Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
938d194e by Moritz Muehlenhoff at 2024-08-23T12:12:38+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
CVE-2024-8089 (A vulnerability was found in SourceCodester E-Commerce System
1.0. It ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-8087 (A vulnerability was found in SourceCodester E-Commerce System
1.0 and ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-8086 (A vulnerability has been found in SourceCodester E-Commerce
System 1.0 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-8084 (A vulnerability, which was classified as problematic, was found
in Sou ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-8083 (A vulnerability, which was classified as critical, has been
found in S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-8081 (A vulnerability classified as critical was found in
itsourcecode Payro ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Payroll Management System
CVE-2024-8080 (A vulnerability classified as critical has been found in
SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-8079 (A vulnerability was found in TOTOLINK AC1200 T8
4.1.5cu.862_B20230228. ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-8078 (A vulnerability was found in TOTOLINK AC1200 T8
4.1.5cu.862_B20230228. ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-7559 (The File Manager Pro plugin for WordPress is vulnerable to
arbitrary f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7258 (The WooCommerce Google Feed Manager plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6715 (The Ditty WordPress plugin before 3.1.46 re-introduced a
previously f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43790 (Vim is an open source command line text editor. When
performing a sear ...)
TODO: check
CVE-2024-43477 (Improper access control in Decentralized Identity Services
allows an u ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43105 (Mattermost Plugin Channel Export versions <=1.0.0 fail to
restrict con ...)
- TODO: check
+ NOT-FOR-US: Mattermost plugin
CVE-2024-42763 (A Reflected Cross Site Scripting (XSS) vulnerability was found
in the ...)
- TODO: check
+ NOT-FOR-US: Kashipara Bus Ticket Reservation System
CVE-2024-42762 (A Stored Cross Site Scripting (XSS) vulnerability was found in
"/histo ...)
- TODO: check
+ NOT-FOR-US: Kashipara Bus Ticket Reservation System
CVE-2024-42761 (A Stored Cross Site Scripting (XSS) vulnerability was found in
"/admin ...)
- TODO: check
+ NOT-FOR-US: Kashipara Bus Ticket Reservation System
CVE-2024-40766 (An improper access control vulnerability has been identified
in the So ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-3282 (The WP Table Builder WordPress plugin through 1.5.0 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38210 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38209 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38208 (Microsoft Edge for Android Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-7260 (Path Traversal vulnerability discovered in OpenText\u2122 CX-E
Voice, ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-8088 (There is a HIGH severity vulnerability affecting the CPython
"zipfile" ...)
- python3.13 <unfixed>
- python3.12 <unfixed>
@@ -72,7 +72,7 @@ CVE-2024-7848 (The User Private Files \u2013 WordPress File
Sharing Plugin plugi
CVE-2024-7778 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable
to Store ...)
NOT-FOR-US: WordPress plugin
CVE-2024-7634 (NGINX Agent's "config_dirs" restriction feature allows a highly
privil ...)
- TODO: check
+ NOT-FOR-US: NGINX Agent
CVE-2024-7110 (An issue was discovered in GitLab EE affecting all versions
starting 1 ...)
TODO: check
CVE-2024-6870 (The Responsive Lightbox & Gallery plugin for WordPress is
vulnerable t ...)
@@ -105,7 +105,7 @@ CVE-2024-43780 (Mattermost versions 9.9.x <= 9.9.1, 9.5.x
<= 9.5.7, 9.10.0, 9.8.
CVE-2024-43398 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6
has a DoS ...)
TODO: check
CVE-2024-43331 (Missing Authorization vulnerability in VeronaLabs WP SMS.This
issue af ...)
- TODO: check
+ NOT-FOR-US: VeronaLabs WP SMS
CVE-2024-42776 (Kashipara Hotel Management System v1.0 is vulnerable to
Incorrect Acce ...)
NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42775 (An Incorrect Access Control vulnerability was found in
/admin/add_room ...)
@@ -165,7 +165,7 @@ CVE-2024-36439 (Swissphone DiCal-RED 4009 devices allow a
remote attacker to gai
CVE-2024-35151 (IBM OpenPages with Watson 8.3 and 9.0 could allow
authenticated users ...)
NOT-FOR-US: IBM
CVE-2023-6452 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Forcepoint
CVE-2024-8072 (Mage AI allows remote unauthenticated attackers to leak the
terminal s ...)
NOT-FOR-US: Mage AI
CVE-2024-8071 (Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <=
9.10.0 a ...)
@@ -189,7 +189,7 @@ CVE-2024-45166 (An issue was discovered in UCI IDOL 2 (aka
uciIDOL or IDOL2) thr
CVE-2024-45165 (An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2)
through 2 ...)
NOT-FOR-US: UCI IDOL 2 (aka uciIDOL or IDOL2)
CVE-2024-45163 (The Mirai botnet through 2024-08-19 mishandles simultaneous
TCP connec ...)
- TODO: check
+ NOT-FOR-US: Mirai botnet
CVE-2024-43813 (Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to
enforce p ...)
- mattermost-server <itp> (bug #823556)
CVE-2024-43033 (JPress through 5.1.1 on Windows has an arbitrary file upload
vulnerabi ...)
@@ -543,17 +543,17 @@ CVE-2024-41675 (CKAN is an open-source data management
system for powering data
CVE-2024-41674 (CKAN is an open-source data management system for powering
data hubs a ...)
NOT-FOR-US: CKAN
CVE-2024-41572 (Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site
Scripting ...)
- TODO: check
+ NOT-FOR-US: Learning with Texts
CVE-2024-40453 (squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was
discovered to ...)
- TODO: check
+ NOT-FOR-US: squirrelly
CVE-2024-39344 (An issue was discovered in the Docusign API package 8.142.14
for Sales ...)
NOT-FOR-US: Docusign API package for Salesforce
CVE-2024-37008 (A maliciously crafted DWG file, when parsed in Revit, can
force a stac ...)
NOT-FOR-US: Autodesk
CVE-2024-33657 (This SMM vulnerability affects certain modules, allowing
privileged at ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2024-33656 (The DXE module SmmComputrace contains a vulnerability that
allows loca ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2024-28000 (Incorrect Privilege Assignment vulnerability in LiteSpeed
Technologies ...)
NOT-FOR-US: WordPress plugin
CVE-2024-21690 (This High severity Reflected XSS and CSRF (Cross-Site Request
Forgery) ...)
@@ -613,7 +613,7 @@ CVE-2024-43396 (Khoj is an application that creates
personal AI agents. The Auto
CVE-2024-42939 (A cross-site scripting (XSS) vulnerability in the component
/index/ind ...)
NOT-FOR-US: YZNCMS
CVE-2024-42363 (Prior to 3385, the user-controlled role parameter enters the
applicati ...)
- TODO: check
+ NOT-FOR-US: Zendesk
CVE-2024-42362 (Hertzbeat is an open source, real-time monitoring system.
Hertzbeat ha ...)
NOT-FOR-US: Hertzbeat
CVE-2024-42361 (Hertzbeat is an open source, real-time monitoring system.
Hertzbeat 1. ...)
@@ -1109,7 +1109,7 @@ CVE-2024-41698 (Priority \u2013 CWE-200: Exposure of
Sensitive Information to an
CVE-2024-41697 (Priority -CWE-80: Improper Neutralization of Script-Related
HTML Tags ...)
NOT-FOR-US: Priority
CVE-2024-41659 (memos is a privacy-first, lightweight note-taking service. A
CORS misc ...)
- TODO: check
+ NOT-FOR-US: memos
CVE-2024-40743 (The stripImages and stripIframes methods didn't properly
process input ...)
NOT-FOR-US: Joomla!
CVE-2024-39690 (Capsule is a multi-tenancy and policy-based framework for
Kubernetes. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/938d194e3c7b943b0bcf792359f34063af2efca5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/938d194e3c7b943b0bcf792359f34063af2efca5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
