Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0f3baa0e by Salvatore Bonaccorso at 2024-08-06T22:38:57+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
CVE-2024-7564 (Logsign Unified SecOps Platform Directory Traversal Information
Disclo ...)
- TODO: check
+ NOT-FOR-US: Logsign Unified SecOps Platform
CVE-2024-7552 (A vulnerability was found in DataGear up to 5.0.0. It has been
declare ...)
- TODO: check
+ NOT-FOR-US: DataGear
CVE-2024-7551 (A vulnerability was found in juzaweb CMS up to 3.4.2. It has
been clas ...)
- TODO: check
+ NOT-FOR-US: juzaweb CMS
CVE-2024-7502 (A crafted DPA file could force Delta Electronics DIAScreen to
overflow ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2024-7317 (The Folders \u2013 Unlimited Folders to Organize Media Library
Folder, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7246 (It's possible for a gRPC client communicating with a HTTP/2
proxy to p ...)
TODO: check
CVE-2024-6720 (The Light Poll WordPress plugin through 1.0.0 does not have
CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6359 (Privilege escalation vulnerability identified in OpenText
ArcSight Int ...)
- TODO: check
+ NOT-FOR-US: OpenText ArcSight Intelligence
CVE-2024-6358 (Incorrect Authorization vulnerability identified in OpenText
ArcSight ...)
- TODO: check
+ NOT-FOR-US: OpenText ArcSight Intelligence
CVE-2024-6357 (Insecure Direct Object Reference vulnerability identified in
OpenText ...)
- TODO: check
+ NOT-FOR-US: OpenText ArcSight Intelligence
CVE-2024-43114 (In JetBrains TeamCity before 2024.07.1 possible privilege
escalation d ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2024-43113 (The contextual menu for links could provide an opportunity for
cross-s ...)
TODO: check
CVE-2024-43112 (Long pressing on a download link could potentially provide a
means for ...)
@@ -27,81 +27,81 @@ CVE-2024-43112 (Long pressing on a download link could
potentially provide a mea
CVE-2024-43111 (Long pressing on a download link could potentially allow
Javascript co ...)
TODO: check
CVE-2024-42400 (Multiple unauthenticated Denial-of-Service (DoS)
vulnerabilities exist ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-42399 (Multiple unauthenticated Denial-of-Service (DoS)
vulnerabilities exist ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-42398 (Multiple unauthenticated Denial-of-Service (DoS)
vulnerabilities exist ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-42397 (Multiple unauthenticated Denial-of-Service (DoS)
vulnerabilities exist ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-42396 (Multiple unauthenticated Denial-of-Service (DoS)
vulnerabilities exist ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-42395 (There is a vulnerability in the AP Certificate Management
Service whic ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-42394 (There are vulnerabilities in the Soft AP Daemon Service which
could al ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-42393 (There are vulnerabilities in the Soft AP Daemon Service which
could al ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-42358 (PDFio is a simple C library for reading and writing PDF files.
There i ...)
TODO: check
CVE-2024-42347 (matrix-react-sdk is a react-based SDK for inserting a Matrix
chat/voi ...)
- TODO: check
+ NOT-FOR-US: matrix-react-sdk
CVE-2024-41913 (A vulnerability was discovered in the firmware builds up to
10.10.2.2 ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-41911 (A vulnerability was discovered in the firmware builds up to
10.10.2.2 ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-41910 (A vulnerability was discovered in the firmware builds up to
10.10.2.2 ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-41677 (Qwik is a performance focused javascript framework. A
potential mutati ...)
TODO: check
CVE-2024-41616 (D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded
credential ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-41333 (A reflected cross-site scripting (XSS) vulnerability in
Phpgurukul Tou ...)
- TODO: check
+ NOT-FOR-US: Phpgurukul Tourism Management System
CVE-2024-41226 (A CSV injection vulnerability in Automation Anywhere
Automation 360 ve ...)
- TODO: check
+ NOT-FOR-US: Automation Anywhere Automation 360
CVE-2024-40101 (A Reflected Cross-site scripting (XSS) vulnerability exists in
'/searc ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2024-39751 (IBM InfoSphere Information Server 11.7 could allow a remote
attacker t ...)
NOT-FOR-US: IBM
CVE-2024-39229 (An issue in GL-iNet products
AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1 ...)
- TODO: check
+ NOT-FOR-US: GL-iNet
CVE-2024-39228 (GL-iNet products
AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/S ...)
- TODO: check
+ NOT-FOR-US: GL-iNet
CVE-2024-39227 (GL-iNet products
AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/S ...)
- TODO: check
+ NOT-FOR-US: GL-iNet
CVE-2024-39226 (GL-iNet products
AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/S ...)
- TODO: check
+ NOT-FOR-US: GL-iNet
CVE-2024-39225 (GL-iNet products
AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/S ...)
- TODO: check
+ NOT-FOR-US: GL-iNet
CVE-2024-36424 (K7RKScan.sys in K7 Ultimate Security before 17.0.2019 allows
local use ...)
- TODO: check
+ NOT-FOR-US: K7 Ultimate Security
CVE-2024-33994 (Cross-Site Scripting (XSS) vulnerability in School Event
Management Sy ...)
- TODO: check
+ NOT-FOR-US: School Event Management System
CVE-2024-33993 (Cross-Site Scripting (XSS) vulnerability in School Event
Management Sy ...)
- TODO: check
+ NOT-FOR-US: School Event Management System
CVE-2024-33992 (Cross-Site Scripting (XSS) vulnerability in School Event
Management Sy ...)
- TODO: check
+ NOT-FOR-US: School Event Management System
CVE-2024-33991 (Cross-Site Scripting (XSS) vulnerability in School Event
Management Sy ...)
- TODO: check
+ NOT-FOR-US: School Event Management System
CVE-2024-33990 (Cross-Site Scripting (XSS) vulnerability in School Event
Management Sy ...)
- TODO: check
+ NOT-FOR-US: School Event Management System
CVE-2024-33989 (Cross-Site Scripting (XSS) vulnerability in School Event
Management Sy ...)
- TODO: check
+ NOT-FOR-US: School Event Management System
CVE-2024-33988 (Cross-Site Scripting (XSS) vulnerability in School Attendance
Monitori ...)
- TODO: check
+ NOT-FOR-US: School Attendance Monitoring System and School Event
Management System
CVE-2024-33987 (Cross-Site Scripting (XSS) vulnerability in School Attendance
Monitori ...)
- TODO: check
+ NOT-FOR-US: School Attendance Monitoring System and School Event
Management System
CVE-2024-33986 (Cross-Site Scripting (XSS) vulnerability in School Attendance
Monitori ...)
- TODO: check
+ NOT-FOR-US: School Attendance Monitoring System and School Event
Management System
CVE-2024-33985 (Cross-Site Scripting (XSS) vulnerability in School Attendance
Monitori ...)
- TODO: check
+ NOT-FOR-US: School Attendance Monitoring System and School Event
Management System
CVE-2024-33984 (Cross-Site Scripting (XSS) vulnerability in School Attendance
Monitori ...)
- TODO: check
+ NOT-FOR-US: School Attendance Monitoring System and School Event
Management System
CVE-2024-33983 (Cross-Site Scripting (XSS) vulnerability in School Attendance
Monitori ...)
- TODO: check
+ NOT-FOR-US: School Attendance Monitoring System and School Event
Management System
CVE-2024-33982 (Cross-Site Scripting (XSS) vulnerability in School Attendance
Monitori ...)
- TODO: check
+ NOT-FOR-US: School Attendance Monitoring System and School Event
Management System
CVE-2024-33981 (Cross-Site Scripting (XSS) vulnerability in PayPal, Credit
Card and De ...)
TODO: check
CVE-2024-33980 (Cross-Site Scripting (XSS) vulnerability in PayPal, Credit
Card and De ...)
@@ -109,13 +109,13 @@ CVE-2024-33980 (Cross-Site Scripting (XSS) vulnerability
in PayPal, Credit Card
CVE-2024-33979 (Cross-Site Scripting (XSS) vulnerability in PayPal, Credit
Card and De ...)
TODO: check
CVE-2024-33978 (Cross-Site Scripting (XSS) vulnerability in E-Negosyo System
affecting ...)
- TODO: check
+ NOT-FOR-US: E-Negosyo System
CVE-2024-33977 (Cross-Site Scripting (XSS) vulnerability in E-Negosyo System
affecting ...)
- TODO: check
+ NOT-FOR-US: E-Negosyo System
CVE-2024-33976 (Cross-Site Scripting (XSS) vulnerability in E-Negosyo System
affecting ...)
- TODO: check
+ NOT-FOR-US: E-Negosyo System
CVE-2024-33975 (Cross-Site Scripting (XSS) vulnerability in E-Negosyo System
affecting ...)
- TODO: check
+ NOT-FOR-US: E-Negosyo System
CVE-2024-33974 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
TODO: check
CVE-2024-33973 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
@@ -149,29 +149,29 @@ CVE-2024-33960 (SQL injection vulnerability in PayPal,
Credit Card and Debit Car
CVE-2024-33959 (SQL injection vulnerability in PayPal, Credit Card and Debit
Card Paym ...)
TODO: check
CVE-2024-33958 (SQL injection vulnerability in E-Negosyo System affecting
version 1.0. ...)
- TODO: check
+ NOT-FOR-US: E-Negosyo System
CVE-2024-33957 (SQL injection vulnerability in E-Negosyo System affecting
version 1.0. ...)
- TODO: check
+ NOT-FOR-US: E-Negosyo System
CVE-2024-33897 (A compromised HMS Networks Cosy+ device could be used to
request a Cer ...)
TODO: check
CVE-2024-30170 (PrivX before 34.0 allows data exfiltration and denial of
service via t ...)
TODO: check
CVE-2024-28740 (Cross Site Scripting vulnerability in Koha ILS 23.05 and
before allows ...)
- TODO: check
+ NOT-FOR-US: Koha ILS
CVE-2024-28739 (An issue in Koha ILS 23.05 and before allows a remote attacker
to exec ...)
- TODO: check
+ NOT-FOR-US: Koha ILS
CVE-2024-23483 (An Improper Input Validation vulnerability in Zscaler Client
Connector ...)
- TODO: check
+ NOT-FOR-US: Zscaler Client Connector on MacOS
CVE-2024-23464 (In certain cases, Zscaler Internet Access (ZIA) can be
disabled by Pow ...)
- TODO: check
+ NOT-FOR-US: Zscaler Internet Access (ZIA)
CVE-2024-23460 (The Zscaler Updater process does not validate the digital
signature of ...)
- TODO: check
+ NOT-FOR-US: Zscaler
CVE-2024-23458 (While copying individual autoupdater log files, reparse point
check wa ...)
- TODO: check
+ NOT-FOR-US: Zscaler
CVE-2024-23456 (Anti-tampering can be disabled under certain conditions
without signat ...)
- TODO: check
+ NOT-FOR-US: Zscaler
CVE-2023-40819 (ID4Portais in version < V.2022.837.002a returns message
parameter unsa ...)
- TODO: check
+ NOT-FOR-US: ID4Portais
CVE-2024-5290
{DSA-5739-1}
- wpa <unfixed>
@@ -104357,7 +104357,7 @@ CVE-2023-1614 (The WP Custom Author URL WordPress
plugin before 1.0.5 does not s
CVE-2023-28807 (In Zscaler Internet Access (ZIA) a mismatch between Connect
Host and C ...)
NOT-FOR-US: Zscaler
CVE-2023-28806 (An Improper Validation of signature in Zscaler Client
Connector on Win ...)
- TODO: check
+ NOT-FOR-US: Zscaler
CVE-2023-28805 (An Improper Input Validation vulnerability in Zscaler Client
Connector ...)
NOT-FOR-US: Zscaler Client Connector
CVE-2023-28804 (An Improper Verification of Cryptographic Signature
vulnerability in Z ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f3baa0e478d28ec07616dfa925f86e3324789d6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f3baa0e478d28ec07616dfa925f86e3324789d6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
