Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ec4e195b by Salvatore Bonaccorso at 2024-08-14T10:45:32+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,49 +1,49 @@
CVE-2024-7754 (A vulnerability was found in SourceCodester Clinics Patient
Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Clinics Patient Management System
CVE-2024-7753 (A vulnerability was found in SourceCodester Clinics Patient
Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Clinics Patient Management System
CVE-2024-7752 (A vulnerability was found in SourceCodester Clinics Patient
Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Clinics Patient Management System
CVE-2024-7751 (A vulnerability was found in SourceCodester Clinics Patient
Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Clinics Patient Management System
CVE-2024-7750 (A vulnerability has been found in SourceCodester Clinics
Patient Manag ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Clinics Patient Management System
CVE-2024-7749 (A vulnerability, which was classified as problematic, was found
in Sou ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Accounts Manager App
CVE-2024-7748 (A vulnerability, which was classified as critical, has been
found in S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Accounts Manager App
CVE-2024-7743 (A vulnerability was found in wanglongcn ltcms 1.0.20. It has
been decl ...)
- TODO: check
+ NOT-FOR-US: wanglongcn ltcms
CVE-2024-7742 (A vulnerability was found in wanglongcn ltcms 1.0.20. It has
been clas ...)
- TODO: check
+ NOT-FOR-US: wanglongcn ltcms
CVE-2024-7732 (Dr.ID Access Control System from SECOM does not properly
validate a sp ...)
- TODO: check
+ NOT-FOR-US: Dr.ID Access Control System from SECOM
CVE-2024-7731 (Dr.ID Access Control System from SECOM does not properly
validate a sp ...)
- TODO: check
+ NOT-FOR-US: Dr.ID Access Control System from SECOM
CVE-2024-7729 (The CAYIN Technology CMS lacks proper access control, allowing
unauthe ...)
- TODO: check
+ NOT-FOR-US: CAYIN Technology CMS
CVE-2024-7728 (The specific CGI of the CAYIN Technology CMS does not properly
validat ...)
- TODO: check
+ NOT-FOR-US: CAYIN Technology CMS
CVE-2024-7588 (The Gutenberg Blocks, Page Builder \u2013 ComboBlocks plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38653 (XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a
remote una ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-38652 (Path traversal in the skin management component of Ivanti
Avalanche 6. ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-38163 (Windows Update Stack Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37399 (A NULL pointer dereference in WLAvalancheService in Ivanti
Avalanche 6 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-37373 (Improper input validation in the Central Filestore in Ivanti
Avalanche ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-36136 (An off-by-one error in WLInfoRailService in Ivanti Avalanche
6.3.1 all ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-28986 (SolarWinds Web Help Desk was found to be susceptible to a Java
Deseria ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-20083 (In venc, there is a possible out of bounds write due to a
missing boun ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20082 (In Modem, there is a possible memory corruption due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-7730
- qemu <unfixed>
NOTE:
https://lore.kernel.org/qemu-devel/[email protected]/
@@ -326,19 +326,19 @@ CVE-2024-37287 (A flaw allowing arbitrary code execution
was discovered in Kiban
CVE-2024-37015 (An issue was discovered in Ada Web Server 20.0. When
configured to use ...)
TODO: check
CVE-2024-36505 (An improper access control vulnerability [CWE-284] in FortiOS
7.4.0 th ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-36446 (The provisioning manager component of Mitel MiVoice MX-ONE
through 7.6 ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2024-35124 (A vulnerability in the combination of the OpenBMC's FW1050.00
through ...)
NOT-FOR-US: IBM
CVE-2024-2259 (This vulnerability exists in InstaRISPACS software due to
insufficient ...)
TODO: check
CVE-2024-29995 (Windows Kerberos Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21981 (Improper key usage control in AMD Secure Processor (ASP) may
allow an ...)
TODO: check
CVE-2024-21757 (A unverified password change in Fortinet FortiManager versions
7.0.0 t ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-31366 (Improper input validation in AMD \u03bcProf could allow an
attacker to ...)
TODO: check
CVE-2023-31356 (Incomplete system memory cleanup in SEV firmware could allow a
privile ...)
@@ -113969,7 +113969,7 @@ CVE-2023-26213 (On Barracuda CloudGen WAN Private
Edge Gateway devices before 8
CVE-2023-26212
RESERVED
CVE-2023-26211 (An improper neutralization of input during web page generation
('cross ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-26210 (Multiple improper neutralization of special elements used in
an os com ...)
NOT-FOR-US: Fortinet
CVE-2023-26209 (A improper restriction of excessive authentication attempts
vulnerabil ...)
@@ -135182,7 +135182,7 @@ CVE-2022-45864
CVE-2022-45863
RESERVED
CVE-2022-45862 (An insufficient session expiration vulnerability [CWE-613]
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-45861 (An access of uninitialized pointer vulnerability [CWE-824] in
the SSL ...)
NOT-FOR-US: Fortinet
CVE-2022-45860 (A weak authentication vulnerability [CWE-1390] in FortiNAC-F
version 7 ...)
@@ -189899,7 +189899,7 @@ CVE-2022-27488 (A cross-site request forgery (CSRF)
in Fortinet FortiVoiceEnterp
CVE-2022-27487 (A improper privilege management in Fortinet FortiSandbox
version 4.2.0 ...)
NOT-FOR-US: Fortinet
CVE-2022-27486 (A improper neutralization of special elements used in an os
command (' ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-27485 (A improper neutralization of special elements used in an sql
command ( ...)
NOT-FOR-US: Fortinet
CVE-2022-27484 (A unverified password change in Fortinet FortiADC version
6.2.0 throug ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec4e195b91266ada0191c1e92bcf51e1ccc7a221
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec4e195b91266ada0191c1e92bcf51e1ccc7a221
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
