Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7ff77823 by Salvatore Bonaccorso at 2024-09-27T22:23:13+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
CVE-2024-9301 (A path traversal issue in E2Nest prior to commit
8a41948e553c89c56b144 ...)
- TODO: check
+ NOT-FOR-US: E2Nest
CVE-2024-9284 (A vulnerability was found in TP-LINK TL-WR841ND up to 20240920.
It has ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2024-9283 (A vulnerability classified as problematic has been found in
RelaxedJS ...)
TODO: check
CVE-2024-9282 (A vulnerability was found in bg5sbk MiniCMS 1.11. It has been
classifi ...)
- TODO: check
+ NOT-FOR-US: bg5sbk MiniCMS
CVE-2024-9281 (A vulnerability was found in bg5sbk MiniCMS up to 1.11 and
classified ...)
- TODO: check
+ NOT-FOR-US: bg5sbk MiniCMS
CVE-2024-9280 (A vulnerability has been found in kalvinGit kvf-admin up to
f12a94dc1e ...)
TODO: check
CVE-2024-9279 (A vulnerability, which was classified as problematic, was found
in fun ...)
- TODO: check
+ NOT-FOR-US: funnyzpc Mee-Admin
CVE-2024-9278 (A vulnerability, which was classified as critical, has been
found in H ...)
- TODO: check
+ NOT-FOR-US: HuankeMao SCRM
CVE-2024-9277 (A vulnerability classified as problematic was found in Langflow
up to ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2024-9276 (A vulnerability classified as problematic has been found in
TMsoft MyA ...)
- TODO: check
+ NOT-FOR-US: TMsoft MyAuth Gateway 3
CVE-2024-9275 (A vulnerability was found in jeanmarc77 123solar up to 1.8.4.5.
It has ...)
- TODO: check
+ NOT-FOR-US: jeanmarc77 123solar
CVE-2024-9273
REJECTED
CVE-2024-9268
@@ -29,83 +29,83 @@ CVE-2024-9202 (In Eclipse Dataspace Components versions
0.1.3 to 0.9.0, the Conn
CVE-2024-9171
REJECTED
CVE-2024-9160 (In versions of the PEADM Forge Module prior to 3.24.0 a
security misco ...)
- TODO: check
+ NOT-FOR-US: PEADM Forge Module
CVE-2024-9136 (Access permission verification vulnerability in the App
Multiplier mod ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-8644 (Cleartext Storage of Sensitive Information in a Cookie
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Oceanic Software ValeApp
CVE-2024-8643 (Session Fixation vulnerability in Oceanic Software ValeApp
allows Brut ...)
- TODO: check
+ NOT-FOR-US: Oceanic Software ValeApp
CVE-2024-8630 (Alisonic Sibylla devices are vulnerable to SQL injection
attacks, whic ...)
- TODO: check
+ NOT-FOR-US: Alisonic Sibylla devices
CVE-2024-8609 (Insertion of Sensitive Information into Log File vulnerability
in Ocea ...)
- TODO: check
+ NOT-FOR-US: Oceanic Software ValeApp
CVE-2024-8608 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Oceanic Software ValeApp
CVE-2024-8607 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Oceanic Software ValeApp
CVE-2024-8310 (OPW Fuel Management Systems SiteSentinel could allow an
attacker to b ...)
- TODO: check
+ NOT-FOR-US: OPW Fuel Management Systems SiteSentinel
CVE-2024-7149 (The Event Manager, Events Calendar, Tickets, Registrations
\u2013 Even ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6983 (mudler/localai version 2.17.1 is vulnerable to remote code
execution. ...)
- TODO: check
+ NOT-FOR-US: mudler/localai
CVE-2024-6981 (OMNTEC Proteus Tank Monitoring OEL8000III Series could allow
an atta ...)
- TODO: check
+ NOT-FOR-US: OMNTEC Proteus Tank Monitoring OEL8000III Series
CVE-2024-6931 (The The Events Calendar plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6654 (Products for macOS enables auser logged on to the system to
perform a ...)
- TODO: check
+ NOT-FOR-US: ESET
CVE-2024-6436 (An input validation vulnerability exists in the Rockwell
Automation Se ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-47294 (Access permission verification vulnerability in the input
method frame ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-47293 (Out-of-bounds write vulnerability in the HAL-WIFI module
Impact: Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-47292 (Path traversal vulnerability in the Bluetooth module Impact:
Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-47291 (Permission vulnerability in the ActivityManagerService (AMS)
module Im ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-47290 (Input validation vulnerability in the USB service module
Impact: Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-47184 (Ampache is a web based audio/video streaming application and
file mana ...)
TODO: check
CVE-2024-47182 (Dozzle is a realtime log viewer for docker containers. Before
version ...)
- TODO: check
+ NOT-FOR-US: Dozzle
CVE-2024-47077 (authentik is an open-source identity provider. Prior to
versions 2024. ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2024-47070 (authentik is an open-source identity provider. A vulnerability
that ex ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2024-46472 (CodeAstro Membership Management System 1.0 is vulnerable to
SQL Inject ...)
- TODO: check
+ NOT-FOR-US: CodeAstro Membership Management System
CVE-2024-46471 (The Directory Listing in /uploads/ Folder in CodeAstro
Membership Mana ...)
- TODO: check
+ NOT-FOR-US: CodeAstro Membership Management System
CVE-2024-46470 (Cross Site Scripting vulnerability in CodeAstro Membership
Management ...)
- TODO: check
+ NOT-FOR-US: CodeAstro Membership Management System
CVE-2024-46441 (An arbitrary file upload vulnerability in YPay 1.2.0 allows
attackers ...)
- TODO: check
+ NOT-FOR-US: YPay
CVE-2024-46367 (A Stored Cross-Site Scripting (XSS) vulnerability in Webkul
Krayin CRM ...)
- TODO: check
+ NOT-FOR-US: Webkul Krayin CRM
CVE-2024-46366 (A Client-side Template Injection (CSTI) vulnerability in
Webkul Krayin ...)
- TODO: check
+ NOT-FOR-US: Webkul Krayin CRM
CVE-2024-46333 (An authenticated cross-site scripting (XSS) vulnerability in
Piwigo v1 ...)
TODO: check
CVE-2024-46331 (ModStartCMS v8.8.0 was discovered to contain an open redirect
vulnerab ...)
- TODO: check
+ NOT-FOR-US: ModStartCMS
CVE-2024-46257 (A Command injection vulnerability in
requestLetsEncryptSslWithDnsChall ...)
TODO: check
CVE-2024-46256 (A Command injection vulnerability in requestLetsEncryptSsl in
NginxPro ...)
TODO: check
CVE-2024-46097 (TestLink 1.9.20 is vulnerable to Incorrect Access Control in
the TestP ...)
- TODO: check
+ NOT-FOR-US: TestLink
CVE-2024-45863 (A null-dereference vulnerability involving parsing requests
specifying ...)
TODO: check
CVE-2024-45773 (A use-after-free vulnerability involving upgradeToRocket
requests can ...)
TODO: check
CVE-2024-45745 (TopQuadrant TopBraid EDG before version 8.0.1 allows an
authenticated ...)
- TODO: check
+ NOT-FOR-US: TopQuadrant
CVE-2024-45744 (TopQuadrant TopBraid EDG stores external credentials
insecurely. An au ...)
- TODO: check
+ NOT-FOR-US: TopQuadrant
CVE-2024-44912 (NASA CryptoLib v1.3.0 was discovered to contain an
Out-of-Bounds read ...)
TODO: check
CVE-2024-44911 (NASA CryptoLib v1.3.0 was discovered to contain an
Out-of-Bounds read ...)
@@ -113,35 +113,35 @@ CVE-2024-44911 (NASA CryptoLib v1.3.0 was discovered to
contain an Out-of-Bounds
CVE-2024-44910 (NASA CryptoLib v1.3.0 was discovered to contain an
Out-of-Bounds read ...)
TODO: check
CVE-2024-41930 (Cross-site scripting vulnerability exists in MF Teacher
Performance Ma ...)
- TODO: check
+ NOT-FOR-US: MF Teacher Performance Management System
CVE-2024-40512 (Cross Site Scripting vulnerability in openPetra v.2023.02
allows a rem ...)
- TODO: check
+ NOT-FOR-US: openPetra
CVE-2024-40511 (Cross Site Scripting vulnerability in openPetra v.2023.02
allows a rem ...)
- TODO: check
+ NOT-FOR-US: openPetra
CVE-2024-40510 (Cross Site Scripting vulnerability in openPetra v.2023.02
allows a rem ...)
- TODO: check
+ NOT-FOR-US: openPetra
CVE-2024-40509 (Cross Site Scripting vulnerability in openPetra v.2023.02
allows a rem ...)
- TODO: check
+ NOT-FOR-US: openPetra
CVE-2024-3373 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: RSM Design Website Template
CVE-2024-39364 (Advantech ADAM-5630 has built-in commands that can be
executed withou ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2024-39275 (Cookies of authenticated Advantech ADAM-5630 users remain as
active va ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2024-38861 (Improper Certificate Validation in Checkmk Exchange plugin
MikroTik al ...)
TODO: check
CVE-2024-38308 (Advantech ADAM 5550's web application includes a "logs" page
where all ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2024-37187 (Advantech ADAM-5550 share user credentials with a low level of
encrypt ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2024-34542 (Advantech ADAM-5630 shares user credentials plain text between
the dev ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2024-33369 (Directory Traversal vulnerability in Plasmoapp RPShare Fabric
mod v.1. ...)
- TODO: check
+ NOT-FOR-US: Plasmoapp RPShare Fabric mod
CVE-2024-33368 (An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a
remote attac ...)
- TODO: check
+ NOT-FOR-US: Plasmoapp RPShare Fabric mod
CVE-2024-28948 (Advantech ADAM-5630 contains a cross-site request forgery
(CSRF) vulne ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2024-25412 (A cross-site scripting (XSS) vulnerability in Flatpress v1.3
allows at ...)
TODO: check
CVE-2024-25411 (A cross-site scripting (XSS) vulnerability in Flatpress v1.3
allows at ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ff7782359567a58b4df979d92382335548bf944
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ff7782359567a58b4df979d92382335548bf944
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
