Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7573ef51 by Salvatore Bonaccorso at 2024-12-31T14:09:03+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
CVE-2024-45497 (A flaw was found in the OpenShift build process, where the
docker-buil ...)
NOT-FOR-US: OpenShift
CVE-2024-13058 (An issue exists in SoftIron HyperCloud where authenticated,
but non-a ...)
- TODO: check
+ NOT-FOR-US: SoftIron HyperCloud
CVE-2024-13051 (Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer
Overflow Rem ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum Graphite
CVE-2024-13050 (Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer
Overflow Rem ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum Graphite
CVE-2024-13049 (Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote
Code Execut ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum Cobalt
CVE-2024-13048 (Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Write
Remote Code E ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum Cobalt
CVE-2024-13047 (Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote
Code Execut ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum Cobalt
CVE-2024-13046 (Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write
Remote Code E ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum Cobalt
CVE-2024-13045 (Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer
Overflow Remot ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum Cobalt
CVE-2024-13044 (Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write
Remote Code E ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum Cobalt
CVE-2024-13043 (Panda Security Dome Link Following Local Privilege Escalation
Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Panda Security Dome
CVE-2024-13042 (A vulnerability was found in Tsinghua Unigroup Electronic
Archives Man ...)
NOT-FOR-US: Tsinghua Unigroup Electronic Archives Management System
CVE-2024-13040 (The QOCA aim from Quanta Computer has an Authorization Bypass
Through ...)
@@ -37,27 +37,27 @@ CVE-2024-12751 (Foxit PDF Reader AcroForm Out-Of-Bounds
Read Remote Code Executi
CVE-2024-11972 (The Hunk Companion WordPress plugin before 1.9.0 does not
correctly au ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11946 (iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext
Transmi ...)
- TODO: check
+ NOT-FOR-US: TrueNAS
CVE-2024-11944 (iXsystems TrueNAS CORE tarfile.extractall Directory Traversal
Remote C ...)
- TODO: check
+ NOT-FOR-US: TrueNAS
CVE-2024-56801 (Tasklists provides plugin tasklists for GLPI. Versions prior
to 2.0.4 ...)
NOT-FOR-US: Tasklists plugin for GLPI
CVE-2024-56800 (Firecrawl is a web scraper that allows users to extract the
content of ...)
- TODO: check
+ NOT-FOR-US: Firecrawl
CVE-2024-56799 (Simofa is a tool to help automate static website building and
deployme ...)
- TODO: check
+ NOT-FOR-US: Simofa
CVE-2024-56734 (Better Auth is an authentication library for TypeScript. An
open redir ...)
- TODO: check
+ NOT-FOR-US: Better Auth
CVE-2024-56733 (Password Pusher is an open source application to communicate
sensitive ...)
- TODO: check
+ NOT-FOR-US: Password Pusher
CVE-2024-56517 (LGSL (Live Game Server List) provides online status lists for
online v ...)
NOT-FOR-US: LGSL (Live Game Server List)
CVE-2024-56516 (free-one-api allows users to access large language model
reverse engin ...)
- TODO: check
+ NOT-FOR-US: free-one-api
CVE-2024-54181 (IBM WebSphere Automation 1.7.5 could allow a remote privileged
user, w ...)
NOT-FOR-US: IBM
CVE-2024-52294 (Khoj is a self-hostable artificial intelligence app. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: Khoj
CVE-2024-50703 (TeamPass before 3.1.3.1 does not properly prevent a user from
acting w ...)
- teampass <itp> (bug #730180)
CVE-2024-50702 (TeamPass before 3.1.3.1 does not properly check whether a
mail_me (aka ...)
@@ -71,11 +71,11 @@ CVE-2024-47925 (Tecnick TCExam \u2013 Multiple CWE-79:
Improper Neutralization o
CVE-2024-47924 (Boa web server \u2013 CWE-79: Improper Neutralization of Input
During ...)
TODO: check
CVE-2024-47923 (Mashov \u2013 CWE-200: Exposure of Sensitive Information to an
Unautho ...)
- TODO: check
+ NOT-FOR-US: Mashov
CVE-2024-47922 (Priority \u2013 CWE-200: Exposure of Sensitive Information to
an Unaut ...)
- TODO: check
+ NOT-FOR-US: Priority
CVE-2024-47921 (Smadar SPS \u2013 CWE-327: Use of a Broken or Risky
Cryptographic Algo ...)
- TODO: check
+ NOT-FOR-US: Smadar SPS
CVE-2024-47920 (Tiki Wiki CMS \u2013 CWE-79: Improper Neutralization of Input
During W ...)
- tikiwiki <removed>
CVE-2024-47919 (Tiki Wiki CMS \u2013 CWE-78: Improper Neutralization of
Special Elemen ...)
@@ -89,7 +89,7 @@ CVE-2024-46542 (Veritas / Arctera Data Insight before 7.1.1
allows Application A
CVE-2024-22063 (The ZENIC ONE R58 products by ZTE Corporation have a command
injection ...)
NOT-FOR-US: ZTE
CVE-2024-12993 (Infinix devices contain a pre-loaded "com.rlk.weathers"
application, t ...)
- TODO: check
+ NOT-FOR-US: Infinix
CVE-2024-12836 (Delta Electronics DRASimuCAD STP File Parsing Type Confusion
Remote Co ...)
NOT-FOR-US: Delta Electronics
CVE-2024-12835 (Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds
Write Remo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7573ef51a56530fc14272da6f7e1a31b75bc3786
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7573ef51a56530fc14272da6f7e1a31b75bc3786
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
