Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e08a5e5b by Salvatore Bonaccorso at 2024-09-06T22:51:34+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22,15 +22,15 @@ CVE-2024-7599 (The Advanced Sermons plugin for WordPress is
vulnerable to Stored
CVE-2024-7493 (The WPCOM Member plugin for WordPress is vulnerable to
privilege escal ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6445 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: DataFlowX Technology DataDiodeX
CVE-2024-45758 (H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily
set the JD ...)
TODO: check
CVE-2024-45405 (`gix-path` is a crate of the `gitoxide` project (an
implementation of ...)
TODO: check
CVE-2024-45300 (alf.io is an open source ticket reservation system for
conferences, tr ...)
- TODO: check
+ NOT-FOR-US: Alf.io
CVE-2024-45299 (alf.io is an open source ticket reservation system for
conferences, tr ...)
- TODO: check
+ NOT-FOR-US: Alf.io
CVE-2024-45295
REJECTED
CVE-2024-45294 (The HL7 FHIR Core Artifacts repository provides the java core
object h ...)
@@ -40,69 +40,69 @@ CVE-2024-45040 (gnark is a fast zk-SNARK library that
offers a high-level API to
CVE-2024-45039 (gnark is a fast zk-SNARK library that offers a high-level API
to desig ...)
TODO: check
CVE-2024-44837 (A cross-site scripting (XSS) vulnerability in the component
\bean\Mana ...)
- TODO: check
+ NOT-FOR-US: Drug
CVE-2024-44739 (Sourcecodester Simple Forum Website v1.0 has a SQL injection
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Simple Forum Website
CVE-2024-44408 (D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to
Information Disclo ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-44402 (D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection
via msp_ ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-44401 (D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection
via sub4 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-38642 (An improper certificate validation vulnerability has been
reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-38641 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-38640 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32771 (An improper restriction of excessive authentication attempts
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32763 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32762 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-27126 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-27125 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-27122 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-25584 (Dovecot accepts dot LF DOT LF symbol as end of DATA command.
RFC requi ...)
- TODO: check
+ NOT-FOR-US: OX Dovecot Pro core
CVE-2024-21906 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-21904 (A path traversal vulnerability has been reported to affect
several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-21903 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-21898 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-21897 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-1744 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Ariva Computer Accord ORS
CVE-2023-51368 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-51367 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-51366 (A path traversal vulnerability has been reported to affect
several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-50366 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-50360 (A SQL injection vulnerability has been reported to affect
Video Statio ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-47563 (An OS command injection vulnerability has been reported to
affect Vide ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-45038 (An improper authentication vulnerability has been reported to
affect M ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-39300 (An OS command injection vulnerability has been reported to
affect lega ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-39298 (A missing authorization vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-34979 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-34974 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-45498
- airflow <itp> (bug #819700)
CVE-2024-45034
@@ -173,11 +173,11 @@ CVE-2024-45400 (ckeditor-plugin-openlink is a plugin for
the CKEditor JavaScript
CVE-2024-42495 (Credentials to access device configuration were transmitted
using an u ...)
NOT-FOR-US: Hughes Network Systems
CVE-2024-40865 (The issue was addressed by suspending Persona when the virtual
keyboar ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-39585 (Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through
10.5.5.10 ...)
NOT-FOR-US: Dell
CVE-2024-39278 (Credentials to access device configuration information stored
unencryp ...)
- TODO: check
+ NOT-FOR-US: Hughes Network Systems
CVE-2024-38486 (Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through
10.5.5.10 ...)
NOT-FOR-US: Dell
CVE-2024-8473 (Cross-Site Scripting (XSS) vulnerability, whereby
user-controlled inpu ...)
@@ -738,11 +738,11 @@ CVE-2024-41927 (Cleartext transmission of sensitive
information vulnerability ex
CVE-2024-41716 (Cleartext storage of sensitive information vulnerability
exists in Win ...)
TODO: check
CVE-2024-41434 (PingCAP TiDB v8.1.0 was discovered to contain a buffer
overflow via th ...)
- TODO: check
+ NOT-FOR-US: PingCAP TiDB
CVE-2024-41433 (PingCAP TiDB v8.1.0 was discovered to contain a buffer
overflow via th ...)
TODO: check
CVE-2024-39921 (Observable timing discrepancy issue exists in IPCOM EX2 Series
V01L02N ...)
- TODO: check
+ NOT-FOR-US: Fujitsu
CVE-2024-34661 (Improper handling of insufficient permissions in Samsung
Assistant pri ...)
NOT-FOR-US: Samsung
CVE-2024-34660 (Heap-based out-of-bounds write in Samsung Notes prior to
version 4.4.2 ...)
@@ -195450,7 +195450,7 @@ CVE-2022-27594
CVE-2022-27593 (An externally controlled reference to a resource vulnerability
has bee ...)
NOT-FOR-US: QNAP
CVE-2022-27592 (An unquoted search path or element vulnerability has been
reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2022-27591
RESERVED
CVE-2022-27590
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e08a5e5bf1152ab7bdeaac2cefdf859ba96976c7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e08a5e5bf1152ab7bdeaac2cefdf859ba96976c7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
