Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
744ae13c by Salvatore Bonaccorso at 2024-07-15T20:21:21+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26,7 +26,8 @@ CVE-2024-6732 (A vulnerability classified as critical was
found in SourceCodeste
CVE-2024-6731 (A vulnerability classified as critical has been found in
SourceCodeste ...)
NOT-FOR-US: SourceCodester Student Study Center Desk Management System
CVE-2024-6540 (Improper filtering of fields when using the export function in
the tic ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Issue is listed as specific to >= 7.x, so won't affect Znuny
which forked from 6.x
CVE-2024-6345 (A vulnerability in the package_index module of pypa/setuptools
version ...)
TODO: check
CVE-2024-6289 (The WPS Hide Login WordPress plugin before 1.9.16.4 does not
prevent r ...)
@@ -62,15 +63,16 @@ CVE-2024-39729 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7,
9.1.8, and 9.1.9 coul
CVE-2024-39728 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is
vulnera ...)
NOT-FOR-US: IBM
CVE-2024-23794 (An incorrect privilege assignment vulnerability in the inline
editing ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Issue is listed as specific to >= 7.x, so won't affect Znuny
which forked from 6.x
CVE-2024-21513 (Versions of the package langchain-experimental from 0.0.15 and
before ...)
- TODO: check
+ NOT-FOR-US: langchain-experimental
CVE-2023-49566 (In Apache Linkis <=1.5.0, due to the lack of effective
filtering of pa ...)
- TODO: check
+ NOT-FOR-US: Apache Linkis
CVE-2023-46801 (In Apache Linkis <= 1.5.0, data source management module, when
adding ...)
- TODO: check
+ NOT-FOR-US: Apache Linkis
CVE-2023-41916 (In Apache Linkis =1.4.0, due to the lack of effective
filtering of par ...)
- TODO: check
+ NOT-FOR-US: Apache Linkis
CVE-2024-39734 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9
does not s ...)
NOT-FOR-US: IBM
CVE-2024-39733 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9
stores use ...)
@@ -922,7 +924,7 @@ CVE-2024-32753 (Under certain circumstances the camera may
be susceptible to kno
CVE-2024-2602 (CWE-22: Improper Limitation of a Pathname to a Restricted
Directory (' ...)
NOT-FOR-US: Schneider Electric
CVE-2024-28872 (The TLS certificate validation code is flawed. An attacker can
obtain ...)
- TODO: check
+ NOT-FOR-US: Stork
CVE-2024-6676 (A vulnerability has been found in witmy my-springsecurity-plus
up to 2 ...)
NOT-FOR-US: witmy my-springsecurity-plus
CVE-2024-6666 (The WP ERP plugin for WordPress is vulnerable to SQL Injection
via the ...)
@@ -1129,7 +1131,7 @@ CVE-2024-37504 (Exposure of Sensitive Information to an
Unauthorized Actor vulne
CVE-2024-37498 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
NOT-FOR-US: WordPress plugin
CVE-2024-37310 (EVerest is an EV charging software stack. An integer overflow
in the " ...)
- TODO: check
+ NOT-FOR-US: EVerest
CVE-2024-37270 (Insertion of Sensitive Information into Log File vulnerability
in Trus ...)
NOT-FOR-US: WordPress plugin
CVE-2024-37205 (Insertion of Sensitive Information into Log File vulnerability
in SERV ...)
@@ -1338,17 +1340,17 @@ CVE-2024-21993 (SnapCenter versions prior to 5.0p1 are
susceptible to a vulnerab
CVE-2024-21832 (A potential JSON injection attack vector exists in
PingFederate REST A ...)
NOT-FOR-US: PingIdentity
CVE-2024-21526 (All versions of the package speaker are vulnerable to Denial
of Servic ...)
- TODO: check
+ NOT-FOR-US: speaker Node.js module
CVE-2024-21525 (All versions of the package node-twain are vulnerable to
Improper Chec ...)
- TODO: check
+ NOT-FOR-US: node-twain
CVE-2024-21524 (All versions of the package node-stringbuilder are vulnerable
to Out-o ...)
- TODO: check
+ NOT-FOR-US: node-stringbuilder
CVE-2024-21523 (All versions of the package images are vulnerable to Denial of
Service ...)
- TODO: check
+ NOT-FOR-US: images Node.js module
CVE-2024-21522 (All versions of the package audify are vulnerable to Improper
Validati ...)
- TODO: check
+ NOT-FOR-US: audify Node.js module
CVE-2024-21521 (All versions of the package @discordjs/opus are vulnerable to
Denial o ...)
- TODO: check
+ NOT-FOR-US: @discordjs/opus
CVE-2024-21417 (Windows Text Services Framework Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-7062 (The Advanced File Manager Shortcodes plugin for WordPress is
vulnerabl ...)
@@ -1548,7 +1550,7 @@ CVE-2024-39866 (A vulnerability has been identified in
SINEMA Remote Connect Ser
CVE-2024-39865 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
NOT-FOR-US: Siemens
CVE-2024-39698 (electron-updater allows for automatic updates for Electron
apps. The f ...)
- TODO: check
+ NOT-FOR-US: electron-updater
CVE-2024-39697 (phonenumber is a library for parsing, formatting and
validating intern ...)
NOT-FOR-US: Rust crate phonenumber
CVE-2024-39684 (Tencent RapidJSON is vulnerable to privilege escalation due to
an inte ...)
@@ -2311,7 +2313,7 @@ CVE-2024-39695 (Exiv2 is a command-line utility and C++
library for reading, wri
NOTE: Introduced after:
https://github.com/Exiv2/exiv2/commit/cb7a48f84aeb30251caae909901555dffa4e9fcb
(v0.28.0)
NOTE: Fixed by:
https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387
(v0.28.3)
CVE-2024-39677 (NHibernate is an object-relational mapper for the .NET
framework. A SQ ...)
- TODO: check
+ NOT-FOR-US: NHibernate
CVE-2024-39312 (Botan is a C++ cryptography library. X.509 certificates can
identify e ...)
- botan 2.19.5+dfsg-1
NOTE:
https://github.com/randombit/botan/security/advisories/GHSA-jp24-56jm-gg86
@@ -2356,7 +2358,7 @@ CVE-2024-23562 (This vulnerability is being re-assessed.
Vulnerability details w
CVE-2024-21778 (A heap-based buffer overflow vulnerability exists in the
configuration ...)
NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2024-1305 (tap-windows6 driver version 9.26 and earlier does not properly
check ...)
- TODO: check
+ NOT-FOR-US: OpenVPN Windows TAP driver
CVE-2023-50383 (Three os command injection vulnerabilities exist in the boa
formWsc fu ...)
NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-50382 (Three os command injection vulnerabilities exist in the boa
formWsc fu ...)
@@ -2890,7 +2892,7 @@ CVE-2024-39322 (aimeos/ai-admin-jsonadm is the Aimeos
e-commerce JSON API for ad
CVE-2024-38453 (The Avalara for Salesforce CPQ app before 7.0 for Salesforce
allows at ...)
NOT-FOR-US: Avalara for Salesforce CPQ app
CVE-2024-37082 (When deploying Cloud Foundry together with the
haproxy-boshrelease and ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2024-32673 (Improper Validation of Array Index vulnerability in Samsung
Open Sourc ...)
TODO: check
CVE-2024-2376 (The WPQA Builder WordPress plugin before 6.1.1 does not have
CSRF chec ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/744ae13ccaae06cf3256835e51f067d1ffd458ac
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/744ae13ccaae06cf3256835e51f067d1ffd458ac
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
