Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b1f8c82f by Salvatore Bonaccorso at 2024-08-22T22:59:19+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -39,39 +39,39 @@ CVE-2024-43398 (REXML is an XML toolkit for Ruby. The REXML
gem before 3.3.6 has
CVE-2024-43331 (Missing Authorization vulnerability in VeronaLabs WP SMS.This
issue af ...)
TODO: check
CVE-2024-42776 (Kashipara Hotel Management System v1.0 is vulnerable to
Incorrect Acce ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42775 (An Incorrect Access Control vulnerability was found in
/admin/add_room ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42774 (An Incorrect Access Control vulnerability was found in
/admin/delete_r ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42773 (An Incorrect Access Control vulnerability was found in
/admin/edit_roo ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42772 (An Incorrect Access Control vulnerability was found in
/admin/rooms.ph ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42771 (A Stored Cross Site Scripting (XSS) vulnerability was found in
" /admi ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42770 (A Stored Cross Site Scripting (XSS) vulnerability was found in
"/core/ ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42769 (A Reflected Cross Site Scripting (XSS) vulnerability was found
in "/co ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42768 (A Cross-Site Request Forgery (CSRF) vulnerability was found in
Kashipa ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42767 (Kashipara Hotel Management System v1.0 is vulnerable to
Unrestricted F ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42599 (SeaCMS 13.0 has a remote code execution vulnerability. The
reason for ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2024-42497 (Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <=
9.10.0, ...)
- mattermost-server <itp> (bug #823556)
CVE-2024-42490 (authentik is an open-source Identity Provider. Several API
endpoints c ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2024-42418 (Avtec Outpost uses a default cryptographic key that can be
used to dec ...)
- TODO: check
+ NOT-FOR-US: Avtec Outpost
CVE-2024-40884 (Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to
properly ...)
- mattermost-server <itp> (bug #823556)
CVE-2024-3127 (An issue has been discovered in GitLab EE affecting all
versions start ...)
TODO: check
CVE-2024-39776 (Avtec Outpost stores sensitive information in an insecure
location wit ...)
- TODO: check
+ NOT-FOR-US: Avtec Outpost
CVE-2024-39746 (IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and
6.3 could ...)
NOT-FOR-US: IBM
CVE-2024-39745 (IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and
6.3 uses w ...)
@@ -79,21 +79,21 @@ CVE-2024-39745 (IBM Sterling Connect:Direct Web Services
6.0, 6.1, 6.2, and 6.3
CVE-2024-39744 (IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and
6.3 is vul ...)
NOT-FOR-US: IBM
CVE-2024-39717 (The Versa Director GUI provides an option to customize the
look and fe ...)
- TODO: check
+ NOT-FOR-US: Versa Director GUI
CVE-2024-36445 (Swissphone DiCal-RED 4009 devices allow a remote attacker to
gain a ro ...)
- TODO: check
+ NOT-FOR-US: Swissphone DiCal-RED 4009 devices
CVE-2024-36444 (cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices
allows an ...)
- TODO: check
+ NOT-FOR-US: Swissphone DiCal-RED 4009 devices
CVE-2024-36443 (Swissphone DiCal-RED 4009 devices allow a remote attacker to
gain read ...)
- TODO: check
+ NOT-FOR-US: Swissphone DiCal-RED 4009 devices
CVE-2024-36442 (cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices
allows an ...)
- TODO: check
+ NOT-FOR-US: Swissphone DiCal-RED 4009 devices
CVE-2024-36441 (Swissphone DiCal-RED 4009 devices allow an unauthenticated
attacker us ...)
- TODO: check
+ NOT-FOR-US: Swissphone DiCal-RED 4009 devices
CVE-2024-36440 (An issue was discovered on Swissphone DiCal-RED 4009 devices.
An attac ...)
- TODO: check
+ NOT-FOR-US: Swissphone DiCal-RED 4009 devices
CVE-2024-36439 (Swissphone DiCal-RED 4009 devices allow a remote attacker to
gain acce ...)
- TODO: check
+ NOT-FOR-US: Swissphone DiCal-RED 4009 devices
CVE-2024-35151 (IBM OpenPages with Watson 8.3 and 9.0 could allow
authenticated users ...)
NOT-FOR-US: IBM
CVE-2023-6452 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1f8c82fbe788a09e1197412a3d8d982a7484afb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1f8c82fbe788a09e1197412a3d8d982a7484afb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
