Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
70a31c7c by Moritz Muehlenhoff at 2024-11-10T20:30:52+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -502,15 +502,15 @@ CVE-2024-35418 (wac commit 385e1 was discovered to
contain a heap overflow via t
CVE-2024-35410 (wac commit 385e1 was discovered to contain a heap overflow via
the int ...)
NOT-FOR-US: wac
CVE-2024-27532 (wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR)
06df58f is ...)
- TODO: check
+ NOT-FOR-US: wasm-micro-runtime
CVE-2024-27530 (wasm3 139076a contains a Use-After-Free in ForEachModule.)
- TODO: check
+ NOT-FOR-US: wasm3
CVE-2024-27529 (wasm3 139076a contains memory leaks in Read_utf8.)
- TODO: check
+ NOT-FOR-US: wasm3
CVE-2024-27528 (wasm3 139076a suffers from Invalid Memory Read, leading to DoS
and pot ...)
- TODO: check
+ NOT-FOR-US: wasm3
CVE-2024-27527 (wasm3 139076a is vulnerable to Denial of Service (DoS).)
- TODO: check
+ NOT-FOR-US: wasm3
CVE-2024-21994 (StorageGRID (formerly StorageGRID Webscale) versions prior to
11.9 are ...)
NOT-FOR-US: NetAPP
CVE-2024-11026 (A vulnerability was found in Intelligent Apps Freenow App
12.10.0 on A ...)
@@ -572,13 +572,13 @@ CVE-2024-10973
CVE-2024-9841 (A Reflected Cross-Site Scripting (XSS) vulnerability has been
identifi ...)
NOT-FOR-US: OpenText
CVE-2024-51997 (Trustee is a set of tools and components for attesting
confidential gu ...)
- TODO: check
+ NOT-FOR-US: Trustee
CVE-2024-51211 (SQL injection vulnerability exists in OS4ED openSIS-Classic
Version 9. ...)
- TODO: check
+ NOT-FOR-US: openSIS-Classic
CVE-2024-51152 (File Upload vulnerability in Laravel CMS v.1.4.7 and before
allows a r ...)
NOT-FOR-US: Laravel CMS
CVE-2024-51055 (An issue Hoosk v1.7.1 allows a remote attacker to execute
arbitrary co ...)
- TODO: check
+ NOT-FOR-US: Hoosk
CVE-2024-51032 (A Cross-site Scripting (XSS) vulnerability in
manage_recipient.php of ...)
NOT-FOR-US: Sourcecodester Toll Tax Management System
CVE-2024-51031 (A Cross-site Scripting (XSS) vulnerability in
manage_account.php in So ...)
@@ -592,7 +592,7 @@ CVE-2024-50811 (hopetree izone lts c011b48 contains a
server-side request forger
CVE-2024-50810 (hopetree izone lts c011b48 contains a Cross Site Scripting
(XSS) vulne ...)
NOT-FOR-US: hopetree izone
CVE-2024-50634 (A vulnerability in a weak JWT token in Watcharr v1.43.0 and
below allo ...)
- TODO: check
+ NOT-FOR-US: Watcharr
CVE-2024-50593 (An attacker with local access to the medical office computer
can acce ...)
NOT-FOR-US: Elefant Service tool
CVE-2024-50592 (An attacker with local access the to medical office computer
can esca ...)
@@ -626,7 +626,7 @@ CVE-2024-40240 (An incorrect access control issue in
HomeServe Home Repair' andr
CVE-2024-40239 (An incorrect access control issue in Life: Personal Diary,
Journal and ...)
NOT-FOR-US: Life: Personal Diary, Journal android app
CVE-2024-25431 (An issue in bytecodealliance wasm-micro-runtime before
v.b3f728c and f ...)
- TODO: check
+ NOT-FOR-US: wasm-micro-runtime
CVE-2024-10839 (Zohocorp ManageEngine SharePoint Manager Plus versions4503 and
prior a ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2024-10325 (The Elementor Header & Footer Builder plugin for WordPress is
vulnerab ...)
@@ -642,7 +642,7 @@ CVE-2024-7982 (The Registrations for the Events Calendar
WordPress plugin befor
CVE-2024-51998 (changedetection.io is a free open source web page change
detection too ...)
NOT-FOR-US: changedetection.io
CVE-2024-51987 (Duende.AccessTokenManagement.OpenIdConnect is a set of .NET
libraries ...)
- TODO: check
+ NOT-FOR-US: Duende.AccessTokenManagement.OpenIdConnect
CVE-2024-51434 (Inconsistent <plaintext> tag parsing allows for XSS in Froala
WYSIWYG ...)
NOT-FOR-US: Froala WYSIWYG editor
CVE-2024-50766 (SourceCodester Survey Application System 1.0 is vulnerable to
SQL Inje ...)
@@ -676,7 +676,7 @@ CVE-2024-36062 (The com.callassistant.android (aka AI Call
Assistant & Screener)
CVE-2024-24409 (Zohocorp ManageEngine ADManager Plus versions 7203 and prior
are vulne ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2024-21538 (Versions of the package cross-spawn before 7.0.5 are
vulnerable to Reg ...)
- TODO: check
+ NOT-FOR-US: Node cross-spawn
CVE-2024-11000 (A vulnerability classified as problematic was found in
CodeAstro Real ...)
NOT-FOR-US: CodeAstro Real Estate Management System
CVE-2024-10999 (A vulnerability classified as problematic has been found in
CodeAstro ...)
@@ -893,7 +893,7 @@ CVE-2024-51994 (Combodo iTop is a web based IT Service
Management tool. In affec
CVE-2024-51993 (Combodo iTop is a web based IT Service Management tool. An
attacker ac ...)
NOT-FOR-US: Combodo iTop
CVE-2024-51989 (Password Pusher is an open source application to communicate
sensitive ...)
- TODO: check
+ NOT-FOR-US: Password Pusher
CVE-2024-51758 (Filament is a collection of full-stack components for
accelerated Lara ...)
NOT-FOR-US: Filament
CVE-2024-51504 (When using IPAuthenticationProvider in ZooKeeper Admin Server
there is ...)
@@ -907,7 +907,7 @@ CVE-2024-51504 (When using IPAuthenticationProvider in
ZooKeeper Admin Server th
NOTE: Fixed by:
https://github.com/apache/zookeeper/commit/bd5be58c562ce992de8af43cdef0bdb34261a525
(release-3.9.3-0)
NOTE: Followup to disable (X-Forwarded-For by default):
https://github.com/apache/zookeeper/commit/67037ad9087b4e554f77427e88d40df1eb19d6d3
(release-3.9.3-0)
CVE-2024-51428 (An issue in Espressif Esp idf v5.3.0 allows attackers to cause
a Denia ...)
- TODO: check
+ NOT-FOR-US: Espressif Esp idf
CVE-2024-48954 (An issue was discovered in Logpoint before 7.5.0. Unvalidated
input du ...)
NOT-FOR-US: Logpoint
CVE-2024-48953 (An issue was discovered in Logpoint before 7.5.0. Endpoints
for creati ...)
@@ -947,7 +947,7 @@ CVE-2024-30141 (HCL BigFix Compliance is vulnerable to the
generation of error m
CVE-2024-30140 (HCL BigFix Compliance is affected by unvalidated redirects and
forward ...)
NOT-FOR-US: HCL
CVE-2024-24914 (Authenticated Gaia users can inject code or commands by global
variabl ...)
- TODO: check
+ NOT-FOR-US: Checkpoint
CVE-2024-10969 (A vulnerability was found in 1000 Projects Bookstore
Management System ...)
NOT-FOR-US: 1000 Projects Bookstore Management System
CVE-2024-10968 (A vulnerability was found in 1000 Projects Bookstore
Management System ...)
@@ -965,7 +965,7 @@ CVE-2024-10963 (A vulnerability was found in pam_access due
to the improper hand
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2324291
NOTE: https://github.com/linux-pam/linux-pam/issues/834
CVE-2024-10668 (There exists an auth bypass in Google Quickshare where an
attacker can ...)
- TODO: check
+ NOT-FOR-US: Google Quickshare
CVE-2024-10526 (Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer
from a ...)
NOT-FOR-US: Rapid7 Velociraptor MSI Installer
CVE-2024-10203 (Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21
and below ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70a31c7c8438661f443704f509ee7b1342b543a6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70a31c7c8438661f443704f509ee7b1342b543a6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
