Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7bbbc35d by Salvatore Bonaccorso at 2024-02-28T21:45:00+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2024-27948 (Cross-Site Request Forgery (CSRF) vulnerability in bytesforall
Atahual ...)
- TODO: check
+ NOT-FOR-US: bytesforall Atahualpa
CVE-2024-27517 (Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability,
Attacke ...)
- TODO: check
+ NOT-FOR-US: Webasyst
CVE-2024-27516 (livehelperchat 4.28v is vulnerable to Server-Side Template
Injection ( ...)
- TODO: check
+ NOT-FOR-US: livehelperchat
CVE-2024-27515 (Osclass 5.1.2 is vulnerable to SQL Injection.)
- TODO: check
+ NOT-FOR-US: Osclass
CVE-2024-27285 (YARD is a Ruby Documentation tool. The "frames.html" file
within the Y ...)
- yard <unfixed>
NOTE:
https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc
@@ -13,33 +13,33 @@ CVE-2024-27285 (YARD is a Ruby Documentation tool. The
"frames.html" file within
CVE-2024-27284 (cassandra-rs is a Cassandra (CQL) driver for Rust. Code that
attempts ...)
TODO: check
CVE-2024-27103 (Querybook is a Big Data Querying UI. When a user searches for
their qu ...)
- TODO: check
+ NOT-FOR-US: Querybook
CVE-2024-27083 (Flask-AppBuilder is an application development framework,
built on top ...)
TODO: check
CVE-2024-26342 (A Null pointer dereference in usr/sbin/httpd in ASUS AC68U
3.0.0.4.384 ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2024-25932 (Cross-Site Request Forgery (CSRF) vulnerability in Manish
Kumar Agarwa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25931 (Cross-Site Request Forgery (CSRF) vulnerability in Heureka
Group Heure ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25930 (Cross-Site Request Forgery (CSRF) vulnerability in Nuggethon
Custom Or ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25927 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25910 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25902 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25859 (A path traversal vulnerability in the /path/to/uploads/
directory of B ...)
- TODO: check
+ NOT-FOR-US: Blesta
CVE-2024-25833 (F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL
injection, ...)
- TODO: check
+ NOT-FOR-US: F-logic DataCube3
CVE-2024-25832 (F-logic DataCube3 v1.0 is vulnerable to unrestricted file
upload, whic ...)
- TODO: check
+ NOT-FOR-US: F-logic DataCube3
CVE-2024-25831 (F-logic DataCube3 Version 1.0 is affected by a reflected
cross-site sc ...)
- TODO: check
+ NOT-FOR-US: F-logic DataCube3
CVE-2024-25830 (F-logic DataCube3 v1.0 is vulnerable to Incorrect Access
Control due t ...)
- TODO: check
+ NOT-FOR-US: F-logic DataCube3
CVE-2024-25435 (A cross-site scripting (XSS) vulnerability in Md1health
Md1patient v2. ...)
TODO: check
CVE-2024-25202 (Cross Site Scripting vulnerability in Phpgurukul User
Registration & L ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bbbc35d6bbcd1e589d2a9320ee6ae0bdf5c4f0b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bbbc35d6bbcd1e589d2a9320ee6ae0bdf5c4f0b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
