Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fc7b6fe7 by Salvatore Bonaccorso at 2024-06-12T22:26:24+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,79 +1,79 @@
CVE-2024-5909 (A problem with a protection mechanism in the Palo Alto Networks
Cortex ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-5908 (A problem with the Palo Alto Networks GlobalProtect app can
result in ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-5907 (A privilege escalation (PE) vulnerability in the Palo Alto
Networks Co ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-5906 (A cross-site scripting (XSS) vulnerability in Palo Alto
Networks Prism ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-5905 (A problem with a protection mechanism in the Palo Alto Networks
Cortex ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-5898 (A vulnerability was found in itsourcecode Payroll Management
System 1. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Payroll Management System
CVE-2024-5897 (A vulnerability has been found in SourceCodester Employee and
Visitor ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Employee and Visitor Gate Pass Logging System
CVE-2024-5896 (A vulnerability, which was classified as critical, was found in
Source ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Employee and Visitor Gate Pass Logging System
CVE-2024-5895 (A vulnerability, which was classified as critical, has been
found in S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Employee and Visitor Gate Pass Logging System
CVE-2024-5894 (A vulnerability classified as critical was found in
SourceCodester Onl ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Eyewear Shop
CVE-2024-5893 (A vulnerability classified as critical has been found in
SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Cab Management System
CVE-2024-5891 (A vulnerability was found in Quay. If an attacker can obtain
the clien ...)
- TODO: check
+ NOT-FOR-US: Quay
CVE-2024-5798 (Vault and Vault Enterprise did not properly validate the JSON
Web Toke ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2024-5759 (An improper privilege management vulnerability exists in
Tenable Secur ...)
- TODO: check
+ NOT-FOR-US: Tenable Security Center
CVE-2024-5674 (The Newsletter - API v1 and v2 addon plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5560 (CWE-125: Out-of-bounds Read vulnerability exists that could
cause deni ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-5559 (CWE-327: Use of a Broken or Risky Cryptographic Algorithm
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-5558 (CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-5557 (CWE-532: Insertion of Sensitive Information into Log File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-5468 (The WordPress Header Builder Plugin \u2013 Pearl plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5313 (CWE-668: Exposure of the Resource Wrong Sphere vulnerability
exists th ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-5266 (The Download Manager Pro plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5211 (A path traversal vulnerability in mintplex-labs/anything-llm
allowed a ...)
- TODO: check
+ NOT-FOR-US: mintplex-labs/anything-llm
CVE-2024-5056 (CWE-552: Files or Directories Accessible to External Parties
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-4898 (The InstaWP Connect \u2013 1-click WP Staging & Migration
plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4845 (The Icegram Express plugin for WordPress is vulnerable to SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3492 (The Events Manager \u2013 Calendar, Bookings, Tickets, and
more! plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37878 (Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a
remote at ...)
- TODO: check
+ NOT-FOR-US: TWCMS
CVE-2024-37629 (SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS)
via the ...)
- TODO: check
+ NOT-FOR-US: SummerNote
CVE-2024-37304 (NuGet Gallery is a package repository that powers nuget.org.
The NuGet ...)
TODO: check
CVE-2024-37300 (OAuthenticator is software that allows OAuth2 identity
providers to be ...)
TODO: check
CVE-2024-37297 (WooCommerce is an open-source e-commerce platform built on
WordPress. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37040 (CWE-120: Buffer Copy without Checking Size of Input
(\u2018Classic Buf ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-37039 (CWE-252: Unchecked Return Value vulnerability exists that
could cause ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-37038 (CWE-276: Incorrect Default Permissions vulnerability exists
that could ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-37037 (CWE-22: Improper Limitation of a Pathname to a Restricted
Directory (\ ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-37036 (CWE-787: Out-of-bounds Write vulnerability exists that could
result in ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-36840 (SQL Injection vulnerability in Boelter Blue System Management
v.1.3 al ...)
- TODO: check
+ NOT-FOR-US: Boelter Blue System Management
CVE-2024-36761 (naga v0.14.0 was discovered to contain a stack overflow via
the compon ...)
TODO: check
CVE-2024-36699 (GNU Debugger v8.2 to v14.2 was discovered to contain a buffer
overflow ...)
@@ -81,11 +81,11 @@ CVE-2024-36699 (GNU Debugger v8.2 to v14.2 was discovered
to contain a buffer ov
CVE-2024-36691 (Insecure permissions in the AdminController.AjaxSave() method
of PPGo_ ...)
TODO: check
CVE-2024-36265 (** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Apache Submarine Server Core
CVE-2024-36264 (** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Apache Submarine Commons Utils
CVE-2024-36263 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of
Special Ele ...)
- TODO: check
+ NOT-FOR-US: Apache Submarine Server Core
CVE-2024-34065 (Strapi is an open-source content management system. By
combining two v ...)
TODO: check
CVE-2024-31881 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc7b6fe78e181ab6e34789a53ab41b5cf5391cea
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc7b6fe78e181ab6e34789a53ab41b5cf5391cea
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
