Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
12197309 by Salvatore Bonaccorso at 2024-07-03T22:56:14+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
CVE-2024-6488
REJECTED
CVE-2024-6471 (A vulnerability classified as critical has been found in
SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Tours & Travels Management
CVE-2024-6470 (A vulnerability was found in playSMS 1.4.3. It has been rated
as probl ...)
- TODO: check
+ NOT-FOR-US: playSMS
CVE-2024-6469 (A vulnerability was found in playSMS 1.4.3. It has been
declared as pr ...)
- TODO: check
+ NOT-FOR-US: playSMS
CVE-2024-6428 (Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2,
9.5.x <= 9. ...)
TODO: check
CVE-2024-6427 (Uncontrolled Resource Consumption vulnerability in
MESbook20221021.03 ...)
- TODO: check
+ NOT-FOR-US: MESbook
CVE-2024-6426 (Information exposure vulnerability in MESbook 20221021.03
version, the ...)
- TODO: check
+ NOT-FOR-US: MESbook
CVE-2024-6126 (A flaw was found in the cockpit package. This flaw allows an
authentic ...)
TODO: check
CVE-2024-6052 (Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29,
2.1.0p45, and ...)
TODO: check
CVE-2024-5887 (Cross-Site Request Forgery (CSRF) in stitionai/devika)
- TODO: check
+ NOT-FOR-US: stitionai/devika
CVE-2024-5821 (Improper Access Control in stitionai/devika)
- TODO: check
+ NOT-FOR-US: stitionai/devika
CVE-2024-5672 (A high privileged remote attacker canexecute arbitrary system
commands ...)
TODO: check
CVE-2024-3332 (A malicious BLE device can send a specific order of packet
sequence to ...)
@@ -29,37 +29,37 @@ CVE-2024-39830 (Mattermost versions 9.8.x <= 9.8.0, 9.7.x
<= 9.7.4, 9.6.x <= 9.6
CVE-2024-39807 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0fail to properly
sanitize ...)
TODO: check
CVE-2024-39683 (ZITADEL is an open-source identity infrastructure tool.
ZITADEL provid ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2024-39361 (Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and
9.5.x <= ...)
TODO: check
CVE-2024-39353 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize
the Remo ...)
TODO: check
CVE-2024-39248 (A cross-site scripting (XSS) vulnerability in SimpCMS v0.1
allows atta ...)
- TODO: check
+ NOT-FOR-US: SimpCMS
CVE-2024-39223 (An authentication bypass in the SSH service of gost v2.11.5
allows att ...)
TODO: check
CVE-2024-39220 (BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD,
AV-01KBD, ...)
- TODO: check
+ NOT-FOR-US: BAS-IP
CVE-2024-37726 (Insecure Permissions vulnerability in Micro-Star International
Co., Lt ...)
- TODO: check
+ NOT-FOR-US: Micro-Star International Co. Ltd MSI Center
CVE-2024-37157 (Discourse is an open-source discussion platform. Prior to
version 3.2. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-36257 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0,when using shared
channel ...)
TODO: check
CVE-2024-36122 (Discourse is an open-source discussion platform. Prior to
version 3.2. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-36113 (Discourse is an open-source discussion platform. Prior to
version 3.2. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-35234 (Discourse is an open-source discussion platform. Prior to
version 3.2. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-35227 (Discourse is an open-source discussion platform. Prior to
version 3.2. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-34750 (Improper Handling of Exceptional Conditions, Uncontrolled
Resource Con ...)
TODO: check
CVE-2024-32937 (An os command injection vulnerability exists in the CWMP
SelfDefinedTi ...)
- TODO: check
+ NOT-FOR-US: Grandstream GXP2135
CVE-2024-31223 (Fides is an open-source privacy engineering platform, and
`SERVER_SIDE ...)
- TODO: check
+ NOT-FOR-US: Fides
CVE-2024-29511 (Artifex Ghostscript before 10.03.1, when Tesseract is used for
OCR, ha ...)
TODO: check
CVE-2024-29509 (Artifex Ghostscript before 10.03.0 has a heap-based overflow
when PDFP ...)
@@ -163,7 +163,7 @@ CVE-2024-4467 (A flaw was found in the QEMU disk image
utility (qemu-img) 'info'
CVE-2024-4268 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for
WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3826 (In versions of Akana in versions prior to and including
2022.1.3 valid ...)
- TODO: check
+ NOT-FOR-US: Akana
CVE-2024-39894 (OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing
attacks aga ...)
- openssh <unfixed>
[bookworm] - openssh <not-affected> (Vulnerable code not present)
@@ -187,7 +187,7 @@ CVE-2024-39119 (idccms v1.35 was discovered to contain a
Cross-Site Request Forg
CVE-2024-38857 (Improper neutralization of input in Checkmk before versions
2.3.0p8, 2 ...)
TODO: check
CVE-2024-38537 (Fides is an open-source privacy engineering platform.
`fides.js`, a cl ...)
- TODO: check
+ NOT-FOR-US: Fides
CVE-2024-38519 (`yt-dlp` is a command-line audio/video downloader. Prior to
version 20 ...)
- yt-dlp 2024.07.01-1 (unimportant)
NOTE:
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j
@@ -195,57 +195,57 @@ CVE-2024-38519 (`yt-dlp` is a command-line audio/video
downloader. Prior to vers
NOTE: https://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp/
NOTE: Exploitable issue under Windows
CVE-2024-37185 (in OpenHarmony v4.0.0 and prior versions allow a remote
attacker arbit ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-37077 (in OpenHarmony v4.0.0 and prior versions allow a remote
attacker arbit ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-37030 (in OpenHarmony v4.0.0 and prior versions allow a remote
attacker arbit ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-36404 (GeoTools is an open source Java library that provides tools
for geospa ...)
TODO: check
CVE-2024-36278 (in OpenHarmony v4.0.0 and prior versions allow a local
attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-36260 (in OpenHarmony v4.0.0 and prior versions allow a remote
attacker arbit ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-36243 (in OpenHarmony v4.0.0 and prior versions allow a remote
attacker arbit ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-34601 (Improper verification of intent by broadcast receiver
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34600 (Improper verification of intent by broadcast receiver
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34599 (Improper input validation in Tips prior to version 6.2.9.4 in
Android ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34597 (Improper input validation in Samsung Health prior to version
6.27.0.11 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34596 (Improper authentication in SmartThings prior to version 1.8.17
allows ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34595 (Improper access control in clickAdapterItem of SystemUI prior
to SMR J ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34594 (Exposure of sensitive information in proc file system prior to
SMR Jul ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34593 (Improper input validation in parsing and distributing RTCP
packet in l ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34592 (Improper input validation in parsing RTCP SDES packet in
librtp.so pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34591 (Improper input validation in parsing an item data from RTCP
SDES packe ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34590 (Improper input validation\ud63bin parsing an item type from
RTCP SDES ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34589 (Improper input validation in parsing RTCP RR packet in
librtp.so prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34588 (Improper input validation\ud63bin parsing RTCP SR packet in
librtp.so ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34587 (Improper input validation in parsing application information
from RTCP ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34586 (Improper access control in KnoxCustomManagerService prior to
SMR Jul-2 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34585 (Improper access control in launchApp of SystemUI prior to SMR
Jul-2024 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34584 (Improper privilege management in SumeNNService prior to SMR
Jul-2024 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34583 (Improper access control in system property prior to SMR
Jul-2024 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34122 (Acrobat for Edge versions 126.0.2592.68 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Acrobat for Edge
CVE-2024-32932 (Under certain circumstances the web interface users
credentials may be ...)
TODO: check
CVE-2024-32757 (Under certain circumstances unnecessary user details are
provided with ...)
@@ -255,7 +255,7 @@ CVE-2024-32756 (Under certain circumstances the Linux users
credentials may be r
CVE-2024-32755 (Under certain circumstances the web interface will accept
characters u ...)
TODO: check
CVE-2024-31071 (in OpenHarmony v4.0.0 and prior versions allow a local
attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-26314 (Improper privilege management in Jungo WinDriver 6.0.0 through
16.1.0 ...)
TODO: check
CVE-2024-25088 (Improper privilege management in Jungo WinDriver before 12.5.1
allows ...)
@@ -357,11 +357,11 @@ CVE-2024-39309 (Parse Server is an open source backend
that can be deployed to a
CVE-2024-39305 (Envoy is a cloud-native, open source edge and service proxy.
Prior to ...)
- envoyproxy <itp> (bug #987544)
CVE-2024-38368 (trunk.cocoapods.org is the authentication server for the
CoacoaPods de ...)
- TODO: check
+ NOT-FOR-US: trunk.cocoapods.org authentication server for the
CoacoaPods dependency manager
CVE-2024-38367 (trunk.cocoapods.org is the authentication server for the
CoacoaPods de ...)
- TODO: check
+ NOT-FOR-US: trunk.cocoapods.org authentication server for the
CoacoaPods dependency manager
CVE-2024-38366 (trunk.cocoapods.org is the authentication server for the
CoacoaPods de ...)
- TODO: check
+ NOT-FOR-US: trunk.cocoapods.org authentication server for the
CoacoaPods dependency manager
CVE-2024-37765 (Machform up to version 19 is affected by an authenticated
Blind SQL in ...)
NOT-FOR-US: Machform
CVE-2024-37764 (MachForm up to version 19 is affected by an authenticated
stored cross ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12197309541c61c97f0f6c3a3af7bec7701dd779
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12197309541c61c97f0f6c3a3af7bec7701dd779
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
