVE-2024-42515 (Glossarizer through 1.5.2 improperly tries to convert text into HTML. ...)
TODO: check
CVE-2024-39722 (An issue was discovered in Ollama before 0.1.46. It exposes which file ...)
- TODO: check
+ NOT-FOR-US: Ollama
CVE-2024-39721 (An issue was discovered in Ollama before 0.1.34. The CreateModelHandle ...)
- TODO: check
+ NOT-FOR-US: Ollama
CVE-2024-39720 (An issue was discovered in Ollama before 0.1.46. An attacker can use t ...)
- TODO: check
+ NOT-FOR-US: Ollama
CVE-2024-39719 (An issue was discovered in Ollama through 0.3.14. File existence discl ...)
- TODO: check
+ NOT-FOR-US: Ollama
CVE-2024-39332 (Webswing 23.2.2 allows remote attackers to modify client-side JavaScri ...)
- TODO: check
+ NOT-FOR-US: Webswing
CVE-2024-30149 (HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL cert ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-10454 (Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the '/public/ ...)
- TODO: check
+ NOT-FOR-US: Clibo Manager
CVE-2023-52045 (Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leadi ...)
- TODO: check
+ NOT-FOR-US: Studio-42 eLfinder
CVE-2023-52044 (Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) ...)
- TODO: check
+ NOT-FOR-US: Studio-42 eLfinder
CVE-2024-9708 (The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9700 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form B ...)
@@ -136,17 +136,17 @@ CVE-2024-43382 (Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an In
CVE-2024-21537 (Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vuln ...)
TODO: check
CVE-2024-10561 (A vulnerability was found in Codezips Pet Shop Management System 1.0. ...)
- TODO: check
+ NOT-FOR-US: Codezips Pet Shop Management System
CVE-2024-10559 (A vulnerability was found in SourceCodester Airport Booking Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Airport Booking Management System
CVE-2024-10557 (A vulnerability has been found in code-projects Blood Bank Management ...)
- TODO: check
+ NOT-FOR-US: code-projects Blood Bank Management System
CVE-2024-10556 (A vulnerability, which was classified as critical, was found in Codezi ...)
- TODO: check
+ NOT-FOR-US: Codezips Pet Shop Management System
CVE-2024-10544 (The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sens ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10392 (The AI Power: Complete AI Pack plugin for WordPress is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10086 (A vulnerability was identified in Consul and Consul Enterprise such th ...)
TODO: check
CVE-2024-10006 (A vulnerability was identified in Consul and Consul Enterprise (\u201c ...)
@@ -182,7 +182,7 @@ CVE-2024-51257 (DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious c
CVE-2024-50419 (Incorrect Authorization vulnerability in Wpsoul Greenshift \u2013 anim ...)
NOT-FOR-US: WordPress plugin
CVE-2024-50353 (ICG.AspNetCore.Utilities.CloudStorage is a collection of cloud storage ...)
- TODO: check
+ NOT-FOR-US: ICG.AspNetCore.Utilities.CloudStorage
CVE-2024-50344 (I, Librarian is an open-source version of a PDF managing SaaS. Supplem ...)
TODO: check
CVE-2024-48648 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in the Sag ...)
@@ -206,7 +206,7 @@ CVE-2024-48202 (icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java
CVE-2024-46531 (phpgurukul Vehicle Record Management System v1.0 was discovered to con ...)
NOT-FOR-US: phpgurukul Vehicle Record Management System
CVE-2024-42041 (The com.videodownload.browser.videodownloader (aka AppTool-Browser-Vid ...)
- TODO: check
+ NOT-FOR-US: com.videodownload.browser.videodownloader (aka AppTool-Browser-Video All Video Downloader) application
CVE-2024-3935 (In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitt ...)
- mosquitto 2.0.20-1
NOTE: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197
@@ -246,13 +246,13 @@ CVE-2024-24777 (A cross-site request forgery (CSRF) vulnerability exists in the
CVE-2024-23309 (The LevelOne WBR-6012 router with firmware R0.40e6 has an authenticati ...)
NOT-FOR-US: LevelOne WBR-6012 router
CVE-2024-10546 (A vulnerability classified as critical was found in open-scratch Teach ...)
- TODO: check
+ NOT-FOR-US: open-scratch Teaching
CVE-2024-10525 (In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a maliciou ...)
- mosquitto 2.0.20-1
NOTE: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190
NOTE: https://mosquitto.org/blog/2024/10/version-2-0-19-released/
CVE-2024-10456 (Delta Electronics InfraSuite Device Master versions prior to 1.0.12 ar ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2024-10573 (An out-of-bounds write flaw was found in mpg123 when handling crafted ...)
- mpg123 1.32.8-1 (bug #1086443)
NOTE: https://www.openwall.com/lists/oss-security/2024/10/30/2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a406920a6013bb8644de817b0747c1a3c6da7d3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a406920a6013bb8644de817b0747c1a3c6da7d3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241031/68aef6c4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list