Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a9abea01 by Salvatore Bonaccorso at 2024-07-18T20:58:19+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,33 +1,33 @@
CVE-2024-6705 (The RegLevel plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6599 (The Meks Video Importer plugin for WordPress is vulnerable to
unauthor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6175 (The Booking Ultra Pro Appointments Booking Calendar Plugin
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6164 (The Filter & Grids WordPress plugin before 2.8.33 is vulnerable
to Loc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5964 (The Zenon Lite theme for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-5726 (The Timeline Event History plugin for WordPress is vulnerable
to PHP O ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-41184 (In the vrrp_ipsets_handler handler (fglobal_parser.c) of
keepalived th ...)
TODO: check
CVE-2024-40764 (Heap-based buffer overflow vulnerability in the SonicOS IPSec
VPN allo ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-40492 (Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1
allows a ...)
- TODO: check
+ NOT-FOR-US: Heartbeat Chat
CVE-2024-39682 (Cooked is a recipe plugin for WordPress. The Cooked plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-39681 (Cooked is a recipe plugin for WordPress. The Cooked plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-39680 (Cooked is a recipe plugin for WordPress. The Cooked plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-39679 (Cooked is a recipe plugin for WordPress. The Cooked plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-39678 (Cooked is a recipe plugin for WordPress. The Cooked plugin is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29014 (Vulnerability in SonicWall NetExtender Windows (32 and 64-bit)
client ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2023-6708 (The SVG Support plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
TODO: check
CVE-2023-43971 (Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a
remote ...)
@@ -73,13 +73,13 @@ CVE-2024-39124 (In Roundup before 2.4.0, classhelpers
(_generic.help.html) allow
CVE-2024-38870 (Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP
and OpM ...)
NOT-FOR-US: ZohocorpZohocorp ManageEngine
CVE-2024-38447 (NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference
via a modi ...)
- TODO: check
+ NOT-FOR-US: NATO NCI ANET
CVE-2024-38446 (NATO NCI ANET 3.4.1 mishandles report ownership. A user can
create a r ...)
- TODO: check
+ NOT-FOR-US: NATO NCI ANET
CVE-2024-36491 (FutureNet NXR series, VXR series and WXR series provided by
Century Sy ...)
- TODO: check
+ NOT-FOR-US: FutureNet
CVE-2024-36475 (FutureNet NXR series, VXR series and WXR series provided by
Century Sy ...)
- TODO: check
+ NOT-FOR-US: FutureNet
CVE-2024-32981 (Silverstripe framework is the PHP framework forming the base
for the S ...)
NOT-FOR-US: Silverstripe framework
CVE-2024-31979 (Server-Side Request Forgery (SSRF) vulnerability in Apache
StreamPipes ...)
@@ -93,9 +93,9 @@ CVE-2024-30471 (Time-of-check Time-of-use (TOCTOU) Race
Condition vulnerability
CVE-2024-29885 (silverstripe/reports is an API for creating backend reports in
the Sil ...)
NOT-FOR-US: Silverstripe reports
CVE-2024-29737 (In streampark, the project module integrates Maven's
compilation capab ...)
- TODO: check
+ NOT-FOR-US: streampark
CVE-2024-29120 (In Streampark (version < 2.1.4), when a user logged in
successfully, t ...)
- TODO: check
+ NOT-FOR-US: streampark
CVE-2024-28993 (The SolarWinds Access Rights Manager was susceptible to a
Directory Tr ...)
NOT-FOR-US: SolarWinds
CVE-2024-28992 (The SolarWinds Access Rights Manager was susceptible to a
Directory Tr ...)
@@ -972,17 +972,17 @@ CVE-2024-39819 (Improper privilege management in the
installer for some Zoom Wor
CVE-2024-39767 (Mattermost Mobile Apps versions <=2.16.0 fail to validate that
the pus ...)
NOT-FOR-US: Mattermost Mobile Apps
CVE-2024-38496 (The vulnerability allows a malicious low-privileged PAM user
to access ...)
- TODO: check
+ NOT-FOR-US: Broadcom (inaccessible reference)
CVE-2024-38495 (A specific authentication strategy allows a malicious attacker
to lear ...)
- TODO: check
+ NOT-FOR-US: Broadcom (inaccessible reference)
CVE-2024-38494 (This vulnerability allows a high-privileged authenticated PAM
user to ...)
- TODO: check
+ NOT-FOR-US: Broadcom (inaccessible reference)
CVE-2024-38493 (A reflected cross-site scripting (XSS) vulnerability exists in
the PAM ...)
- TODO: check
+ NOT-FOR-US: Broadcom (inaccessible reference)
CVE-2024-38492 (This vulnerability allows an unauthenticated attacker to
achieve remot ...)
- TODO: check
+ NOT-FOR-US: Broadcom (inaccessible reference)
CVE-2024-38491 (The vulnerability allows an unauthenticated attacker to read
arbitrary ...)
- TODO: check
+ NOT-FOR-US: Broadcom (inaccessible reference)
CVE-2024-38360 (Discourse is an open source platform for community discussion.
In affe ...)
NOT-FOR-US: Discourse
CVE-2024-37386 (An issue was discovered in Stormshield Network Security (SNS)
4.0.0 th ...)
@@ -990,13 +990,13 @@ CVE-2024-37386 (An issue was discovered in Stormshield
Network Security (SNS) 4.
CVE-2024-37016 (Mengshen Wireless Door Alarm M70 2024-05-24 allows
Authentication Bypa ...)
NOT-FOR-US: Mengshen Wireless Door Alarm M70
CVE-2024-36458 (The vulnerability allows a malicious low-privileged PAM user
to perfor ...)
- TODO: check
+ NOT-FOR-US: Broadcom (inaccessible reference)
CVE-2024-36457 (The vulnerability allows an attacker to bypass the
authentication requ ...)
- TODO: check
+ NOT-FOR-US: Broadcom (inaccessible reference)
CVE-2024-36456 (This vulnerability allows an unauthenticated attacker to
achieve remot ...)
- TODO: check
+ NOT-FOR-US: Broadcom (inaccessible reference)
CVE-2024-36455 (An improper input validation allows an unauthenticated
attacker to ach ...)
- TODO: check
+ NOT-FOR-US: Broadcom (inaccessible reference)
CVE-2024-36438 (eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect
Access C ...)
NOT-FOR-US: eLinkSmart Hidden Smart Cabinet Lock
CVE-2024-36434 (An SMM callout vulnerability was discovered in Supermicro
X11DPH-T, X1 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9abea0170d3e5fd7f20a47d00a174e0f8dec452
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9abea0170d3e5fd7f20a47d00a174e0f8dec452
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
