Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e6cf2bf0 by Salvatore Bonaccorso at 2024-06-26T22:28:16+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
CVE-2024-6354 (Improper access control in PAM dashboard in Devolutions Remote
Desktop ...)
- TODO: check
+ NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2024-6349
REJECTED
CVE-2024-6344 (A vulnerability, which was classified as problematic, was found
in ZKT ...)
- TODO: check
+ NOT-FOR-US: ZKTeco ZKBio CVSecurity V5000
CVE-2024-4604 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in M ...)
- TODO: check
+ NOT-FOR-US: Magarsus Consultancy SSO (Single Sign On)
CVE-2024-4228 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Magarsus Consultancy SSO (Single Sign On)
CVE-2024-39460 (Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and
earlier p ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2024-39459 (In rare cases Jenkins Plain Credentials Plugin
182.v468b_97b_9dcb_8 an ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2024-39458 (When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier
fails to c ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2024-39243 (An issue discovered in skycaiji 2.8 allows attackers to run
arbitrary ...)
- TODO: check
+ NOT-FOR-US: skycaiji
CVE-2024-39242 (A cross-site scripting (XSS) vulnerability in skycaiji v2.8
allows att ...)
- TODO: check
+ NOT-FOR-US: skycaiji
CVE-2024-39241 (Cross Site Scripting (XSS) vulnerability in skycaiji 2.8
allows attack ...)
- TODO: check
+ NOT-FOR-US: skycaiji
CVE-2024-38950 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows
attacker ...)
TODO: check
CVE-2024-38949 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows
attacker ...)
@@ -27,7 +27,7 @@ CVE-2024-38949 (Heap Buffer Overflow vulnerability in
Libde265 v1.0.15 allows at
CVE-2024-38527 (ZenUML is JavaScript-based diagramming tool that requires no
server, u ...)
TODO: check
CVE-2024-38520 (SoftEtherVPN is a an open-source cross-platform multi-protocol
VPN Pro ...)
- TODO: check
+ NOT-FOR-US: SoftEtherVPN
CVE-2024-38375 (@fastly/js-compute is a JavaScript SDK and runtime for
building Fastly ...)
TODO: check
CVE-2024-38272 (There exists a vulnerability in Quickshare/Nearby where an
attacker ca ...)
@@ -35,11 +35,11 @@ CVE-2024-38272 (There exists a vulnerability in
Quickshare/Nearby where an attac
CVE-2024-38271 (There exists a vulnerability in Quickshare/Nearby where an
attacker ca ...)
TODO: check
CVE-2024-37252 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37098 (Server-Side Request Forgery (SSRF) vulnerability in Blossom
Themes Blo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35545 (MAP-OS v4.45.0 and earlier was discovered to contain a
cross-site scri ...)
- TODO: check
+ NOT-FOR-US: MAP-OS
CVE-2024-33329 (A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x
allows att ...)
TODO: check
CVE-2024-33328 (A cross-site scripting (XSS) vulnerability in the component
main.jsp o ...)
@@ -125,9 +125,9 @@ CVE-2024-37138 (Dell PowerProtect DD, versions prior to
8.0, LTS 7.13.1.0, LTS 7
CVE-2024-36802
REJECTED
CVE-2024-35527 (An arbitrary file upload vulnerability in
/fileupload/upload.cfm in Da ...)
- TODO: check
+ NOT-FOR-US: Daemon PTY Limited FarCry Core framework
CVE-2024-35526 (An issue in Daemon PTY Limited FarCry Core framework before
7.2.14 all ...)
- TODO: check
+ NOT-FOR-US: Daemon PTY Limited FarCry Core framework
CVE-2024-34581 (The W3C XML Signature Syntax and Processing (XMLDsig)
specification, s ...)
TODO: check
CVE-2024-34580 (Apache XML Security for C++ through 2.0.4 implements the XML
Signature ...)
@@ -264,7 +264,7 @@ CVE-2024-37086 (VMware ESXi contains an out-of-bounds read
vulnerability.A mali
CVE-2024-37085 (VMware ESXi contains an authentication bypass vulnerability.A
maliciou ...)
NOT-FOR-US: VMware
CVE-2024-36819 (MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site
Scripting (XSS). ...)
- TODO: check
+ NOT-FOR-US: MAP-OS
CVE-2024-34142 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
NOT-FOR-US: Adobe
CVE-2024-34141 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
@@ -582,7 +582,7 @@ CVE-2024-37678 (Cross Site Scripting vulnerability in
Hangzhou Meisoft Informati
CVE-2024-37677 (An issue in Shenzhen Weitillage Industrial Co., Ltd the access
managem ...)
NOT-FOR-US: Shenzhen Weitillage Industrial
CVE-2024-37233 (Improper Authentication vulnerability in Play.Ht allows
Accessing Func ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37231 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: Salon Booking System Salon booking system
CVE-2024-37228 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6cf2bf01b1a41d0f35117cc0f46f077d7bb362c
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6cf2bf01b1a41d0f35117cc0f46f077d7bb362c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
