Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b23e645a by Salvatore Bonaccorso at 2024-09-05T22:37:02+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,75 +1,75 @@
CVE-2024-8473 (Cross-Site Scripting (XSS) vulnerability, whereby
user-controlled inpu ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8472 (Cross-Site Scripting (XSS) vulnerability, whereby
user-controlled inpu ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8471 (Cross-Site Scripting (XSS) vulnerability, whereby
user-controlled inpu ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8470 (SQL injection vulnerability, by which an attacker could send a
special ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8469 (SQL injection vulnerability, by which an attacker could send a
special ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8468 (SQL injection vulnerability, by which an attacker could send a
special ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8467 (SQL injection vulnerability, by which an attacker could send a
special ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8466 (SQL injection vulnerability, by which an attacker could send a
special ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8465 (SQL injection vulnerability, by which an attacker could send a
special ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8464 (SQL injection vulnerability, by which an attacker could send a
special ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8463 (File upload restriction bypass vulnerability in PHPGurukul Job
Portal ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8462 (A vulnerability was found in Windmill 1.380.0. It has been
classified ...)
- TODO: check
+ NOT-FOR-US: Windmill
CVE-2024-8461 (A vulnerability, which was classified as problematic, was found
in D-L ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-8460 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-8445 (The fix for CVE-2024-2199 in 389-ds-base was insufficient to
cover all ...)
TODO: check
CVE-2024-8395 (FlyCASS CASS and KCM systems did not correctly filter SQL
queries, whi ...)
- TODO: check
+ NOT-FOR-US: FlyCASS CASS and KCM systems
CVE-2024-8363 (The Share This Image plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7884 (When a canister method is called via ic_cdk::call* , a new
Future Call ...)
TODO: check
CVE-2024-7605 (The HelloAsso plugin for WordPress is vulnerable to
unauthorized modif ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7591 (Improper Input Validation vulnerability in Progress LoadMaster
allows ...)
- TODO: check
+ NOT-FOR-US: LoadMaster
CVE-2024-7381 (The Geo Controller plugin for WordPress is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7380 (The Geo Controller plugin for WordPress is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6929 (The Dynamic Featured Image plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6894 (The RD Station plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6332 (The Booking for Appointments and Events Calendar \u2013 Amelia
Premium ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5957 (This vulnerability allows unauthenticated remote attackers to
bypass a ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2024-5956 (This vulnerability allows unauthenticated remote attackers to
bypass a ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2024-5309 (The Form Vibes \u2013 Database Manager for Forms plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-45589 (RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0
imprope ...)
- TODO: check
+ NOT-FOR-US: RapidIdentity
CVE-2024-45401 (stripe-cli is a command-line tool for the payment processor
Stripe. A ...)
TODO: check
CVE-2024-45392 (SuiteCRM is an open-source customer relationship management
(CRM) syst ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-45178 (An issue was discovered in za-internet C-MOR Video
Surveillance 5.2401 ...)
- TODO: check
+ NOT-FOR-US: za-internet C-MOR Video Surveillance
CVE-2024-45176 (An issue was discovered in za-internet C-MOR Video
Surveillance 5.2401 ...)
- TODO: check
+ NOT-FOR-US: za-internet C-MOR Video Surveillance
CVE-2024-45175 (An issue was discovered in za-internet C-MOR Video
Surveillance 5.2401 ...)
- TODO: check
+ NOT-FOR-US: za-internet C-MOR Video Surveillance
CVE-2024-45173 (An issue was discovered in za-internet C-MOR Video
Surveillance 5.2401 ...)
- TODO: check
+ NOT-FOR-US: za-internet C-MOR Video Surveillance
CVE-2024-45171 (An issue was discovered in za-internet C-MOR Video
Surveillance 5.2401 ...)
- TODO: check
+ NOT-FOR-US: za-internet C-MOR Video Surveillance
CVE-2024-45159 (An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS
1.3, wh ...)
TODO: check
CVE-2024-45158 (An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack
buffer o ...)
@@ -77,7 +77,7 @@ CVE-2024-45158 (An issue was discovered in Mbed TLS 3.6
before 3.6.1. A stack bu
CVE-2024-45157 (An issue was discovered in Mbed TLS before 2.28.9 and 3.x
before 3.6.1 ...)
TODO: check
CVE-2024-45107 (Acrobat Reader versions 20.005.30636, 24.002.20964,
24.001.30123, 24.0 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-45098 (IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to
bypass int ...)
NOT-FOR-US: IBM
CVE-2024-45097 (IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to
bypass int ...)
@@ -85,17 +85,17 @@ CVE-2024-45097 (IBM Aspera Faspex 5.0.0 through 5.0.9 could
allow a user to bypa
CVE-2024-45096 (IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with
access t ...)
NOT-FOR-US: IBM
CVE-2024-44728 (Sourcecodehero Event Management System 1.0 allows Stored
Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: Sourcecodehero Event Management System
CVE-2024-44727 (Sourcecodehero Event Management System1.0 is vulnerable to SQL
Injecti ...)
- TODO: check
+ NOT-FOR-US: Sourcecodehero Event Management System
CVE-2024-44587 (itsourcecode Alton Management System 1.0 is vulnerable to SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Alton Management System
CVE-2024-42885 (SQL Injection vulnerability in ESAFENET CDG 5.6 and before
allows an a ...)
- TODO: check
+ NOT-FOR-US: ESAFENET CDG
CVE-2024-42491 (Asterisk is an open-source private branch exchange (PBX).
Prior to ver ...)
TODO: check
CVE-2024-24759 (MindsDB is a platform for building artificial intelligence
from enterp ...)
- TODO: check
+ NOT-FOR-US: MindsDB
CVE-2023-51712 (An issue was discovered in Trusted Firmware-M through 2.0.0.
The lack ...)
TODO: check
CVE-2024-8178 (The ctl_write_buffer and ctl_read_buffer functions allocated
memory to ...)
@@ -553,65 +553,65 @@ CVE-2024-41433 (PingCAP TiDB v8.1.0 was discovered to
contain a buffer overflow
CVE-2024-39921 (Observable timing discrepancy issue exists in IPCOM EX2 Series
V01L02N ...)
TODO: check
CVE-2024-34661 (Improper handling of insufficient permissions in Samsung
Assistant pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34660 (Heap-based out-of-bounds write in Samsung Notes prior to
version 4.4.2 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34659 (Exposure of sensitive information in GroupSharing prior to
version 13. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34658 (Out-of-bounds read in Samsung Notes allows local attackers to
bypass A ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34657 (Stack-based out-of-bounds write in Samsung Notes prior to
version 4.4. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34656 (Path traversal in Samsung Notes prior to version 4.4.21.62
allows loca ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34655 (Incorrect use of privileged API in UniversalCredentialManager
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34654 (Improper Export of android application component in My Files
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34653 (Path Traversal in My Files prior to SMR Sep-2024 Release 1
allows phys ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34652 (Incorrect authorization in kperfmon prior to SMR Sep-2024
Release 1 al ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34651 (Improper authorization in My Files prior to SMR Sep-2024
Release 1 all ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34650 (Incorrect authorization in CocktailbarService prior to SMR
Sep-2024 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34649 (Improper access control in new Dex Mode in multitasking
framework prio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34648 (Improper Handling of Insufficient Permissions in
KnoxMiscPolicy prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34647 (Incorrect use of privileged API in DualDarManagerProxy prior
to SMR Se ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34646 (Improper access control in DualDarManagerProxy prior to SMR
Sep-2024 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34645 (Improper input validation in ThemeCenter prior to SMR Sep-2024
Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34644 (Improper access control in item selection related in Dressroom
prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34643 (Improper access control in key input related function in
Dressroom pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34642 (Improper authorization in One UI Home prior to SMR Sep-2024
Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34641 (Improper Export of Android Application Components in
FeliCaTest prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34640 (Improper access control vulnerability in BGProtectManager
prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34639 (Improper handling of exceptional conditions in Setupwizard
prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34638 (Improper handling of exceptional conditions in ThemeCenter
prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34637 (Improper access control in WindowManagerService prior to SMR
Sep-2024 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-20503 (A vulnerability in Cisco Duo Epic for Hyperdrive could allow
an authen ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20497 (A vulnerability in Cisco Expressway Edge (Expressway-E) could
allow an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20469 (A vulnerability in specific CLI commands in Cisco Identity
Services En ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20440 (A vulnerability in Cisco Smart Licensing Utility could allow
an unauth ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20439 (A vulnerability in Cisco Smart Licensing Utility could allow
an unauth ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-44082
- ironic <unfixed>
- ironic-python-agent <unfixed>
@@ -135472,7 +135472,7 @@ CVE-2022-4531
CVE-2022-4530
REJECTED
CVE-2022-4529 (The Security, Antivirus, Firewall \u2013 S.A.F plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4528
REJECTED
CVE-2022-4527 (A vulnerability was found in collective.task up to 3.0.8. It
has been ...)
@@ -151695,7 +151695,7 @@ CVE-2022-3558 (The Import and export users and
customers WordPress plugin before
CVE-2022-3557
RESERVED
CVE-2022-3556 (The Cab fare calculator plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3555
REJECTED
CVE-2022-3554
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23e645aab3ee6727f927f90528f7489a841544f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23e645aab3ee6727f927f90528f7489a841544f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
