Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ba99fe14 by Salvatore Bonaccorso at 2024-07-25T07:30:18+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41,97 +41,97 @@ CVE-2024-6988
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7080 (A vulnerability was found in SourceCodester Insurance
Management Syste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Insurance Management System
CVE-2024-7079 (A flaw was found in the Openshift console. The /API/helm/verify
endpoi ...)
- TODO: check
+ NOT-FOR-US: Openshift
CVE-2024-7069 (A vulnerability, which was classified as critical, has been
found in S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Employee and Visitor Gate Pass Logging System
CVE-2024-7068 (A vulnerability classified as problematic has been found in
SourceCode ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Insurance Management System
CVE-2024-7067 (A vulnerability was found in kirilkirkov
Ecommerce-Laravel-Bootstrap u ...)
TODO: check
CVE-2024-7066 (A vulnerability was found in F-logic DataCube3 1.0. It has been
declar ...)
- TODO: check
+ NOT-FOR-US: F-logic DataCube3
CVE-2024-7065 (A vulnerability was found in Spina CMS up to 2.18.0. It has
been class ...)
- TODO: check
+ NOT-FOR-US: Spina CMS
CVE-2024-6896 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6327 (In Progress\xae Telerik\xae Report Server versions prior to
2024 Q2 (1 ...)
- TODO: check
+ NOT-FOR-US: Telerik
CVE-2024-6096 (In Progress\xae Telerik\xae Reporting versions prior to
18.1.24.709, a ...)
- TODO: check
+ NOT-FOR-US: Telerik
CVE-2024-5818 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-41914 (A vulnerability in the web-based management interface of
EdgeConnect S ...)
- TODO: check
+ NOT-FOR-US: HPE EdgeConnect SD-WAN Orchestrator
CVE-2024-41672 (DuckDB is a SQL database management system. In versions 1.0.0
and prio ...)
- duckdb <itp> (bug #1036922)
CVE-2024-41667 (OpenAM is an open access management solution. In versions
15.0.3 and p ...)
- TODO: check
+ NOT-FOR-US: OpenAM
CVE-2024-41666 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2024-41662 (VNote is a note-taking platform. A Cross-Site Scripting (XSS)
vulnerab ...)
- TODO: check
+ NOT-FOR-US: VNote
CVE-2024-41551 (CampCodes Supplier Management System v1.0 is vulnerable to SQL
injecti ...)
- TODO: check
+ NOT-FOR-US: CampCodes Supplier Management System
CVE-2024-41550 (CampCodes Supplier Management System v1.0 is vulnerable to SQL
injecti ...)
- TODO: check
+ NOT-FOR-US: CampCodes Supplier Management System
CVE-2024-41135 (A vulnerability exists in the HPE Aruba Networking EdgeConnect
SD-WAN ...)
- TODO: check
+ NOT-FOR-US: HPE Aruba Networking EdgeConnect SD-WAN gateway
CVE-2024-41134 (A vulnerability exists in the HPE Aruba Networking EdgeConnect
SD-WAN ...)
- TODO: check
+ NOT-FOR-US: HPE Aruba Networking EdgeConnect SD-WAN gateway
CVE-2024-41133 (A vulnerability exists in the HPE Aruba Networking EdgeConnect
SD-WAN ...)
- TODO: check
+ NOT-FOR-US: HPE Aruba Networking EdgeConnect SD-WAN gateway
CVE-2024-41110 (Moby is an open-source project created by Docker for software
containe ...)
TODO: check
CVE-2024-40575 (An issue in Huawei Technologies opengauss (openGauss 5.0.0
build) v.7. ...)
- TODO: check
+ NOT-FOR-US: Huawei Technologies opengauss
CVE-2024-40495 (A vulnerability was discovered in Linksys Router E2500 with
firmware 2 ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-40422 (The snapshot_path parameter in the /api/get-browser-snapshot
endpoint ...)
- TODO: check
+ NOT-FOR-US: stitionai devika
CVE-2024-40137 (Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to
contain a remo ...)
- dolibarr <removed>
CVE-2024-3896 (The Photo Gallery, Images, Slider in Rbs Image Gallery plugin
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-39345 (AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable
the SSH s ...)
- TODO: check
+ NOT-FOR-US: AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices
CVE-2024-37533 (IBM InfoSphere Information Server 11.7 could disclose
sensitive user i ...)
NOT-FOR-US: IBM
CVE-2024-36541 (Insecure permissions in logging-operator v4.6.0 allows
attackers to ac ...)
- TODO: check
+ NOT-FOR-US: logging-operator
CVE-2024-36540 (Insecure permissions in external-secrets v0.9.16 allows
attackers to a ...)
- TODO: check
+ NOT-FOR-US: external-secrets
CVE-2024-36539 (Insecure permissions in contour v1.28.3 allows attackers to
access sen ...)
- TODO: check
+ NOT-FOR-US: contour
CVE-2024-36538 (Insecure permissions in chaos-mesh v2.6.3 allows attackers to
access s ...)
- TODO: check
+ NOT-FOR-US: chaos-mesh
CVE-2024-36537 (Insecure permissions in cert-manager v1.14.4 allows attackers
to acces ...)
- TODO: check
+ NOT-FOR-US: cert-manager
CVE-2024-36536 (Insecure permissions in fabedge v0.8.1 allows attackers to
access sens ...)
- TODO: check
+ NOT-FOR-US: fabedge
CVE-2024-36535 (Insecure permissions in meshery v0.7.51 allows attackers to
access sen ...)
- TODO: check
+ NOT-FOR-US: meshery
CVE-2024-36534 (Insecure permissions in hwameistor v0.14.3 allows attackers to
access ...)
- TODO: check
+ NOT-FOR-US: hwameistor
CVE-2024-36533 (Insecure permissions in volcano v1.8.2 allows attackers to
access sens ...)
- TODO: check
+ NOT-FOR-US: volcano
CVE-2024-33519 (A vulnerability in the web-based management interface of HPE
Aruba Net ...)
- TODO: check
+ NOT-FOR-US: HPE Aruba Networking EdgeConnect SD-WAN gateway
CVE-2024-31977 (Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS
Version ...)
- TODO: check
+ NOT-FOR-US: Adtran 834-5
CVE-2024-31971 (Multiple stored cross-site scripting (XSS) vulnerabilities on
AdTran N ...)
- TODO: check
+ NOT-FOR-US: AdTran NetVanta 3120 devices
CVE-2024-31970 (AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1
and fixe ...)
- TODO: check
+ NOT-FOR-US: Adtran 834-5 devices
CVE-2024-22444 (A vulnerability within the web-based management interface of
EdgeConne ...)
- TODO: check
+ NOT-FOR-US: HPE EdgeConnect SD-WAN Orchestrator
CVE-2024-22443 (A vulnerability in the web-based management interface of
EdgeConnect S ...)
- TODO: check
+ NOT-FOR-US: HPE EdgeConnect SD-WAN Orchestrator
CVE-2024-21684 (There is a low severity open redirect vulnerability within
affected ve ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2023-45249 (Remote command execution due to use of default passwords. The
followin ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2024-7027 (The WooCommerce - PDF Vouchers plugin for WordPress is
vulnerable to a ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6930 (The WP Booking Calendar plugin for WordPress is vulnerable to
Stored C ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba99fe14fd32a22093b9529b558bcd2687c67f82
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba99fe14fd32a22093b9529b558bcd2687c67f82
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
