Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fd2955a9 by Salvatore Bonaccorso at 2024-06-03T22:42:50+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2024-5404 (An unauthenticated remote attackercan change the admin password
in amo ...)
- TODO: check
+ NOT-FOR-US: ifm electronic GmbH
CVE-2024-5388
REJECTED
CVE-2024-5387
@@ -13,27 +13,27 @@ CVE-2024-5197 (There exists interger overflows in libvpx in
versions prior to 1.
- libvpx 1.14.1-1
NOTE: https://issues.chromium.org/issues/332382766
CVE-2024-4540 (A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization
Request ...)
- TODO: check
+ NOT-FOR-US: Keycloak
CVE-2024-4332 (An authentication bypass vulnerability has been identified in
the REST ...)
- TODO: check
+ NOT-FOR-US: Tripwire Enterprise
CVE-2024-3829 (qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file
read a ...)
- TODO: check
+ NOT-FOR-US: qdrant
CVE-2024-37019 (Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before
3.7.4 ha ...)
- TODO: check
+ NOT-FOR-US: Northern.tech Mender Enterprise
CVE-2024-36783 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to
contain a comm ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-36729 (TRENDnet TEW-827DRU devices through 2.06B04 contain a
stack-based buff ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2024-36728 (TRENDnet TEW-827DRU devices through 2.06B04 contain a
stack-based buff ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2024-36674 (LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS)
via adm ...)
- TODO: check
+ NOT-FOR-US: LyLme_spage
CVE-2024-36569 (Sourcecodester Gas Agency Management System v1.0 is vulnerable
to arbi ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Gas Agency Management System
CVE-2024-36568 (Sourcecodester Gas Agency Management System v1.0 is vulnerable
to SQL ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Gas Agency Management System
CVE-2024-36128 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2024-36127 (apko is an apk-based OCI image builder. apko exposures HTTP
basic auth ...)
TODO: check
CVE-2024-36124 (iq80 Snappy is a compression/decompression library. When
uncompressing ...)
@@ -41,77 +41,77 @@ CVE-2024-36124 (iq80 Snappy is a compression/decompression
library. When uncompr
CVE-2024-36123 (Citizen is a MediaWiki skin that makes extensions part of the
cohesive ...)
TODO: check
CVE-2024-35639 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35638 (Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND
Inc. Act ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35637 (Server-Side Request Forgery (SSRF) vulnerability in Church
Admin.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35635 (Server-Side Request Forgery (SSRF) vulnerability in
WPManageNinja LLC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35633 (Server-Side Request Forgery (SSRF) vulnerability in
CreativeThemes Blo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35632 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks.
Integrat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35631 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35630 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34987 (A SQL Injection vulnerability exists in the
`ofrs/admin/index.php` scr ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Online Fire Reporting System
CVE-2024-34803 (Missing Authorization vulnerability in Fastly.This issue
affects Fastl ...)
TODO: check
CVE-2024-34801 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34798 (Insertion of Sensitive Information into Log File vulnerability
in Lukm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34797 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34796 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34795 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34794 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34793 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34791 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34790 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34789 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34770 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34769 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34767 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34766 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34764 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34754 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34385 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34051 (A Reflected Cross-site scripting (XSS) vulnerability located
in htdocs ...)
TODO: check
CVE-2024-32983 (Misskey is an open source, decentralized microblogging
platform. Missk ...)
TODO: check
CVE-2024-31684 (Incorrect access control in the fingerprint authentication
mechanism o ...)
- TODO: check
+ NOT-FOR-US: Bitdefender Mobile Security
CVE-2024-31682 (Incorrect access control in the fingerprint authentication
mechanism o ...)
TODO: check
CVE-2024-23670 (An improper authorization in Fortinet FortiWebManager version
7.2.0 an ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-23668 (An improper authorization in Fortinet FortiWebManager version
7.2.0 an ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-23667 (An improper authorization in Fortinet FortiWebManager version
7.2.0 an ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-23665 (Multiple improper authorization vulnerabilities [CWE-285] in
FortiWeb ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-23664 (A URL redirection to untrusted site ('open redirect') in
Fortinet Fort ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-23363 (Transient DOS while processing an improperly formatted Fine
Time Measu ...)
TODO: check
CVE-2024-23360 (Memory corruption while creating a LPAC client as LPAC engine
was allo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd2955a970c70ca4695f76cc302cb267cc9d0691
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd2955a970c70ca4695f76cc302cb267cc9d0691
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
