Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
35c90cfe by Salvatore Bonaccorso at 2024-07-13T09:33:54+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -61,63 +61,63 @@ CVE-2024-39914 (FOG is a cloning/imaging/rescue
suite/inventory management syste
CVE-2024-39909 (KubeClarity is a tool for detection and management of Software
Bill Of ...)
NOT-FOR-US: KubeClarity
CVE-2024-39903 (Solara is a pure Python, React-style framework for scaling
Jupyter and ...)
- TODO: check
+ NOT-FOR-US: Solara
CVE-2024-39340 (Securepoint UTM before 12.6.5 mishandles OTP codes.)
- TODO: check
+ NOT-FOR-US: Securepoint
CVE-2024-38736 (Unrestricted Upload of File with Dangerous Type vulnerability
in Realt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38735 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38734 (Unrestricted Upload of File with Dangerous Type vulnerability
in Sprea ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38717 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38716 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38715 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38709 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38706 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38704 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38700 (Improper Neutralization of Special Elements in Output Used by
a Downst ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37941 (Cross-Site Request Forgery (CSRF) vulnerability in Internal
Link Juice ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37940 (Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite
Solutio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37939 (Cross-Site Request Forgery (CSRF) vulnerability in VolThemes
Patricia ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-37938 (Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop
Sociall ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-37933 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37932 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37928 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-37927 (Improper Privilege Management vulnerability in NooTheme
Jobmonster all ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-37564 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37560 (Improper Privilege Management vulnerability in IqbalRony WP
User Switc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37544 (Missing Authorization vulnerability in Tobias Conrad Get
Better Review ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37405 (Livechat messages can be leaked by combining two NoSQL
injections affe ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat livechat
CVE-2024-37213 (Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo
Team Ali2Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37202 (Missing Authorization vulnerability in BinaryCarpenter
Ultimate Custom ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-36522 (The default configuration of XSLTResourceStream.java is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Apache Wicket
CVE-2024-35773 (Cross-Site Request Forgery (CSRF) vulnerability in WPJohnny,
zerOneIT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41093 (Use After Free vulnerability in Silicon Labs Bluetooth SDK on
32 bit, ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs Bluetooth SDK
CVE-2024-41006 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.9.7-1
NOTE:
https://git.kernel.org/linus/0b9130247f3b6a1122478471ff0e014ea96bb735 (6.10-rc5)
@@ -600,13 +600,13 @@ CVE-2024-4753 (The WP Secure Maintenance WordPress plugin
before 1.7 does not sa
CVE-2024-3112 (The Quotes and Tips by BestWebSoft WordPress plugin before 1.45
does n ...)
NOT-FOR-US: WordPress plugin
CVE-2024-36435 (An issue was discovered on Supermicro BMC firmware in select
X11, X12, ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2024-2696 (The socialdriver-framework WordPress plugin before 2024.04.30
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2640 (The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise
and es ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2430 (The Website Content in Page or Post WordPress plugin before
2024.04.09 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1375 (The Event post plugin for WordPress is vulnerable to
unauthorized bulk ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0974 (The Social Media Widget WordPress plugin before 4.0.9 does not
sanitis ...)
@@ -640,7 +640,7 @@ CVE-2024-5679 (CWE-787: Out-of-Bounds Write vulnerability
exists that could caus
CVE-2024-39905 (Red is a fully modular Discord bot. Due to a bug in Red's Core
API, 3r ...)
NOT-FOR-US: Red Discord bot
CVE-2024-39904 (VNote is a note-taking platform. Prior to 3.18.1, a code
execution vul ...)
- TODO: check
+ NOT-FOR-US: VNote
CVE-2024-39553 (An Exposure of Resource to Wrong Sphere vulnerability in the
sampling ...)
NOT-FOR-US: Juniper
CVE-2024-39552 (An Improper Handling of Exceptional Conditions vulnerability
in the ro ...)
@@ -727,9 +727,9 @@ CVE-2024-37151 (Suricata is a network Intrusion Detection
System, Intrusion Prev
NOTE: https://redmine.openinfosecfoundation.org/issues/7041
NOTE: https://redmine.openinfosecfoundation.org/issues/7042
CVE-2024-32753 (Under certain circumstances the camera may be susceptible to
known vul ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2024-2602 (CWE-22: Improper Limitation of a Pathname to a Restricted
Directory (' ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-28872 (The TLS certificate validation code is flawed. An attacker can
obtain ...)
TODO: check
CVE-2024-6676 (A vulnerability has been found in witmy my-springsecurity-plus
up to 2 ...)
@@ -829,23 +829,23 @@ CVE-2024-39511 (An Improper Input Validation
vulnerability in the 802.1X Authent
CVE-2024-38433 (Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
An attac ...)
NOT-FOR-US: Nuvoton
CVE-2024-25077 (An issue was discovered on Renesas SmartBond DA14691, DA14695,
DA14697 ...)
- TODO: check
+ NOT-FOR-US: Renesas SmartBond devices
CVE-2024-25076 (An issue was discovered on Renesas SmartBond DA14691, DA14695,
DA14697 ...)
- TODO: check
+ NOT-FOR-US: Renesas SmartBond devices
CVE-2024-23485 (Improperly Preserved Integrity of Hardware Configuration State
During ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2024-23317 (External Control of File Name or Path (CWE-73) in the
Controller 6000 ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2024-23194 (Improper output Neutralization for Logs (CWE-117) in the
Command Centr ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2024-22387 (External Control of Critical State Data (CWE-642) in the
Controller 60 ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2024-22280 (VMware Aria Automation does not apply correct input validation
which a ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-1845 (The VikRentCar Car Rental Management System WordPress plugin
before 1. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0619 (The Payflex Payment Gateway plugin for WordPress is vulnerable
to unau ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-15039 (A vulnerability classified as critical was found in mhuertos
phpLDAPad ...)
TODO: check
CVE-2024-5528
@@ -1134,7 +1134,7 @@ CVE-2024-23696 (In RGXCreateZSBufferKM of rgxta3d.c,
there is a possible arbitra
CVE-2024-23695 (In CacheOpPMRExec of cache_km.c, there is a possible out of
bounds wri ...)
NOT-FOR-US: Android
CVE-2024-22477 (A cross-site scripting vulnerability exists in the admin
console OIDC ...)
- TODO: check
+ NOT-FOR-US: PingIdentity
CVE-2024-22377 (The deploy directory in PingFederate runtime nodes is
reachable to una ...)
NOT-FOR-US: PingIdentity
CVE-2024-21993 (SnapCenter versions prior to 5.0p1 are susceptible to a
vulnerability ...)
@@ -1386,7 +1386,7 @@ CVE-2024-38517 (Tencent RapidJSON is vulnerable to
privilege escalation due to a
- rapidjson <unfixed>
NOTE: https://github.com/Tencent/rapidjson/pull/1261
CVE-2024-38363 (Airbyte is a data integration platform for ELT pipelines.
Airbyte conn ...)
- TODO: check
+ NOT-FOR-US: Airbyte
CVE-2024-38278 (A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X
(All ver ...)
NOT-FOR-US: Siemens
CVE-2024-38112 (Windows MSHTML Platform Spoofing Vulnerability)
@@ -1838,35 +1838,35 @@ CVE-2023-40702 (PingOne MFA Integration Kit contains a
vulnerability where the s
CVE-2023-40356 (PingOne MFA Integration Kit contains a vulnerability related
to the Pr ...)
NOT-FOR-US: PingOne MFA Integration Kit
CVE-2023-3290 (A BOLA vulnerability in POST /customers allows a low privileged
user t ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-3289 (A BOLA vulnerability in POST /services allows a low privileged
user to ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-3288 (A BOLA vulnerability in POST /providers allows a low privileged
user t ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-3287 (A BOLA vulnerability in POST /admins allows a low privileged
user to c ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-3286 (A BOLA vulnerability in POST /secretaries allows a low
privileged user ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-3285 (A BOLA vulnerability in POST /appointments allows a low
privileged use ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38055 (A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId}
allows ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38054 (A BOLA vulnerability in GET, PUT, DELETE
/customers/{customerId} allow ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38053 (A BOLA vulnerability in GET, PUT, DELETE
/settings/{settingName} allow ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38052 (A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId}
allows a lo ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38051 (A BOLA vulnerability in GET, PUT, DELETE
/secretaries/{secretaryId} al ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38050 (A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId}
allows ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38049 (A BOLA vulnerability in GET, PUT, DELETE
/appointments/{appointmentId} ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38048 (A BOLA vulnerability in GET, PUT, DELETE
/providers/{providerId} allow ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38047 (A BOLA vulnerability in GET, PUT, DELETE
/categories/{categoryId} allo ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-32737 (A vulnerability has been identified in SIMATIC STEP 7 Safety
V18 (All ...)
NOT-FOR-US: Siemens
CVE-2023-32735 (A vulnerability has been identified in SIMATIC STEP 7 Safety
V16 (All ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35c90cfe813f168eef1a5503e2a0f9e468315223
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35c90cfe813f168eef1a5503e2a0f9e468315223
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
