Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
730aeaaa by Salvatore Bonaccorso at 2024-04-10T22:32:01+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,19 +21,19 @@ CVE-2024-3515 (Use after free in Dawn in Google Chrome
prior to 123.0.6312.122 a
CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In
this v ...)
TODO: check
CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto
Networks PAN ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3387 (A weak (low bit strength) device certificate in Palo Alto
Networks Pan ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3386 (An incorrect string comparison vulnerability in Palo Alto
Networks PAN ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3385 (A packet processing mechanism in Palo Alto Networks PAN-OS
software en ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3384 (A vulnerability in Palo Alto Networks PAN-OS software enables a
remote ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3383 (A vulnerability in how Palo Alto Networks PAN-OS software
processes da ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that
enable ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with
manage ...)
TODO: check
CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome
prior to 1 ...)
@@ -47,21 +47,21 @@ CVE-2024-3098 (A vulnerability was identified in the
`exec_utils` class of the `
CVE-2024-3025 (mintplex-labs/anything-llm is vulnerable to path traversal
attacks due ...)
TODO: check
CVE-2024-31984 (Starting in version 7.2-rc-1 and prior to versions 4.10.20,
15.5.4, an ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31983 (XWiki Platform is a generic wiki platform. In multilingual
wikis, tran ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31982 (XWiki Platform is a generic wiki platform. Starting in version
2.4-mil ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31981 (XWiki Platform is a generic wiki platform. Starting in version
3.0.1 a ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31944 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize
WooCommerc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31943 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize
USPS Shipp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31939 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy
Import any X ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31924 (Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW
EWWW Im ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31874 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7
uses uninit ...)
NOT-FOR-US: IBM
CVE-2024-31873 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7
contains ha ...)
@@ -71,71 +71,71 @@ CVE-2024-31872 (IBM Security Verify Access Appliance 10.0.0
through 10.0.7 could
CVE-2024-31871 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7
could allow ...)
NOT-FOR-US: IBM
CVE-2024-31819 (An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote
attacker ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2024-31492 (An external control of file name or path vulnerability
[CWE-73] in Fo ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-31465 (XWiki Platform is a generic wiki platform. Starting in version
5.0-rc- ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31464 (XWiki Platform is a generic wiki platform. Starting in version
5.0-rc- ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31461 (Plane, an open-source project management tool, has a
Server-Side Reque ...)
- TODO: check
+ NOT-FOR-US: Plane
CVE-2024-31430 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777
WOLF \u2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31386 (Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu
Ishikawa X ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31358 (Missing Authorization vulnerability in Saleswonder.Biz 5 Stars
Rating ...)
- TODO: check
+ NOT-FOR-US: Saleswonder.Biz 5 Stars Rating Funnel
CVE-2024-31356 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31355 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31353 (Insertion of Sensitive Information into Log File vulnerability
in Trib ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31343 (Missing Authorization vulnerability in Sonaar Music MP3 Audio
Player f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31342 (Missing Authorization vulnerability in WPcloudgallery
WordPress Galler ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31302 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31299 (Cross-Site Request Forgery (CSRF) vulnerability in Reservation
Diary R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31298 (Insertion of Sensitive Information into Log File vulnerability
in Joel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31297 (Missing Authorization vulnerability in WPExperts Wholesale For
WooComm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31287 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31282 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31278 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31259 (Insertion of Sensitive Information into Log File vulnerability
in Sear ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31254 (Insertion of Sensitive Information into Log File vulnerability
in WebT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31253 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31249 (Insertion of Sensitive Information into Log File vulnerability
in WPKu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31247 (Insertion of Sensitive Information into Log File vulnerability
in Fr\x ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31245 (Insertion of Sensitive Information into Log File vulnerability
in Conv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31242 (Missing Authorization vulnerability in Bricksforge.This issue
affects ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31240 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31230 (Missing Authorization vulnerability in ShortPixel ShortPixel
Adaptive ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31214 (Traccar is an open source GPS tracking system. Traccar
versions 5.1 th ...)
- TODO: check
+ NOT-FOR-US: Traccar
CVE-2024-2952 (BerriAI/litellm is vulnerable to Server-Side Template Injection
(SSTI) ...)
TODO: check
CVE-2024-2731 (Users with low privileges (all permissions deselected in the
administr ...)
TODO: check
CVE-2024-2730 (Mautic uses predictable page indices for unpublished landing
pages, th ...)
- TODO: check
+ NOT-FOR-US: Mautic
CVE-2024-2221 (qdrant/qdrant is vulnerable to a path traversal and arbitrary
file upl ...)
TODO: check
CVE-2024-2217 (gaizhenbiao/chuanhuchatgpt is vulnerable to improper access
control, a ...)
@@ -147,47 +147,47 @@ CVE-2024-2195 (A critical Remote Code Execution (RCE)
vulnerability was identifi
CVE-2024-2029 (A command injection vulnerability exists in the
`TranscriptEndpoint` o ...)
TODO: check
CVE-2024-29502 (An issue in Secure Lockdown Multi Application Edition
v2.00.219 allows ...)
- TODO: check
+ NOT-FOR-US: Secure Lockdown Multi Application
CVE-2024-29500 (An issue in the kiosk mode of Secure Lockdown Multi
Application Editio ...)
- TODO: check
+ NOT-FOR-US: Secure Lockdown Multi Application
CVE-2024-29296 (A user enumeration vulnerability was found in Portainer CE
2.19.4. Thi ...)
- TODO: check
+ NOT-FOR-US: Portainer
CVE-2024-29269 (An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4
allows a ...)
- TODO: check
+ NOT-FOR-US: Telesquare TLR-2005Ksh
CVE-2024-28345 (An issue discovered in Sipwise C5 NGCP Dashboard below
mr11.5.1 allows ...)
- TODO: check
+ NOT-FOR-US: Sipwise C5 NGCP Dashboard
CVE-2024-28344 (An Open Redirect vulnerability was found in Sipwise C5 NGCP
Dashboard ...)
- TODO: check
+ NOT-FOR-US: Sipwise C5 NGCP Dashboard
CVE-2024-27477 (In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists
within ...)
- TODO: check
+ NOT-FOR-US: Leantime
CVE-2024-27476 (Leantime 3.0.6 is vulnerable to HTML Injection via
/dashboard/show#/ti ...)
- TODO: check
+ NOT-FOR-US: Leantime
CVE-2024-27474 (Leantime 3.0.6 is vulnerable to Cross Site Request Forgery
(CSRF). Thi ...)
- TODO: check
+ NOT-FOR-US: Leantime
CVE-2024-26122 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-26098 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-26097 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-26087 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-26084 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-26079 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-26076 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-26047 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-26046 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-24809 (Traccar is an open source GPS tracking system. Versions prior
to 6.0 a ...)
- TODO: check
+ NOT-FOR-US: Traccar
CVE-2024-23735 (Cross Site Scripting (XSS) vulnerability in in the S/MIME
certificate ...)
- TODO: check
+ NOT-FOR-US: savignano S/Notify
CVE-2024-23734 (Cross Site Request Forgery vulnerability in in the upload
functionalit ...)
- TODO: check
+ NOT-FOR-US: savignano S/Notify
CVE-2024-23083 (Time4J Base v5.9.3 was discovered to contain a
NullPointerException vi ...)
TODO: check
CVE-2024-23080 (Joda Time v2.12.5 was discovered to contain a
NullPointerException via ...)
@@ -197,23 +197,23 @@ CVE-2024-23077 (JFreeChart v1.5.4 was discovered to be
vulnerable to ArrayIndexO
CVE-2024-23076 (FreeChart v1.5.4 was discovered to contain a
NullPointerException via ...)
TODO: check
CVE-2024-20780 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20779 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20778 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20772 (Media Encoder versions 24.2.1, 23.6.4 and earlier are affected
by a St ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20770 (Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20766 (InDesign Desktop versions 18.5.1, 19.2 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20759 (Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7,
2.4.7-beta3 and ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20758 (Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7,
2.4.7-beta3 and ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20737 (After Effects versions 24.1, 23.6.2 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-1902 (lunary-ai/lunary is vulnerable to a session reuse attack,
allowing a r ...)
TODO: check
CVE-2024-1741 (lunary-ai/lunary version 1.0.1 is vulnerable to improper
authorization ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/730aeaaab50b67ace3e5c67a4107a458307b0fa5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/730aeaaab50b67ace3e5c67a4107a458307b0fa5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
