Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d9120475 by Salvatore Bonaccorso at 2024-07-17T22:21:30+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,31 +1,31 @@
CVE-2024-6834 (A vulnerability in APIML Spring Cloud Gateway which leverages
user pri ...)
- TODO: check
+ NOT-FOR-US: APIML Spring Cloud Gateway
CVE-2024-6833 (A vulnerability in Zowe CLI allows local, privileged actors to
store p ...)
- TODO: check
+ NOT-FOR-US: Zowe CLI
CVE-2024-6830 (A vulnerability, which was classified as critical, was found in
Source ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Simple Inventory Management System
CVE-2024-6765
REJECTED
CVE-2024-5471 (Zohocorp ManageEngine DDI Central versions 4001 and prior were
vulnera ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine DDI Central
CVE-2024-40641 (Nuclei is a fast and customizable vulnerability scanner based
on simpl ...)
- TODO: check
+ NOT-FOR-US: Nuclei
CVE-2024-40640 (vodozemac is an open source implementation of Olm and Megolm
in pure R ...)
- TODO: check
+ NOT-FOR-US: vodozemac
CVE-2024-40639
REJECTED
CVE-2024-40636 (Steeltoe is an open source project that provides a collection
of libra ...)
- TODO: check
+ NOT-FOR-US: Steeltoe
CVE-2024-40633 (Sylius is an Open Source eCommerce Framework on Symfony. A
security vu ...)
- TODO: check
+ NOT-FOR-US: Sylius
CVE-2024-40617 (Path traversal vulnerability exists in FUJITSU Network Edgiot
GW1500 ( ...)
- TODO: check
+ NOT-FOR-US: FUJITSU Network Edgiot GW1500
CVE-2024-40420 (A Server-Side Template Injection (SSTI) vulnerability in the
edit them ...)
- TODO: check
+ NOT-FOR-US: openCart
CVE-2024-40402 (A SQL injection vulnerability was found in 'ajax.php' of
Sourcecodeste ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Simple Library Management System
CVE-2024-40119 (Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN
v.1.0 Firmw ...)
- TODO: check
+ NOT-FOR-US: Nepstech Wifi Router
CVE-2024-39126 (Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML,
and SVG do ...)
TODO: check
CVE-2024-39125 (Roundup before 2.4.0 allows XSS via a SCRIPT element in an
HTTP Refere ...)
@@ -33,7 +33,7 @@ CVE-2024-39125 (Roundup before 2.4.0 allows XSS via a SCRIPT
element in an HTTP
CVE-2024-39124 (In Roundup before 2.4.0, classhelpers (_generic.help.html)
allow XSS.)
TODO: check
CVE-2024-38870 (Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP
and OpM ...)
- TODO: check
+ NOT-FOR-US: ZohocorpZohocorp ManageEngine
CVE-2024-38447 (NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference
via a modi ...)
TODO: check
CVE-2024-38446 (NATO NCI ANET 3.4.1 mishandles report ownership. A user can
create a r ...)
@@ -43,51 +43,51 @@ CVE-2024-36491 (FutureNet NXR series, VXR series and WXR
series provided by Cent
CVE-2024-36475 (FutureNet NXR series, VXR series and WXR series provided by
Century Sy ...)
TODO: check
CVE-2024-32981 (Silverstripe framework is the PHP framework forming the base
for the S ...)
- TODO: check
+ NOT-FOR-US: Silverstripe framework
CVE-2024-31979 (Server-Side Request Forgery (SSRF) vulnerability in Apache
StreamPipes ...)
- TODO: check
+ NOT-FOR-US: Apache StreamPipes
CVE-2024-31411 (Unrestricted Upload of File with dangerous type vulnerability
in Apach ...)
- TODO: check
+ NOT-FOR-US: Apache StreamPipes
CVE-2024-31070 (Initialization of a resource with an insecure default
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: FutureNet
CVE-2024-30471 (Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerability in Apa ...)
- TODO: check
+ NOT-FOR-US: Apache StreamPipes
CVE-2024-29885 (silverstripe/reports is an API for creating backend reports in
the Sil ...)
- TODO: check
+ NOT-FOR-US: Silverstripe reports
CVE-2024-29737 (In streampark, the project module integrates Maven's
compilation capab ...)
TODO: check
CVE-2024-29120 (In Streampark (version < 2.1.4), when a user logged in
successfully, t ...)
TODO: check
CVE-2024-28993 (The SolarWinds Access Rights Manager was susceptible to a
Directory Tr ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-28992 (The SolarWinds Access Rights Manager was susceptible to a
Directory Tr ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-28796 (IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to
stored cross- ...)
- TODO: check
+ NOT-FOR-US: IBM X-Force ID:
CVE-2024-28074 (It was discovered that a previous vulnerability was not
completely fix ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-27311 (Zohocorp ManageEngine DDI Central versions 4001 and prior were
vulnera ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-23475 (The SolarWinds Access Rights Manager was susceptible to a
Directory Tr ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23474 (The SolarWinds Access Rights Manager was found to be
susceptible to an ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23472 (SolarWinds Access Rights Manager (ARM) is susceptible to
Directory Tra ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23471 (The SolarWinds Access Rights Manager was found to be
susceptible to a ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23470 (The SolarWinds Access Rights Manager was found to be
susceptible to a ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23469 (SolarWinds Access Rights Manager (ARM) is susceptible to a
Remote Code ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23468 (The SolarWinds Access Rights Manager was susceptible to a
Directory Tr ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23467 (The SolarWinds Access Rights Manager was susceptible to a
Directory Tr ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23466 (SolarWinds Access Rights Manager (ARM) is susceptible to a
Directory T ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23465 (The SolarWinds Access Rights Manager was found to be
susceptible to an ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-20435 (A vulnerability in the CLI of Cisco AsyncOS for Secure Web
Appliance c ...)
TODO: check
CVE-2024-20429 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
@@ -201,9 +201,9 @@ CVE-2024-39863 (Apache Airflow versions before 2.9.3 have a
vulnerability that a
CVE-2024-2884 (Out of bounds read in V8 in Google Chrome prior to
121.0.6167.139 allo ...)
TODO: check
CVE-2024-21687 (This High severity File Inclusion vulnerability was introduced
in vers ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2024-21188 (Vulnerability in the Oracle Financial Services Revenue
Management and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2024-21185 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
TODO: check
CVE-2024-21184 (Vulnerability in the Oracle Database RDBMS Security component
of Oracl ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d91204753f79fea080d8c7f4cb3d2ba517ed6438
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d91204753f79fea080d8c7f4cb3d2ba517ed6438
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
