Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a272d647 by Salvatore Bonaccorso at 2024-06-20T23:16:05+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43,45 +43,45 @@ CVE-2024-37897 (SFTPGo is a full-featured and highly
configurable SFTP, HTTP/S,
CVE-2024-37818 (Strapi v4.24.4 was discovered to contain a Server-Side Request
Forgery ...)
NOT-FOR-US: Strapi
CVE-2024-37699 (An issue in DataLife Engine v.17.1 and before is vulnerable to
SQL Inj ...)
- TODO: check
+ NOT-FOR-US: DataLife Engine
CVE-2024-37676 (An issue in htop-dev htop v.2.20 allows a local attacker to
cause an o ...)
TODO: check
CVE-2024-37674 (Cross Site Scripting vulnerability in Moodle CMS v3.10 allows
a remote ...)
- moodle <removed>
CVE-2024-37626 (A command injection issue in TOTOLINK A6000R
V1.0.1-B20201211.2000 fir ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-37532 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to
identity ...)
NOT-FOR-US: IBM
CVE-2024-37352 (There is a cross-site scripting vulnerability in the
management UI of ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37351 (There is a cross-site scripting vulnerability in the
management UI of ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37350 (There is a cross-site scripting vulnerability in the policy
management ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37349 (There is a cross-site scripting vulnerability in the
management UI of ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37348 (There is a cross-site scripting vulnerability in the
management UI of ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37347 (There is a cross-site scripting vulnerability in the pool
configuratio ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37346 (There is an insufficient input validation vulnerability in the
Warehou ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37345 (There is a cross-site scripting vulnerability in the Secure
Access adm ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37344 (There is a cross-site scripting vulnerability in the Policy
management ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37343 (There is a cross-site scripting vulnerability in the Secure
Access adm ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37222 (Cross Site Scripting (XSS) vulnerability in Averta Master
Slider allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34693 (Improper Input Validation vulnerability in Apache Superset,
allows for ...)
- TODO: check
+ NOT-FOR-US: Apache Superset
CVE-2024-33335 (SQL Injection vulnerability in H3C SeaSQL DWS v.2.0 allows a
remote at ...)
- TODO: check
+ NOT-FOR-US: H3C SeaSQL DWS
CVE-2024-29013 (Heap-based buffer overflow vulnerability in the SonicOS
SSL-VPN allows ...)
- TODO: check
+ NOT-FOR-US: SonicOS SSL-VPN
CVE-2024-29012 (Stack-based buffer overflow vulnerability in the SonicOS HTTP
server a ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2024-28397 (An issue in the component js2py.disable_pyimport() of js2py up
to v0.7 ...)
TODO: check
CVE-2024-28147 (An authenticated user can upload arbitrary files in the upload
functi ...)
@@ -103100,7 +103100,7 @@ CVE-2023-25648 (There is a weak folder permission
vulnerability in ZTE's ZXCLOUD
CVE-2023-25647 (There is a permission and access control vulnerability in some
ZTE mob ...)
NOT-FOR-US: ZTE
CVE-2023-25646 (There is an unauthorized access vulnerability in ZTE H388X. If
H388X i ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2023-25645 (There is a permission and access control vulnerability in some
ZTE And ...)
NOT-FOR-US: ZTE
CVE-2023-25644 (There is a denial of service vulnerability in some ZTEmobile
internet ...)
@@ -122119,7 +122119,7 @@ CVE-2022-45931 (A SQL injection issue was discovered
in AAA in OpenDaylight (ODL
CVE-2022-45930 (A SQL injection issue was discovered in AAA in OpenDaylight
(ODL) befo ...)
NOT-FOR-US: OpenDaylight
CVE-2022-45929 (Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0,
and 3.6.x ...)
- TODO: check
+ NOT-FOR-US: Northern.tech Mender
CVE-2022-45928 (A remote OScript execution issue was discovered in OpenText
Content Su ...)
NOT-FOR-US: OpenText
CVE-2022-45927 (An issue was discovered in OpenText Content Suite Platform
22.1 (16.2. ...)
@@ -138167,7 +138167,7 @@ CVE-2022-41325 (An integer overflow in the VNC module
in VideoLAN VLC Media Play
NOTE: https://www.videolan.org/security/sb-vlc3018.html
NOTE: https://code.videolan.org/videolan/vlc/-/issues/27335
CVE-2022-41324 (Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0
has Inc ...)
- TODO: check
+ NOT-FOR-US: Northern.tech Mender
CVE-2022-41323 (In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before
4.1.2, i ...)
{DSA-5254-1}
- python-django 3:3.2.16-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a272d647eb6e198cff5f0c3eb9f67de9d8ca787d
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a272d647eb6e198cff5f0c3eb9f67de9d8ca787d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
