Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
723fe1c5 by Salvatore Bonaccorso at 2024-07-15T22:31:21+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2024-6746 (A vulnerability classified as problematic was found in
NaiboWang EasyS ...)
- TODO: check
+ NOT-FOR-US: NaiboWang EasySpider
CVE-2024-6745 (A vulnerability classified as critical has been found in
code-projects ...)
- TODO: check
+ NOT-FOR-US: code-projects Simple Ticket Booking
CVE-2024-6741 (Openfind's Mail2000 has a vulnerability that allows the
HttpOnly flag ...)
- TODO: check
+ NOT-FOR-US: Openfind's Mail2000
CVE-2024-6740 (Openfind's Mail2000 does not properly validate email
atachments, allow ...)
- TODO: check
+ NOT-FOR-US: Openfind's Mail2000
CVE-2024-6721
REJECTED
CVE-2024-6689 (Local Privilege Escalation in MSI-Installer in baramundi
Management Ag ...)
- TODO: check
+ NOT-FOR-US: MSI-Installer in baramundi Management Agent
CVE-2024-6398 (An information disclosure vulnerability in SWG in versions 12.x
prior ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2024-5402 (Unquoted Search Path or Element vulnerability in ABB Mint
Workbench. ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-40631 (Plate media is an open source, rich-text editor for React.
Editors tha ...)
TODO: check
CVE-2024-40630 (OpenImageIO is a toolset for reading, writing, and
manipulating image ...)
@@ -23,19 +23,19 @@ CVE-2024-40627 (Fastapi OPA is an opensource fastapi
middleware which includes a
CVE-2024-40624 (TorrentPier is an open source BitTorrent Public/Private
tracker engine ...)
TODO: check
CVE-2024-40560 (Tmall_demo before v2024.07.03 was discovered to contain a SQL
injectio ...)
- TODO: check
+ NOT-FOR-US: Tmall_demo
CVE-2024-40555 (Tmall_demo v2024.07.03 was discovered to contain an arbitrary
file upl ...)
- TODO: check
+ NOT-FOR-US: Tmall_demo
CVE-2024-40554 (An access control issue in Tmall_demo v2024.07.03 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: Tmall_demo
CVE-2024-40553 (Tmall_demo v2024.07.03 was discovered to contain an arbitrary
file upl ...)
- TODO: check
+ NOT-FOR-US: Tmall_demo
CVE-2024-40416 (A vulnerability in /goform/SetVirtualServerCfg in the
sub_6320C functi ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-40415 (A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4
function ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-40414 (A vulnerability in /goform/SetNetControlList in the sub_656BC
function ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-39919 (@jmondi/url-to-png is an open source URL to PNG utility
featuring para ...)
TODO: check
CVE-2024-39918 (@jmondi/url-to-png is an open source URL to PNG utility
featuring para ...)
@@ -45,17 +45,17 @@ CVE-2024-39915 (Thruk is a multibackend monitoring
webinterface for Naemon, Nagi
CVE-2024-39912 (web-auth/webauthn-lib is an open source set of PHP libraries
and a Sym ...)
TODO: check
CVE-2024-39827 (Improper input validation in the installer for Zoom Workplace
Desktop ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-39826 (Path traversal in Team Chat for some Zoom Workplace Apps and
SDKs for ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-39821 (Race condition in the installer for Zoom Workplace App for
Windows and ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-39820 (Uncontrolled search path element in the installer for Zoom
Workplace D ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-39819 (Improper privilege management in the installer for some Zoom
Workplace ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-39767 (Mattermost Mobile Apps versions <=2.16.0 fail to validate that
the pus ...)
- TODO: check
+ NOT-FOR-US: Mattermost Mobile Apps
CVE-2024-38496 (The vulnerability allows a malicious low-privileged PAM user
to access ...)
TODO: check
CVE-2024-38495 (A specific authentication strategy allows a malicious attacker
to lear ...)
@@ -69,11 +69,11 @@ CVE-2024-38492 (This vulnerability allows an
unauthenticated attacker to achieve
CVE-2024-38491 (The vulnerability allows an unauthenticated attacker to read
arbitrary ...)
TODO: check
CVE-2024-38360 (Discourse is an open source platform for community discussion.
In affe ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-37386 (An issue was discovered in Stormshield Network Security (SNS)
4.0.0 th ...)
- TODO: check
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2024-37016 (Mengshen Wireless Door Alarm M70 2024-05-24 allows
Authentication Bypa ...)
- TODO: check
+ NOT-FOR-US: Mengshen Wireless Door Alarm M70
CVE-2024-36458 (The vulnerability allows a malicious low-privileged PAM user
to perfor ...)
TODO: check
CVE-2024-36457 (The vulnerability allows an attacker to bypass the
authentication requ ...)
@@ -83,23 +83,23 @@ CVE-2024-36456 (This vulnerability allows an
unauthenticated attacker to achieve
CVE-2024-36455 (An improper input validation allows an unauthenticated
attacker to ach ...)
TODO: check
CVE-2024-36438 (eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect
Access C ...)
- TODO: check
+ NOT-FOR-US: eLinkSmart Hidden Smart Cabinet Lock
CVE-2024-36434 (An SMM callout vulnerability was discovered in Supermicro
X11DPH-T, X1 ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2024-36433 (An arbitrary memory write vulnerability was discovered in
Supermicro X ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2024-36432 (An arbitrary memory write vulnerability was discovered in
Supermicro X ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2024-32945 (Mattermost Mobile Apps versions <=2.16.0 fail to protect
against abuse ...)
- TODO: check
+ NOT-FOR-US: Mattermost Mobile Apps
CVE-2024-31946 (An issue was discovered in Stormshield Network Security (SNS)
3.7.0 th ...)
- TODO: check
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2024-27241 (Improper input validation in some Zoom Apps and SDKs may allow
an auth ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-27240 (Improper input validation in the installer for some Zoom Apps
for Wind ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-27238 (Race condition in the installer for some Zoom Apps and SDKs
for Window ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-41007 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/97a9063518f198ec0adb2ecb89789de342bb8283 (6.10)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/723fe1c575b2ab9259cf804f0c92fa7d39710760
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/723fe1c575b2ab9259cf804f0c92fa7d39710760
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
