Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a4eeebb3 by Salvatore Bonaccorso at 2024-03-18T21:36:53+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,45 +1,45 @@
CVE-2024-2599 (File upload restriction evasion vulnerability in AMSS++ version
4.31. ...)
- TODO: check
+ NOT-FOR-US: AMSS++
CVE-2024-2598 (Vulnerability in AMSS++ version 4.31, which does not
sufficiently enco ...)
- TODO: check
+ NOT-FOR-US: AMSS++
CVE-2024-2597 (Vulnerability in AMSS++ version 4.31, which does not
sufficiently enco ...)
- TODO: check
+ NOT-FOR-US: AMSS++
CVE-2024-2596 (Vulnerability in AMSS++ version 4.31, which does not
sufficiently enco ...)
- TODO: check
+ NOT-FOR-US: AMSS++
CVE-2024-2595 (Vulnerability in AMSS++ version 4.31, which does not
sufficiently enco ...)
- TODO: check
+ NOT-FOR-US: AMSS++
CVE-2024-2594 (Vulnerability in AMSS++ version 4.31, which does not
sufficiently enco ...)
- TODO: check
+ NOT-FOR-US: AMSS++
CVE-2024-2593 (Vulnerability in AMSS++ version 4.31, which does not
sufficiently enco ...)
- TODO: check
+ NOT-FOR-US: AMSS++
CVE-2024-2592 (Vulnerability in AMSS++ version 4.31 that allows SQL injection
through ...)
- TODO: check
+ NOT-FOR-US: AMSS++
CVE-2024-2591 (Vulnerability in AMSS++ version 4.31 that allows SQL injection
through ...)
- TODO: check
+ NOT-FOR-US: AMSS++
CVE-2024-2590 (Vulnerability in AMSS++ version 4.31 that allows SQL injection
through ...)
- TODO: check
+ NOT-FOR-US: AMSS++
CVE-2024-2589 (Vulnerability in AMSS++ version 4.31 that allows SQL injection
through ...)
- TODO: check
+ NOT-FOR-US: AMSS++
CVE-2024-2588 (Vulnerability in AMSS++ version 4.31 that allows SQL injection
through ...)
- TODO: check
+ NOT-FOR-US: AMSS++
CVE-2024-2587 (Vulnerability in AMSS++ version 4.31 that allows SQL injection
through ...)
- TODO: check
+ NOT-FOR-US: AMSS++
CVE-2024-2586 (Vulnerability in AMSS++ version 4.31 that allows SQL injection
through ...)
- TODO: check
+ NOT-FOR-US: AMSS++
CVE-2024-2585 (Vulnerability in AMSS++ version 4.31 that allows SQL injection
through ...)
- TODO: check
+ NOT-FOR-US: AMSS++
CVE-2024-2584 (Vulnerability in AMSS++ version 4.31 that allows SQL injection
through ...)
- TODO: check
+ NOT-FOR-US: AMSS++
CVE-2024-2390 (As a part of Tenable\u2019s vulnerability disclosure program, a
vulner ...)
- TODO: check
+ NOT-FOR-US: Tenable
CVE-2024-2229 (CWE-502: Deserialization of Untrusted Data vulnerability exists
that c ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-2052 (CWE-552: Files or Directories Accessible to External Parties
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-2051 (CWE-307: Improper Restriction of Excessive Authentication
Attempts vul ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-2050 (CWE-79: Improper Neutralization of Input During Web Page
Generation (\ ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-28550 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in
the file ...)
NOT-FOR-US: Tenda
CVE-2024-28547 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in
the fire ...)
@@ -74,7 +74,7 @@ CVE-2024-27769 (Unitronics Unistream Unilogic \u2013 Versions
prior to 1.35.227
CVE-2024-27768 (Unitronics Unistream Unilogic \u2013 Versions prior to
1.35.227 - CWE- ...)
NOT-FOR-US: Unitronics Unistream Unilogic
CVE-2024-27767 (CWE-287: Improper Authentication may allow Authentication
Bypass)
- TODO: check
+ NOT-FOR-US: Unitronics Unistream Unilogic
CVE-2024-27104 (GLPI is a Free Asset and IT Management Software package, Data
center m ...)
- glpi <removed>
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-prc3-cx5m-h5mj
@@ -172,89 +172,89 @@ CVE-2024-26030 (Adobe Experience Manager versions 6.5.19
and earlier are affecte
CVE-2024-26028 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
NOT-FOR-US: Adobe
CVE-2024-25657 (An open redirect in the Login/Logout functionality of web
management i ...)
- TODO: check
+ NOT-FOR-US: AVSystem Unified Management Platform (UMP)
CVE-2024-25656 (Improper input validation in AVSystem Unified Management
Platform (UMP ...)
- TODO: check
+ NOT-FOR-US: AVSystem Unified Management Platform (UMP)
CVE-2024-25655 (Insecure storage of LDAP passwords in the authentication
functionality ...)
- TODO: check
+ NOT-FOR-US: AVSystem Unified Management Platform (UMP)
CVE-2024-25654 (Insecure permissions for log files of AVSystem Unified
Management Plat ...)
- TODO: check
+ NOT-FOR-US: AVSystem Unified Management Platform (UMP)
CVE-2024-22257 (In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x
prior to 5. ...)
TODO: check
CVE-2024-21662 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2024-21661 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2024-21652 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2024-20768 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20767 (ColdFusion versions 2023.6, 2021.12 and earlier are affected
by an Imp ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20764 (Animate versions 24.0, 23.0.3 and earlier are affected by an
out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20763 (Animate versions 24.0, 23.0.3 and earlier are affected by an
out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20762 (Animate versions 24.0, 23.0.3 and earlier are affected by an
out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20761 (Animate versions 24.0, 23.0.3 and earlier are affected by an
out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20760 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20757 (Bridge versions 13.0.5, 14.0.1 and earlier are affected by an
out-of-b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20756 (Bridge versions 13.0.5, 14.0.1 and earlier are affected by an
out-of-b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20755 (Bridge versions 13.0.5, 14.0.1 and earlier are affected by a
Heap-base ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20754 (Lightroom Desktop versions 7.1.2 and earlier are affected by
an Untrus ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20752 (Bridge versions 13.0.5, 14.0.1 and earlier are affected by a
Use After ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20746 (Premiere Pro versions 24.1, 23.6.2 and earlier are affected by
an out- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20745 (Premiere Pro versions 24.1, 23.6.2 and earlier are affected by
a Heap- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-1753 (A flaw was found in Buildah (and subsequently Podman Build)
which allo ...)
TODO: check
CVE-2024-1658 (The Grid Shortcodes WordPress plugin before 1.1.1 does not
validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1606 (Lack of input sanitization in BMC Control-M branches 9.0.20
and 9.0.2 ...)
- TODO: check
+ NOT-FOR-US: BMC
CVE-2024-1605 (BMC Control-M branches 9.0.20 and 9.0.21 upon user login load
all Dyn ...)
- TODO: check
+ NOT-FOR-US: BMC
CVE-2024-1604 (Improper authorization in the report management and creation
module of ...)
- TODO: check
+ NOT-FOR-US: BMC
CVE-2024-1333 (The Responsive Pricing Table WordPress plugin before 5.1.11
does not v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1331 (The Team Members WordPress plugin before 5.3.2 does not
validate and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1013 (An out-of-bounds stack write flaw was found in unixODBC on
64-bit arch ...)
TODO: check
CVE-2024-0973 (The Widget for Social Page Feeds WordPress plugin before 6.4
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0951 (The Advanced Social Feeds Widget & Shortcode WordPress plugin
through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0858 (The Innovs HR WordPress plugin through 1.0.3.4 does not have
CSRF chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0820 (The Jobs for WordPress plugin before 2.7.4 does not sanitise
and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0780 (The Enjoy Social Feed plugin for WordPress website WordPress
plugin th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0779 (The Enjoy Social Feed plugin for WordPress website WordPress
plugin th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0719 (The Tabs Shortcode and Widget WordPress plugin through 1.17
does not v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0711 (The Buttons Shortcode and Widget WordPress plugin through 1.16
does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0365 (The Fancy Product Designer WordPress plugin before 6.1.5 does
not prop ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7236 (The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to
Inform ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7085 (The Scalable Vector Graphics (SVG) WordPress plugin through 3.4
does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6821 (The Error Log Viewer by BestWebSoft WordPress plugin before
1.1.3 cont ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41334 (Astropy is a project for astronomy in Python that fosters
interoperabi ...)
TODO: check
CVE-2024-26641 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4eeebb302d995e18285e13072bfe118c67540c8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4eeebb302d995e18285e13072bfe118c67540c8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
