Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
64b4a28a by Salvatore Bonaccorso at 2024-08-23T22:32:17+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,129 +1,129 @@
CVE-2024-8113 (Stored XSS in organizer and event settings of pretix up to
2024.7.0 al ...)
- TODO: check
+ NOT-FOR-US: pretix
CVE-2024-8112 (A vulnerability was found in thinkgem JeeSite 5.3. It has been
rated a ...)
- TODO: check
+ NOT-FOR-US: thinkgem JeeSite
CVE-2024-7986 (A vulnerability exists in the Rockwell
AutomationThinManager\xae ThinS ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-7954 (The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13,
and 4. ...)
TODO: check
CVE-2024-7428 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in O ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-7427 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-5586 (ZohocorpManageEngineADAudit Plus versions below8121 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-5556 (ZohocorpManageEngineADAudit Plus versions below8000 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-5502 (The Piotnet Addons For Elementor plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5490 (ZohocorpManageEngineADAudit Plus versions below8000 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-5467 (ZohocorpManageEngineADAudit Plus versions below8121 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-5466 (Zohocorp ManageEngine OpManager andRemote Monitoring and
Management ve ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-45190 (Mage AI allows remote users with the "Viewer" role to leak
arbitrary f ...)
- TODO: check
+ NOT-FOR-US: Mage AI
CVE-2024-45189 (Mage AI allows remote users with the "Viewer" role to leak
arbitrary f ...)
- TODO: check
+ NOT-FOR-US: Mage AI
CVE-2024-45188 (Mage AI allows remote users with the "Viewer" role to leak
arbitrary f ...)
- TODO: check
+ NOT-FOR-US: Mage AI
CVE-2024-45187 (Guest users in the Mage AI framework that remain logged in
after their ...)
- TODO: check
+ NOT-FOR-US: Mage AI
CVE-2024-44390 (Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-44387 (Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-44386 (Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-44382 (D-Link DI_8004W 16.07.26A1 contains a command execution
vulnerability ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-44381 (D-Link DI_8004W 16.07.26A1 contains a command execution
vulnerability ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-43794 (OpenSearch Dashboards Security Plugin adds a configuration
management ...)
- TODO: check
+ NOT-FOR-US: OpenSearch Dashboards Security Plugin
CVE-2024-43791 (RequestStore provides per-request global storage for Rack. The
files p ...)
TODO: check
CVE-2024-43782 (This openedx-translations repository contains translation
files from O ...)
TODO: check
CVE-2024-43032 (autMan v2.9.6 allows attackers to bypass authentication via a
crafted ...)
- TODO: check
+ NOT-FOR-US: autMan
CVE-2024-43031 (autMan v2.9.6 was discovered to contain an access control
issue.)
- TODO: check
+ NOT-FOR-US: autMan
CVE-2024-42992 (Python Pip Pandas v2.2.2 was discovered to contain an
arbitrary file r ...)
TODO: check
CVE-2024-42918 (itsourcecode Online Accreditation Management System contains a
Cross S ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Online Accreditation Management System
CVE-2024-42915 (A host header injection vulnerability in Staff Appraisal
System v1.0 a ...)
- TODO: check
+ NOT-FOR-US: Staff Appraisal System
CVE-2024-42914 (A host header injection vulnerability exists in the forgot
password fu ...)
- TODO: check
+ NOT-FOR-US: ArrowCMS
CVE-2024-42852 (Cross Site Scripting vulnerability in AcuToWeb server
v.10.5.0.7577C8b ...)
- TODO: check
+ NOT-FOR-US: AcuToWeb server
CVE-2024-42845 (An eval Injection vulnerability in the component
invesalius/reader/dic ...)
TODO: check
CVE-2024-42766 (Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable
to Incorr ...)
- TODO: check
+ NOT-FOR-US: Kashipara Bus Ticket Reservation System
CVE-2024-42765 (A SQL injection vulnerability in "/login.php" of the Kashipara
Bus Tic ...)
- TODO: check
+ NOT-FOR-US: Kashipara Bus Ticket Reservation System
CVE-2024-42764 (Kashipara Bus Ticket Reservation System v1.0 is vulnerable to
Cross Si ...)
- TODO: check
+ NOT-FOR-US: Kashipara Bus Ticket Reservation System
CVE-2024-42756 (An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote
attacker to ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-42636 (DedeCMS V5.7.115 has a command execution vulnerability via
file_manage ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2024-42531 (Ezviz Internet PT Camera CS-CV246 D15655150 allows an
unauthenticated ...)
- TODO: check
+ NOT-FOR-US: Ezviz Internet PT Camera CS-CV246 D15655150
CVE-2024-42523 (publiccms V4.0.202302.e and before is vulnerable to Any File
Upload vi ...)
- TODO: check
+ NOT-FOR-US: publiccms
CVE-2024-42364 (Homepage is a highly customizable homepage with Docker and
service API ...)
TODO: check
CVE-2024-42040 (Buffer Overflow vulnerability in the net/bootp.c in DENEX
U-Boot from ...)
TODO: check
CVE-2024-41878 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41877 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41876 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41875 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41849 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41848 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41847 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41846 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41845 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41844 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41843 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41842 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41841 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41150 (An Stored Cross-site Scripting vulnerability in request module
affects ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-39841 (A SQL Injection vulnerability exists in the service
configuration func ...)
TODO: check
CVE-2024-38869 (An Stored Cross-site Scripting vulnerability affects
ZohocorpManageEng ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-38807 (Applications that use spring-boot-loaderor
spring-boot-loader-classica ...)
TODO: check
CVE-2024-37311 (Collabora Online is a collaborative online office suite based
on Libre ...)
- TODO: check
+ NOT-FOR-US: Collabora Online
CVE-2024-36517 (ZohocorpManageEngineADAudit Plus versions below8000 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-36516 (ZohocorpManageEngineADAudit Plus versions below8000 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-36515 (ZohocorpManageEngineADAudit Plus versions below8000 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-36514 (ZohocorpManageEngineADAudit Plus versions below8000 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-33854 (A SQL Injection vulnerability exists in the Graph Template
component i ...)
TODO: check
CVE-2024-33853 (A SQL Injection vulnerability exists in the Timeperiod
component in Ce ...)
@@ -334118,7 +334118,7 @@ CVE-2020-11849 (Elevation of privilege and/or
unauthorized access vulnerability
CVE-2020-11848 (Denial of service vulnerability on Micro Focus ArcSight
Management Cen ...)
NOT-FOR-US: Micro Focus
CVE-2020-11847 (SSH authenticated user when access the PAM server can execute
an OS co ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2020-11846 (A vulnerability found in OpenText Privileged Access Manager
that issue ...)
NOT-FOR-US: OpenText Privileged Access Manager
CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service
Manager prod ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64b4a28a421eb46fcfe6d0fa3f6b305512179fb3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64b4a28a421eb46fcfe6d0fa3f6b305512179fb3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
