Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
efee28ae by Moritz Muehlenhoff at 2024-07-29T23:15:08+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -44,7 +44,7 @@ CVE-2024-41881 (SDoP versions prior to 1.11 fails to handle
appropriately some p
CVE-2024-41819 (Note Mark is a web-based Markdown notes app. A stored
cross-site scrip ...)
NOT-FOR-US: Note Mark
CVE-2024-41818 (fast-xml-parser is an open source, pure javascript xml parser.
a ReDOS ...)
- TODO: check
+ NOT-FOR-US: fast-xml-parser
CVE-2024-41817 (ImageMagick is a free and open-source software suite, used for
editing ...)
- imagemagick <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8rxc-922v-phg8
@@ -89,13 +89,13 @@ CVE-2024-37857 (SQL Injection vulnerability in Lost and
Found Information System
CVE-2024-37856 (Cross Site Scripting vulnerability in Lost and Found
Information Syste ...)
NOT-FOR-US: Lost and Found Information System
CVE-2024-33365 (Buffer Overflow vulnerability in Tenda AC10 v4
US_AC10V4.0si_V16.03.10 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-28806 (An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215.
Remote u ...)
- TODO: check
+ NOT-FOR-US: Italtel i-MCS NFV
CVE-2024-28805 (An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215.
There is ...)
- TODO: check
+ NOT-FOR-US: Italtel i-MCS NFV
CVE-2024-28804 (An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215.
Stored C ...)
- TODO: check
+ NOT-FOR-US: Italtel i-MCS NFV
CVE-2024-42098 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.9.8-1
[bookworm] - linux 6.1.98-1
@@ -619,7 +619,7 @@ CVE-2024-41637 (RaspAP before 3.1.5 allows an attacker to
escalate privileges: t
CVE-2024-37381 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
NOT-FOR-US: Ivanti
CVE-2024-32671 (Heap-based Buffer Overflow vulnerability in Samsung Open
Source Escarg ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-41019 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.9.12-1
NOTE:
https://git.kernel.org/linus/50c47879650b4c97836a0086632b3a2e300b0f06 (6.11-rc1)
@@ -1952,7 +1952,7 @@ CVE-2024-39963 (AX3000 Dual-Band Gigabit Wi-Fi 6 Router
AX9 V22.03.01.46 and AX3
CVE-2024-39962 (D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router
v21_D240126 w ...)
NOT-FOR-US: D-Link
CVE-2024-39906 (A command injection vulnerability was found in the IndieAuth
functiona ...)
- TODO: check
+ NOT-FOR-US: Haven
CVE-2024-39457 (Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting
vulnerabi ...)
NOT-FOR-US: Cybozu
CVE-2024-39123 (In janeczku Calibre-Web 0.6.0 to 0.6.21, the
edit_book_comments functi ...)
@@ -2003,7 +2003,7 @@ CVE-2024-40724 (Heap-based buffer overflow vulnerability
in Assimp versions prio
[bullseye] - assimp <no-dsa> (Minor issue)
NOTE:
https://github.com/assimp/assimp/commit/ddb74c2bbdee1565dda667e85f0c82a0588c8053
(v5.4.2)
CVE-2024-40642 (The netty incubator codec.bhttp is a java language binary http
parser. ...)
- TODO: check
+ NOT-FOR-US: codec.bhttp
CVE-2024-38156 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-35199 (TorchServe is a flexible and easy-to-use tool for serving and
scaling ...)
@@ -2013,9 +2013,9 @@ CVE-2024-35198 (TorchServe is a flexible and easy-to-use
tool for serving and sc
CVE-2024-30130 (HCL Nomad server on Domino is vulnerable to the cache
containing sensi ...)
NOT-FOR-US: HCL
CVE-2024-21583 (Versions of the package
github.com/gitpod-io/gitpod/components/server/ ...)
- TODO: check
+ NOT-FOR-US: gitpod
CVE-2024-21527 (Versions of the package
github.com/gotenberg/gotenberg/v8/pkg/gotenber ...)
- TODO: check
+ NOT-FOR-US: gotenberg
CVE-2023-7269 (The ArtPlacer Widget WordPress plugin before 2.21.2 does not
have CSRF ...)
NOT-FOR-US: WordPress plugin
CVE-2023-7268 (The ArtPlacer Widget WordPress plugin before 2.21.2 does not
have auth ...)
@@ -6172,7 +6172,7 @@ CVE-2024-38453 (The Avalara for Salesforce CPQ app before
7.0 for Salesforce all
CVE-2024-37082 (When deploying Cloud Foundry together with the
haproxy-boshrelease and ...)
NOT-FOR-US: Cloud Foundry
CVE-2024-32673 (Improper Validation of Array Index vulnerability in Samsung
Open Sourc ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-2376 (The WPQA Builder WordPress plugin before 6.1.1 does not have
CSRF chec ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2375 (The WPQA Builder WordPress plugin before 6.1.1 does not
sanitise and e ...)
@@ -6695,7 +6695,7 @@ CVE-2024-21456 (Information Disclosure while parsing
beacon frame in STA.)
CVE-2024-20399 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
NOT-FOR-US: Cisco
CVE-2024-0153 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2023-43554 (Memory corruption while processing IOCTL handler in FastRPC.)
NOT-FOR-US: Qualcomm
CVE-2024-40898 (SSRF in Apache HTTP Server on Windows with mod_rewrite in
server/vhost ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efee28aed27cb5919d996daabd47400a7e28f8ba
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efee28aed27cb5919d996daabd47400a7e28f8ba
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
