Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ef54c2dc by Salvatore Bonaccorso at 2024-07-10T22:58:18+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53,29 +53,29 @@ CVE-2024-40329 (idccms v1.35 was discovered to contain a
Cross-Site Request Forg
CVE-2024-40328 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
NOT-FOR-US: idccms
CVE-2024-3799 (Insecure handling of POST header parameter bodyincluded in
requests be ...)
- TODO: check
+ NOT-FOR-US: Phoniebox
CVE-2024-3798 (Insecure handling of GET header parameter fileincluded in
requests bei ...)
- TODO: check
+ NOT-FOR-US: Phoniebox
CVE-2024-3325 (Vulnerability in Jaspersoft JasperReport Servers.This issue
affects Ja ...)
- jasperreports <removed>
CVE-2024-39693 (Next.js is a React framework. A Denial of Service (DoS)
condition was ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2024-38354 (CodiMD allows realtime collaborative markdown notes on all
platforms. ...)
- TODO: check
+ NOT-FOR-US: HackMD CodiMD
CVE-2024-38353 (CodiMD allows realtime collaborative markdown notes on all
platforms. ...)
- TODO: check
+ NOT-FOR-US: HackMD CodiMD
CVE-2024-37770 (14Finger v1.1 was discovered to contain a remote command
execution (RC ...)
- TODO: check
+ NOT-FOR-US: 14Finger
CVE-2024-37504 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37498 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37310 (EVerest is an EV charging software stack. An integer overflow
in the " ...)
TODO: check
CVE-2024-37270 (Insertion of Sensitive Information into Log File vulnerability
in Trus ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37205 (Insertion of Sensitive Information into Log File vulnerability
in SERV ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37149 (GLPI is an open-source asset and IT management software
package that p ...)
- glpi <removed>
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-cwvp-j887-m4xh
@@ -86,25 +86,25 @@ CVE-2024-37147 (GLPI is an open-source asset and IT
management software package
- glpi <removed>
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-f2cg-fc85-ffmh
CVE-2024-37115 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37113 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37110 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32759 (Under certain circumstances the Software House C\u25cfCURE
9000 instal ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2024-32469 (Decidim is a participatory democracy framework. The pagination
feature ...)
- TODO: check
+ NOT-FOR-US: Decidim
CVE-2024-28828 (Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, <
2.1.0p4 ...)
TODO: check
CVE-2024-28827 (Incorrect permissions on the Checkmk Windows Agent's data
directory in ...)
TODO: check
CVE-2024-27095 (Decidim is a participatory democracy framework. The admin
panel is sub ...)
- TODO: check
+ NOT-FOR-US: Decidim
CVE-2024-27090 (Decidim is a participatory democracy framework, written in
Ruby on Rai ...)
- TODO: check
+ NOT-FOR-US: Decidim
CVE-2024-20456 (A vulnerability in the boot process of Cisco IOS XR Software
could all ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-35006 (IBM Security QRadar EDR 3.12 is vulnerable to HTML injection.
A remote ...)
NOT-FOR-US: IBM
CVE-2023-33860 (IBM Security QRadar EDR 3.12 does not set the secure attribute
on auth ...)
@@ -116,9 +116,9 @@ CVE-2024-6550 (The Gravity Forms: Multiple Form Instances
plugin for WordPress i
CVE-2024-6433 (Relative Path Traversal in GitHub repository stitionai/devika
prior to ...)
NOT-FOR-US: stitionai/devika
CVE-2024-6422 (An unauthenticated remote attacker can manipulate the device
via Telne ...)
- TODO: check
+ NOT-FOR-US: Pepperl+Fuchs SE
CVE-2024-6421 (An unauthenticated remote attacker can read out sensitive
device infor ...)
- TODO: check
+ NOT-FOR-US: Pepperl+Fuchs SE
CVE-2024-6411 (The ProfileGrid \u2013 User Profiles, Groups and Communities
plugin fo ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6410 (The ProfileGrid \u2013 User Profiles, Groups and Communities
plugin fo ...)
@@ -182,7 +182,7 @@ CVE-2024-38301 (Dell Alienware Command Center, version
5.7.3.0 and prior, contai
CVE-2024-37865 (An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in
v.11.5.7 allo ...)
NOT-FOR-US: S3Browser
CVE-2024-37829 (An issue in Outline <= v0.76.1 allows attackers to execute a
session h ...)
- TODO: check
+ NOT-FOR-US: Outline
CVE-2024-36676 (Incorrect access control in BookStack before v24.05.1 allows
attackers ...)
NOT-FOR-US: bookstack
CVE-2024-36453 (Cross-site scripting vulnerability exists in session_login.cgi
of Webm ...)
@@ -457,9 +457,9 @@ CVE-2024-3563 (The Genesis Blocks plugin for WordPress is
vulnerable to Stored C
CVE-2024-3228 (The Social Sharing Plugin \u2013 Kiwi plugin for WordPress is
vulnerab ...)
NOT-FOR-US: WordPress plugin
CVE-2024-39899 (PrivateBin is an online pastebin where the server has zero
knowledge o ...)
- TODO: check
+ NOT-FOR-US: PrivateBin
CVE-2024-39897 (zot is an OCI image registry. Prior to 2.1.0, the cache driver
`GetBlo ...)
- TODO: check
+ NOT-FOR-US: zot
CVE-2024-39888 (A vulnerability has been identified in Mendix Encryption (All
versions ...)
NOT-FOR-US: Siemens
CVE-2024-39876 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
@@ -489,7 +489,7 @@ CVE-2024-39865 (A vulnerability has been identified in
SINEMA Remote Connect Ser
CVE-2024-39698 (electron-updater allows for automatic updates for Electron
apps. The f ...)
TODO: check
CVE-2024-39697 (phonenumber is a library for parsing, formatting and
validating intern ...)
- TODO: check
+ NOT-FOR-US: Rust crate phonenumber
CVE-2024-39684 (Tencent RapidJSON is vulnerable to privilege escalation due to
an inte ...)
TODO: check
CVE-2024-39675 (A vulnerability has been identified in RUGGEDCOM RMC30 (All
versions < ...)
@@ -713,7 +713,7 @@ CVE-2024-37871 (SQL injection vulnerability in login.php in
Itsourcecode Online
CVE-2024-37870 (SQL injection vulnerability in processscore.php in Learning
Management ...)
NOT-FOR-US: Learning Management System Project In PHP With Source Code
CVE-2024-37830 (An issue in Outline <= v0.76.1 allows attackers to redirect a
victim u ...)
- TODO: check
+ NOT-FOR-US: Outline
CVE-2024-37520 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: WordPress plugin
CVE-2024-37513 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef54c2dc4b556133eeccc8b1ae4338f350502a5a
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef54c2dc4b556133eeccc8b1ae4338f350502a5a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
