Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8c8a51fd by Salvatore Bonaccorso at 2024-06-06T22:47:49+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2024-5657 (The CraftCMS plugin Two-Factor Authentication
in versions 3.3.1,
CVE-2024-5609
REJECTED
CVE-2024-5552 (kubeflow/kubeflow is vulnerable to a Regular Expression Denial
of Serv ...)
- TODO: check
+ NOT-FOR-US: kubeflow
CVE-2024-5550 (In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive
information ...)
TODO: check
CVE-2024-5509 (Luxion KeyShot BIP File Parsing Uncontrolled Search Path
Element Remot ...)
@@ -69,7 +69,7 @@ CVE-2024-5256 (Sonos Era 100 SMB2 Message Handling Integer
Underflow Information
CVE-2024-5248 (In lunary-ai/lunary version 1.2.5, an improper access control
vulnerab ...)
NOT-FOR-US: lunary-ai/lunary
CVE-2024-5225 (An SQL Injection vulnerability exists in the berriai/litellm
repositor ...)
- TODO: check
+ NOT-FOR-US: berriai/litellm
CVE-2024-5221 (The Qi Blocks plugin for WordPress is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5206 (A sensitive data leakage vulnerability was identified in
scikit-learn' ...)
@@ -105,23 +105,23 @@ CVE-2024-5038 (The Colibri Page Builder plugin for
WordPress is vulnerable to St
CVE-2024-4941 (A local file inclusion vulnerability exists in the JSON
component of g ...)
NOT-FOR-US: Gradio
CVE-2024-4890 (A blind SQL injection vulnerability exists in the
berriai/litellm appl ...)
- TODO: check
+ NOT-FOR-US: berriai/litellm
CVE-2024-4889 (A code injection vulnerability exists in the berriai/litellm
applicati ...)
- TODO: check
+ NOT-FOR-US: berriai/litellm
CVE-2024-4888 (BerriAI's litellm, in its latest version, is vulnerable to
arbitrary f ...)
- TODO: check
+ NOT-FOR-US: berriai/litellm
CVE-2024-4881 (A path traversal vulnerability exists in the parisneo/lollms
applicati ...)
NOT-FOR-US: parisneo/lollms
CVE-2024-4851 (A Server-Side Request Forgery (SSRF) vulnerability exists in
the stang ...)
TODO: check
CVE-2024-4325 (A Server-Side Request Forgery (SSRF) vulnerability exists in
the gradi ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-4320 (A remote code execution (RCE) vulnerability exists in the
'/install_ex ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2024-3504 (An improper access control vulnerability exists in
lunary-ai/lunary ve ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-3429 (A path traversal vulnerability exists in the parisneo/lollms
applicati ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms
CVE-2024-3408 (man-group/dtale version 3.10.0 is vulnerable to an
authentication bypa ...)
TODO: check
CVE-2024-3404 (In gaizhenbiao/chuanhuchatgpt, specifically the version tagged
as 2024 ...)
@@ -155,7 +155,7 @@ CVE-2024-3095 (A Server-Side Request Forgery (SSRF)
vulnerability exists in the
CVE-2024-3033 (An improper authorization vulnerability exists in the
mintplex-labs/an ...)
TODO: check
CVE-2024-37364 (Ariane Allegro Scenario Player through 2024-03-05, when Ariane
Duo kio ...)
- TODO: check
+ NOT-FOR-US: Ariane Allegro Scenario Player
CVE-2024-37156 (The SuluFormBundle adds support for creating dynamic forms in
Sulu Adm ...)
TODO: check
CVE-2024-37154 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos
Network. ...)
@@ -163,11 +163,11 @@ CVE-2024-37154 (Evmos is the Ethereum Virtual Machine
(EVM) Hub on the Cosmos Ne
CVE-2024-37153 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos
Network. ...)
TODO: check
CVE-2024-37152 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2024-37150 (An issue in `.npmrc` support in Deno 1.44.0 was discovered
where Deno ...)
TODO: check
CVE-2024-36779 (Sourcecodester Stock Management System v1.0 is vulnerable to
SQL Injec ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Stock Management System
CVE-2024-36745 (An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to
cause a De ...)
TODO: check
CVE-2024-36743 (An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to
cause a De ...)
@@ -191,15 +191,15 @@ CVE-2024-36730 (Improper input validation in OneFlow-Inc.
Oneflow v0.9.1 allows
CVE-2024-36399 (Kanboard is project management software that focuses on the
Kanban met ...)
TODO: check
CVE-2024-36394 (SysAid - CWE-78: Improper Neutralization of Special Elements
used in a ...)
- TODO: check
+ NOT-FOR-US: SysAid
CVE-2024-36393 (SysAid - CWE-89: Improper Neutralization of Special Elements
used in a ...)
- TODO: check
+ NOT-FOR-US: SysAid
CVE-2024-36106 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2024-35178 (The Jupyter Server provides the backend for Jupyter web
applications. ...)
TODO: check
CVE-2024-34832 (Directory Traversal vulnerability in CubeCart v.6.5.5 and
before allow ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2024-32873 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos
Network. ...)
TODO: check
CVE-2024-30375 (Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote
Code Exec ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c8a51fdc3f927d23969ec728013cbac41a05b15
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c8a51fdc3f927d23969ec728013cbac41a05b15
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
