Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
db2c9515 by Salvatore Bonaccorso at 2024-11-14T22:59:52+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25,7 +25,7 @@ CVE-2024-5918 (An improper certificate validation
vulnerability in Palo Alto Net
CVE-2024-5917 (A server-side request forgery in PAN-OS software enables an
unauthenti ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2024-5125 (parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site
Scriptin ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2024-52524 (Giskard is an evaluation and testing framework for AI systems.
A Remot ...)
TODO: check
CVE-2024-52505 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix
messaging ...)
@@ -69,59 +69,59 @@ CVE-2024-52369 (Unrestricted Upload of File with Dangerous
Type vulnerability in
CVE-2024-52302 (common-user-management is a robust Spring Boot application
featuring u ...)
TODO: check
CVE-2024-51688 (Cross-Site Request Forgery (CSRF) vulnerability in FraudLabs
Pro Fraud ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50843 (A Directory listing issue was found in PHPGurukul User
Registration & ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul User Registration & Login and User Management
System
CVE-2024-50842 (A Stored Cross-Site Scripting (XSS) vulnerability was found in
/admin/ ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50841 (A Stored Cross-Site Scripting (XSS) vulnerability was found in
/admin/ ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50840 (A Stored Cross-Site Scripting (XSS) vulnerability was found in
/admin/ ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50839 (A Stored Cross-Site Scripting (XSS) vulnerability was found in
/admin/ ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50838 (A Stored Cross-Site Scripting (XSS) vulnerability was found in
/admin/ ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50837 (A Stored Cross-Site Scripting (XSS) vulnerability was found in
/admin/ ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50836 (A Stored Cross-Site Scripting (XSS) vulnerability was found in
/admin/ ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50835 (A SQL Injection vulnerability was found in
/admin/edit_student.php in ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50834 (A SQL Injection was found in /admin/teachers.php in KASHIPARA
E-learni ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50833 (A SQL Injection vulnerability was found in /login.php in
KASHIPARA E-l ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50832 (A SQL Injection vulnerability was found in
/admin/edit_class.php in ka ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50831 (A SQL Injection was found in /admin/admin_user.php in
kashipara E-lear ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50830 (A SQL Injection vulnerability was found in
/admin/calendar_of_events.p ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50829 (A SQL Injection vulnerability was found in
/admin/edit_subject.php in ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50828 (A SQL Injection vulnerability was found in
/admin/edit_department.php ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50827 (A SQL Injection vulnerability was found in
/admin/add_subject.php in k ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50826 (A SQL Injection vulnerability was found in
/admin/add_content.php in k ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50825 (A SQL Injection vulnerability was found in
/admin/school_year.php in k ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50824 (A SQL Injection vulnerability was found in /admin/class.php in
kashipa ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50823 (A SQL Injection vulnerability was found in /admin/login.php in
kashipa ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-4343 (A Python command injection vulnerability exists in the
`SagemakerLLM` ...)
TODO: check
CVE-2024-4311 (zenml-io/zenml version 0.56.4 is vulnerable to an account
takeover due ...)
- TODO: check
+ NOT-FOR-US: zenml-io/zenml
CVE-2024-49362 (Joplin is a free, open source note taking and to-do
application. Jopli ...)
TODO: check
CVE-2024-49025 (Microsoft Edge (Chromium-based) Information Disclosure
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-48284 (A Reflected Cross-Site Scripting (XSS) vulnerability was found
in the ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul User Registration & Login and User Management
System
CVE-2024-47916 (Boa web server - CWE-22: Improper Limitation of a Pathname to
a Restri ...)
TODO: check
CVE-2024-47915 (VaeMendis - CWE-200: Exposure of Sensitive Information to an
Unauthor ...)
@@ -129,47 +129,47 @@ CVE-2024-47915 (VaeMendis - CWE-200: Exposure of
Sensitive Information to an Un
CVE-2024-47914 (VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF))
TODO: check
CVE-2024-45670 (IBM Security SOAR 51.0.1.0 and earlier contains a mechanism
for users ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-45642 (IBM Security ReaQta 3.12 is vulnerable to cross-site
scripting. This v ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-45254 (VaeMendis - CWE-79: Improper Neutralization of Input During
Web Page G ...)
TODO: check
CVE-2024-45253 (Avigilon \u2013 CWE-22: Improper Limitation of a Pathname to a
Restric ...)
TODO: check
CVE-2024-45099 (IBM Security ReaQta 3.12 is vulnerable to cross-site
scripting. This v ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-42188 (HCL Connections is vulnerable to a broken access control
vulnerability ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-3760 (In lunary-ai/lunary version 1.2.7, there is a lack of rate
limiting on ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-3502 (In lunary-ai/lunary versions up to and including 1.2.5, an
information ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-3501 (In lunary-ai/lunary versions up to and including 1.2.5, an
information ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-3379 (In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect
authori ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-37285 (A deserialization issue in Kibana can lead to arbitrary code
execution ...)
- TODO: check
+ - kibana <itp> (bug #700337)
CVE-2024-2552 (A command injection vulnerability in Palo Alto Networks PAN-OS
softwar ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2024-2551 (A null pointer dereference vulnerability in Palo Alto Networks
PAN-OS ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2024-2550 (A null pointer dereference vulnerability in the GlobalProtect
gateway ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2024-1682 (An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an
audio f ...)
TODO: check
CVE-2024-11215 (Absolute path traversal (incorrect restriction of a path to a
restrict ...)
TODO: check
CVE-2024-11214 (A vulnerability has been found in SourceCodester Best Employee
Managem ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best Employee Management System
CVE-2024-11213 (A vulnerability, which was classified as critical, was found
in Source ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best Employee Management System
CVE-2024-11212 (A vulnerability, which was classified as critical, has been
found in S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best Employee Management System
CVE-2024-11211 (A vulnerability classified as critical has been found in
EyouCMS 1.5.6 ...)
- TODO: check
+ NOT-FOR-US: EyouCMS
CVE-2024-11210 (A vulnerability was found in EyouCMS 1.51. It has been rated
as critic ...)
- TODO: check
+ NOT-FOR-US: EyouCMS
CVE-2024-11209 (A vulnerability was found in Apereo CAS 6.6. It has been
classified as ...)
TODO: check
CVE-2024-11208 (A vulnerability was found in Apereo CAS 6.6 and classified as
problema ...)
@@ -179,11 +179,11 @@ CVE-2024-11207 (A vulnerability has been found in Apereo
CAS 6.6 and classified
CVE-2024-11136 (The default TCL Camera application exposes a provider
vulnerable to pa ...)
TODO: check
CVE-2024-10962 (The Migration, Backup, Staging \u2013 WPvivid plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10921 (An authorized user may trigger crashes or receive the contents
of buff ...)
TODO: check
CVE-2024-10571 (The Chartify \u2013 WordPress Chart Plugin plugin for
WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10979 (Incorrect control of environment variables in PostgreSQL
PL/Perl allow ...)
- postgresql-17 17.1-1
- postgresql-16 <unfixed>
@@ -1309,7 +1309,7 @@ CVE-2024-10218 (XSS Attack in mar.jar, Monitoring Archive
Utility (MAR Utility),
CVE-2024-10217 (XSS Attack in mar.jar, Monitoring Archive Utility (MAR
Utility),monito ...)
TODO: check
CVE-2023-52268 (The End-User Portal module before 1.0.65 for FreeScout
sometimes allow ...)
- TODO: check
+ NOT-FOR-US: FreeScout module
CVE-2023-50176 (A session fixation in Fortinet FortiOS version 7.4.0 through
7.4.3 and ...)
NOT-FOR-US: FortiGuard
CVE-2023-47543 (An authorization bypass through user-controlled key
vulnerability [CWE ...)
@@ -1506,7 +1506,7 @@ CVE-2024-34015 (Sensitive information disclosure during
file browsing due to imp
CVE-2024-34014 (Arbitrary file overwrite during recovery due to improper
symbolic link ...)
NOT-FOR-US: Acronis
CVE-2024-29075 (Active debug code vulnerability exists in Mesh Wi-Fi router
RP562B fir ...)
- TODO: check
+ NOT-FOR-US: Mesh Wi-Fi router RP562B firmware
CVE-2024-25255 (Sublime Text 4 was discovered to contain a command injection
vulnerabi ...)
TODO: check
CVE-2024-25254 (SuperScan v4.1 was discovered to contain a buffer overflow via
the Hos ...)
@@ -161590,7 +161590,7 @@ CVE-2022-45159
CVE-2022-45158
RESERVED
CVE-2022-45157 (A vulnerability has been identified in the way that Rancher
stores vSp ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2022-45156
RESERVED
CVE-2022-45155 (An Improper Handling of Exceptional Conditions vulnerability
in obs-se ...)
@@ -201633,17 +201633,17 @@ CVE-2022-31673 (VMware vRealize Operations contains
an information disclosure vu
CVE-2022-31672 (VMware vRealize Operations contains a privilege escalation
vulnerabili ...)
NOT-FOR-US: VMware
CVE-2022-31671 (Harbor fails to validate user permissions when reading and
updating jo ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2022-31670 (Harbor fails to validate the user permissions when updating
tag retent ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2022-31669 (Harbor fails to validate the user permissions when updating
tag immuta ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2022-31668 (Harbor fails to validate the user permissions when updating
p2p prehea ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2022-31667 (Harbor fails to validate the user permissions when updating a
robot ac ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2022-31666 (Harbor fails to validate user permissions while deleting
Webhook polic ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2022-31665 (VMware Workspace ONE Access, Identity Manager and vRealize
Automation ...)
NOT-FOR-US: VMware
CVE-2022-31664 (VMware Workspace ONE Access, Identity Manager and vRealize
Automation ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db2c95156ba234e774e781be4e2ad9dc52da6636
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db2c95156ba234e774e781be4e2ad9dc52da6636
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
