Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5aa4152d by Salvatore Bonaccorso at 2024-07-18T22:33:05+02:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,67 +1,67 @@
CVE-2024-6504 (Rapid7 InsightVM Console versions below 6.6.260 suffer from a
protecti ...)
- TODO: check
+ NOT-FOR-US: Rapid7 InsightVM Console
CVE-2024-5625 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: PruvaSoft Informatics Apinizer Management Console
CVE-2024-5620 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: PruvaSoft Informatics Apinizer Management Console
CVE-2024-5619 (Authorization Bypass Through User-Controlled Key vulnerability
in Pruv ...)
- TODO: check
+ NOT-FOR-US: PruvaSoft Informatics Apinizer Management Console
CVE-2024-5618 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: PruvaSoft Informatics Apinizer Management Console
CVE-2024-5555 (The Element Pack Elementor Addons (Header Footer, Template
Library, Dy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5554 (The Element Pack Elementor Addons (Header Footer, Template
Library, Dy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5321 (A security issue was discovered in Kubernetes clusters with
Windows no ...)
TODO: check
CVE-2024-40648 (matrix-rust-sdk is an implementation of a Matrix client-server
library ...)
- TODO: check
+ NOT-FOR-US: matrix-rust-sdk
CVE-2024-40647 (sentry-sdk is the official Python SDK for Sentry.io. A bug in
Sentry's ...)
TODO: check
CVE-2024-40644 (gitoxide An idiomatic, lean, fast & safe pure Rust
implementation of G ...)
TODO: check
CVE-2024-40629 (JumpServer is an open-source Privileged Access Management
(PAM) tool t ...)
- TODO: check
+ NOT-FOR-US: JumpServer
CVE-2024-40628 (JumpServer is an open-source Privileged Access Management
(PAM) tool t ...)
- TODO: check
+ NOT-FOR-US: JumpServer
CVE-2024-3242 (The Brizy \u2013 Page Builder plugin for WordPress is
vulnerable to ar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-39911 (1Panel is a web-based linux server management control panel.
1Panel co ...)
- TODO: check
+ NOT-FOR-US: 1Panel
CVE-2024-39907 (1Panel is a web-based linux server management control panel.
There are ...)
- TODO: check
+ NOT-FOR-US: 1Panel
CVE-2024-39173 (calculator-boilerplate v1.0 was discovered to contain a remote
code ex ...)
- TODO: check
+ NOT-FOR-US: calculator-boilerplate
CVE-2024-39152
REJECTED
CVE-2024-39090 (The PHPGurukul Online Shopping Portal Project version 2.0
contains a v ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Online Shopping Portal Project
CVE-2024-38806 (Failure to properly synchronize user's permissions in UAA in
Cloud Fou ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry Foundation
CVE-2024-38302 (Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing
Encrypti ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-34013 (Local privilege escalation due to OS command injection
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2024-30473 (Dell ECS, versions prior to 3.8.1, contain a privilege
elevation vulne ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-30126 (HCL BigFix Compliance is affected by a missing X-Frame-Options
HTTP he ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-30125 (HCL BigFix Compliance server can respond with an HTTP status
of 500, i ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-29178 (On versions before 2.1.4, a user could log in and perform a
template i ...)
- TODO: check
+ NOT-FOR-US: Apache StreamPark
CVE-2024-0857 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Universal Software Inc. FlexWater Corporate Water Management
CVE-2023-50304 (IBM Engineering Requirements Management DOORS Web Access
9.7.2.8 is vu ...)
NOT-FOR-US: IBM
CVE-2023-40704 (Philips Vue PACS uses default credentials for potentially
critical fun ...)
- TODO: check
+ NOT-FOR-US: Philips Vue PACS
CVE-2023-40539 (Philips Vue PACS does not require that users have strong
passwords, wh ...)
- TODO: check
+ NOT-FOR-US: Philips Vue PACS
CVE-2023-40223 (Philips Vue PACS does not properly assign, modify, track, or
check act ...)
- TODO: check
+ NOT-FOR-US: Philips Vue PACS
CVE-2023-40159 (A validated user not explicitly authorized to have access to
certain s ...)
- TODO: check
+ NOT-FOR-US: Philips Vue PACS
CVE-2024-6705 (The RegLevel plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6599 (The Meks Video Importer plugin for WordPress is vulnerable to
unauthor ...)
@@ -100,7 +100,7 @@ CVE-2024-29014 (Vulnerability in SonicWall SMA100
NetExtender Windows (32 and 64
CVE-2023-6708 (The SVG Support plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2023-43971 (Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a
remote ...)
- TODO: check
+ NOT-FOR-US: ACG-faka
CVE-2024-41011 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.8.11-1
[bookworm] - linux 6.1.94-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aa4152d5bb886121c0fc1976edd1acfcd6687d3
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aa4152d5bb886121c0fc1976edd1acfcd6687d3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
