Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fb74a2ae by Salvatore Bonaccorso at 2024-09-10T07:34:40+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,17 +11,17 @@ CVE-2024-8372 (Improper sanitization of the value of the
'[srcset]' attribute in
CVE-2024-8042 (Rapid7 Insight Platform versions between November 2019 and
August 14, ...)
NOT-FOR-US: Rapid7 Insight Platform
CVE-2024-7341 (A session fixation issue was discovered in the SAML adapters
provided ...)
- TODO: check
+ NOT-FOR-US: Keycloak
CVE-2024-7318 (A vulnerability was found in Keycloak. Expired OTP codes are
still usa ...)
NOT-FOR-US: Keycloak
CVE-2024-7260 (An open redirect vulnerability was found in Keycloak. A
specially craf ...)
NOT-FOR-US: Keycloak
CVE-2024-7015 (Improper Authentication, Missing Authentication for Critical
Function, ...)
- TODO: check
+ NOT-FOR-US: Profelis Informatics and Consulting PassBox
CVE-2024-6796 (In Baxter Connex health portal released before 8/30/2024, an
improper ...)
- TODO: check
+ NOT-FOR-US: Baxter Connex health portal
CVE-2024-6795 (In Connex health portal released before8/30/2024, SQL injection
vulner ...)
- TODO: check
+ NOT-FOR-US: Baxter Connex health portal
CVE-2024-6572 (Improper host key checking in active check 'Check SFTP Service'
and sp ...)
TODO: check
CVE-2024-45411 (Twig is a template language for PHP. Under some circumstances,
the san ...)
@@ -37,53 +37,53 @@ CVE-2024-45406 (Craft is a content management system (CMS).
Craft CMS 5 stored X
CVE-2024-45296 (path-to-regexp turns path strings into a regular expressions.
In certa ...)
TODO: check
CVE-2024-45041 (External Secrets Operator is a Kubernetes operator that
integrates ext ...)
- TODO: check
+ NOT-FOR-US: External Secrets Kubernetes Operator
CVE-2024-44902 (A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4
allows at ...)
- TODO: check
+ NOT-FOR-US: Thinkphp
CVE-2024-44849 (Qualitor up to 8.24 is vulnerable to Remote Code Execution
(RCE) via A ...)
- TODO: check
+ NOT-FOR-US: Qualitor
CVE-2024-44725 (AutoCMS v5.4 was discovered to contain a SQL injection
vulnerability v ...)
- TODO: check
+ NOT-FOR-US: AutoCMS
CVE-2024-44724 (AutoCMS v5.4 was discovered to contain a PHP code injection
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: AutoCMS
CVE-2024-44721 (SeaCMS v13.1 was discovered to a Server-Side Request Forgery
(SSRF) vi ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2024-44720 (SeaCMS v13.1 was discovered to an arbitrary file read
vulnerability vi ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2024-44375 (D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability
in the d ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-44335 (D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1,
DI-7100G+V2 v24.0 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-44334 (D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1,
DI-7100GV2 v24 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-44333 (D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1,
DI-7100GV2 v24 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-44085 (ONLYOFFICE Docs before 8.1.0 allows XSS via a
GeneratorFunction Object ...)
- TODO: check
+ NOT-FOR-US: ONLYOFFICE Docs
CVE-2024-42759 (An issue in Ellevo v.6.2.0.38160 allows a remote attacker to
escalate ...)
- TODO: check
+ NOT-FOR-US: Ellevo
CVE-2024-42500 (HPE has identified a denial of service vulnerability in HPE
HP-UX Syst ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-40643 (Joplin is a free, open source note taking and to-do
application. Jopli ...)
TODO: check
CVE-2024-37288 (A deserialization issue in Kibana can lead to arbitrary code
execution ...)
TODO: check
CVE-2024-27387 (An issue was discovered in Samsung Mobile Processor Exynos
980, Exynos ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-27383 (An issue was discovered in Samsung Mobile Processor Exynos
980, Exynos ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-27368 (An issue was discovered in Samsung Mobile Processor Exynos
Mobile Proc ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-27367 (An issue was discovered in Samsung Mobile Processor Exynos
Wearable Pr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-27366 (An issue was discovered in Samsung Mobile Processor, Wearable
Processo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-27364 (An issue was discovered in Mobile Processor, Wearable
Processor Exynos ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-24510 (Cross Site Scripting vulnerability in Alinto SOGo before
5.10.0 allows ...)
TODO: check
CVE-2023-50883 (ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an
immediat ...)
- TODO: check
+ NOT-FOR-US: ONLYOFFICE Docs
CVE-2024-8586 (WebITR from Uniong has an Open Redirect vulnerability, which
allows un ...)
NOT-FOR-US: WebITR
CVE-2024-8585 (Orca HCM from LEARNING DIGITA does not properly restrict a
specific pa ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb74a2ae77341cced2eb65b43c1852b54e3a93d6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb74a2ae77341cced2eb65b43c1852b54e3a93d6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
