Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f638078c by Salvatore Bonaccorso at 2024-11-04T21:51:51+01:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,153 +37,153 @@ CVE-2024-51557 (This vulnerability exists in the Wave 2.0
due to missing rate li
CVE-2024-51556 (This vulnerability exists in the Wave 2.0 due to weak
encryption of se ...)
TODO: check
CVE-2024-51408 (AppSmith Community 1.8.3 before 1.46 allows SSRF via New
DataSource fo ...)
- TODO: check
+ NOT-FOR-US: AppSmith Community
CVE-2024-51329 (A Host header injection vulnerability in Agile-Board 1.0
allows attack ...)
- TODO: check
+ NOT-FOR-US: Agile-Board
CVE-2024-51328 (Cross Site Scripting vulnerability in addcategory.php in
projectworld' ...)
- TODO: check
+ NOT-FOR-US: projectworld's Travel Management System
CVE-2024-51327 (SQL Injection in loginform.php in ProjectWorld's Travel
Management Sys ...)
- TODO: check
+ NOT-FOR-US: projectworld's Travel Management System
CVE-2024-51326 (SQL Injection vulnerability in projectworlds Travel management
System ...)
- TODO: check
+ NOT-FOR-US: projectworld's Travel Management System
CVE-2024-51253 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious
commands ...)
- TODO: check
+ NOT-FOR-US: Draytek Vigor3900
CVE-2024-51251 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious
commands ...)
- TODO: check
+ NOT-FOR-US: Draytek Vigor3900
CVE-2024-51249 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious
commands ...)
- TODO: check
+ NOT-FOR-US: Draytek Vigor3900
CVE-2024-51246 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious
commands ...)
- TODO: check
+ NOT-FOR-US: Draytek Vigor3900
CVE-2024-51136 (An XML External Entity (XXE) vulnerability in Dmoz2CSV in
openimaj v1. ...)
- TODO: check
+ NOT-FOR-US: openimaj
CVE-2024-51127 (An issue in the createTempFile method of hornetq v2.4.9 allows
attacke ...)
- TODO: check
+ NOT-FOR-US: HornetQ
CVE-2024-50531 (Unrestricted Upload of File with Dangerous Type vulnerability
in David ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50530 (Unrestricted Upload of File with Dangerous Type vulnerability
in Myria ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50529 (Unrestricted Upload of File with Dangerous Type vulnerability
in Rudra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50528 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50527 (Unrestricted Upload of File with Dangerous Type vulnerability
in Stack ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50526 (Unrestricted Upload of File with Dangerous Type vulnerability
in mahla ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50525 (Unrestricted Upload of File with Dangerous Type vulnerability
in Hello ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50523 (Unrestricted Upload of File with Dangerous Type vulnerability
in Rainb ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48878 (Zohocorp ManageEngine ADManager Plus versions 7241 and prior
are vulne ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2024-48809 (An issue in Open Networking Foundations sdran-in-a-box v.1.4.3
and ono ...)
- TODO: check
+ NOT-FOR-US: Open Networking Foundations sdran-in-a-box
CVE-2024-48336 (The install() function of ProviderInstaller.java in Magisk App
before ...)
- TODO: check
+ NOT-FOR-US: Magisk App
CVE-2024-45893 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication
command injec ...)
- TODO: check
+ NOT-FOR-US: DrayTek Vigor3900
CVE-2024-45891 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication
command injec ...)
- TODO: check
+ NOT-FOR-US: DrayTek Vigor3900
CVE-2024-45890 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication
command injec ...)
- TODO: check
+ NOT-FOR-US: DrayTek Vigor3900
CVE-2024-45889 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication
command injec ...)
- TODO: check
+ NOT-FOR-US: DrayTek Vigor3900
CVE-2024-45888 (DrayTek Vigor3900 1.5.1.3 contains a command injection
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: DrayTek Vigor3900
CVE-2024-45887 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication
command injec ...)
- TODO: check
+ NOT-FOR-US: DrayTek Vigor3900
CVE-2024-45885 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication
command injec ...)
- TODO: check
+ NOT-FOR-US: DrayTek Vigor3900
CVE-2024-45884 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication
command injec ...)
- TODO: check
+ NOT-FOR-US: DrayTek Vigor3900
CVE-2024-45882 (DrayTek Vigor3900 1.5.1.3 contains a command injection
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: DrayTek Vigor3900
CVE-2024-45185 (An issue was discovered in Samsung Mobile Processor, Wearable
Processo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-45164 (Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in
SPS (Se ...)
- TODO: check
+ NOT-FOR-US: Akamai SIA (Secure Internet Access Enterprise) ThreatAvert
CVE-2024-45086 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to
an XML e ...)
NOT-FOR-US: IBM
CVE-2024-38424 (Memory corruption during GNSS HAL process initialization.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38423 (Memory corruption while processing GPU page table switch.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38422 (Memory corruption while processing voice packet with arbitrary
data re ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38421 (Memory corruption while processing GPU commands.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38419 (Memory corruption while invoking IOCTL calls from the
use-space for HG ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38415 (Memory corruption while handling session errors from firmware.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38410 (Memory corruption while IOCLT is called when device is in
invalid stat ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38409 (Memory corruption while station LL statistic handling.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38408 (Cryptographic issue when a controller receives an LMP start
encryption ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38407 (Memory corruption while processing input parameters for any
IOCTL call ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38406 (Memory corruption while handling IOCTL calls in JPEG Encoder
driver.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38405 (Transient DOS while processing the CU information from RNR IE.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38403 (Transient DOS while parsing BTM ML IE when per STA profile is
not incl ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-36485 (Zohocorp ManageEngine ADAudit Plus versions8121 and prior are
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2024-34891 (Insufficiently protected credentials in DAV server settings in
1C-Bitr ...)
- TODO: check
+ NOT-FOR-US: 1C-Bitrix Bitrix24
CVE-2024-34887 (Insufficiently protected credentials in AD/LDAP server
settings in 1C- ...)
- TODO: check
+ NOT-FOR-US: 1C-Bitrix Bitrix24
CVE-2024-34885 (Insufficiently protected credentials in SMTP server settings
in 1C-Bit ...)
- TODO: check
+ NOT-FOR-US: 1C-Bitrix Bitrix24
CVE-2024-34883 (Insufficiently protected credentials in DAV server settings in
1C-Bitr ...)
- TODO: check
+ NOT-FOR-US: 1C-Bitrix Bitrix24
CVE-2024-34882 (Insufficiently protected credentials in SMTP server settings
in 1C-Bit ...)
- TODO: check
+ NOT-FOR-US: 1C-Bitrix Bitrix24
CVE-2024-33068 (Transient DOS while parsing fragments of MBSSID IE from beacon
frame.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33033 (Memory corruption while processing IOCTL calls to unmap the
buffers.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33032 (Memory corruption when the user application modifies the same
shared m ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33031 (Memory corruption while processing the update SIM PB records
request.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33030 (Memory corruption while parsing IPC frequency table parameters
for LPL ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33029 (Memory corruption while handling the PDR in driver for getting
the rem ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-30619 (Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access
Control. ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2024-30618 (A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo
LMS 1.11. ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2024-30617 (A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo
LMS 1.11. ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2024-30616 (Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control
via main ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2024-23386 (memory corruption when WiFi display APIs are invoked with
large random ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-23385 (Transient DOS as modem reset occurs when an unexpected MAC RAR
(with i ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-23377 (Memory corruption while invoking IOCTL command from
user-space, when a ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-10791 (A vulnerability, which was classified as critical, has been
found in C ...)
- TODO: check
+ NOT-FOR-US: Codezips Hospital Appointment System
CVE-2024-10768 (A vulnerability classified as problematic was found in
PHPGurukul Onli ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Online Shopping Portal
CVE-2024-10766 (A vulnerability, which was classified as critical, has been
found in C ...)
- TODO: check
+ NOT-FOR-US: Codezips Free Exam Hall Seating Management System
CVE-2024-10765 (A vulnerability classified as critical was found in Codezips
Online In ...)
- TODO: check
+ NOT-FOR-US: Codezips Online Institute Management System
CVE-2024-10764 (A vulnerability classified as critical has been found in
Codezips Onli ...)
- TODO: check
+ NOT-FOR-US: Codezips Online Institute Management System
CVE-2024-10523 (This vulnerability exists in TP-Link IoT Smart Hub due to
storage of W ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-10389 (There exists a Path Traversal vulnerability in Safearchive on
Platform ...)
TODO: check
CVE-2024-10035 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: BG-TEK Informatics Security Technologies CoslatV3
CVE-2024-23590 (Session Fixation vulnerability in Apache Kylin. This issue
affects Ap ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2024-48342
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f638078cf1f5cb6e3ca43ead6f0e3d1785729255
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f638078cf1f5cb6e3ca43ead6f0e3d1785729255
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
