[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
031634f2 by Moritz Muehlenhoff at 2024-06-07T13:51:38+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -327,49 +327,50 @@ CVE-2024-30369 (A10 Thunder ADC Incorrect Permission 
Assignment Local Privilege
 CVE-2024-30368 (A10 Thunder ADC CsrRequestView Command Injection Remote Code 
Execution ...)
        NOT-FOR-US: A10 Thunder ADC
 CVE-2024-2965 (A Denial-of-Service (DoS) vulnerability exists in the 
`SitemapLoader`  ...)
-       TODO: check
+       NOT-FOR-US: langchain
 CVE-2024-2928 (A Local File Inclusion (LFI) vulnerability was identified in 
mlflow/ml ...)
-       TODO: check
+       NOT-FOR-US: mlflow
 CVE-2024-2914 (A TarSlip vulnerability exists in the deepjavalibrary/djl, 
affecting v ...)
-       TODO: check
+       NOT-FOR-US: deepjavalibrary/djl
 CVE-2024-2624 (A path traversal and arbitrary file upload vulnerability exists 
in the ...)
-       TODO: check
+       NOT-FOR-US: lollms-webui
 CVE-2024-2548 (A path traversal vulnerability exists in the 
parisneo/lollms-webui app ...)
-       TODO: check
+       NOT-FOR-US: lollms-webui
 CVE-2024-2383 (A clickjacking vulnerability exists in zenml-io/zenml versions 
up to a ...)
-       TODO: check
+       NOT-FOR-US: zenml
 CVE-2024-2362 (A path traversal vulnerability exists in the 
parisneo/lollms-webui ver ...)
-       TODO: check
+       NOT-FOR-US: lollms-webui
 CVE-2024-2360 (parisneo/lollms-webui is vulnerable to path traversal attacks 
that can ...)
-       TODO: check
+       NOT-FOR-US: lollms-webui
 CVE-2024-2359 (A vulnerability in the parisneo/lollms-webui version 9.3 allows 
attack ...)
-       TODO: check
+       NOT-FOR-US: lollms-webui
 CVE-2024-2288 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the 
profil ...)
-       TODO: check
+       NOT-FOR-US: lollms-webui
 CVE-2024-2213 (An issue was discovered in zenml-io/zenml versions up to and 
including ...)
-       TODO: check
+       NOT-FOR-US: zenml
 CVE-2024-2171 (A stored Cross-Site Scripting (XSS) vulnerability was 
identified in th ...)
-       TODO: check
+       NOT-FOR-US: zenml
 CVE-2024-2035 (An improper authorization vulnerability exists in the 
zenml-io/zenml r ...)
-       TODO: check
+       NOT-FOR-US: zenml
 CVE-2024-2032 (A race condition vulnerability exists in zenml-io/zenml 
versions up to ...)
-       TODO: check
+       NOT-FOR-US: zenml
 CVE-2024-28995 (SolarWinds Serv-U was susceptible to a directory transversal 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2024-23793 (The file upload feature in OTRS and ((OTRS)) Community Edition 
has a p ...)
-       TODO: check
+       NOT-FOR-US: OTRS
+       NOTE: Issue is listed as specific to >= 7.x, so won't affect Znuny 
which forked from 6.x
 CVE-2024-22326 (IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 
89.33.4 ...)
        NOT-FOR-US: IBM
 CVE-2024-1881 (AutoGPT, a component of significant-gravitas/autogpt, is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: AutoGPT
 CVE-2024-1880 (An OS command injection vulnerability exists in the MacOS 
Text-To-Spee ...)
-       TODO: check
+       NOT-FOR-US: AutoGPT
 CVE-2024-1879 (A Cross-Site Request Forgery (CSRF) vulnerability in 
significant-gravi ...)
-       TODO: check
+       NOT-FOR-US: AutoGPT
 CVE-2024-1873 (parisneo/lollms-webui is vulnerable to path traversal and 
denial of se ...)
-       TODO: check
+       NOT-FOR-US: lollms-webui
 CVE-2024-0520 (A vulnerability in mlflow/mlflow version 8.2.1 allows for 
remote code  ...)
-       TODO: check
+       NOT-FOR-US: mlflow
 CVE-2023-45192 (IBM Engineering Requirements Management DOORS Next 7.0.2 and 
7.0.3 is  ...)
        NOT-FOR-US: IBM
 CVE-2024-5665 (The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for 
WordPr ...)
@@ -441,7 +442,7 @@ CVE-2024-1175 (The WP-Recall \u2013 Registration, Profile, 
Commerce & More plugi
 CVE-2024-0972 (The BuddyPress Members Only plugin for WordPress is vulnerable 
to Sens ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-0912 (Under certain circumstances the Microsoft\xae Internet 
Information Ser ...)
-       TODO: check
+       NOT-FOR-US: Johnson Controls
 CVE-2024-0910 (The Restrict for Elementor plugin for WordPress is vulnerable 
to Sensi ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-6968 (The The Moneytizer plugin for WordPress is vulnerable to 
Cross-Site Re ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/031634f2a942614ca2ff0a595f30473227c3b354

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/031634f2a942614ca2ff0a595f30473227c3b354
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits