Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7aa02631 by Salvatore Bonaccorso at 2024-11-15T21:59:31+01:00
Add new glpi issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -120,7 +120,8 @@ CVE-2024-49536 (Audition versions 23.6.9, 24.4.6 and
earlier are affected by an
CVE-2024-48068 (A cross-site scripting (XSS) vulnerability in Shenzhen Landray
Softwar ...)
NOT-FOR-US: Shenzhen Landray
CVE-2024-47759 (GLPI is a free Asset and IT management software package. An
technician ...)
- TODO: check
+ - glpi <removed>
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-474f-9vpp-xxq5
CVE-2024-46467 (By default, dedicated folders of ZONEPOINT for Windows up to
2024.1 ca ...)
NOT-FOR-US: ZONEPOINT for Windows
CVE-2024-46466 (By default, dedicated folders of ZONECENTRAL for Windows up to
2024.3 ...)
@@ -142,17 +143,21 @@ CVE-2024-45969 (NULL pointer dereference in the MMS
Client in MZ Automation LibI
CVE-2024-45784 (Apache Airflow versions before 2.10.3 contain a vulnerability
that cou ...)
TODO: check
CVE-2024-45609 (GLPI is a Free Asset and IT Management Software package, Data
center m ...)
- TODO: check
+ - glpi <removed>
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-3j2f-3j4v-hppr
CVE-2024-45608 (GLPI is a free asset and IT management software package. An
authentica ...)
- TODO: check
+ - glpi <removed>
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-67p8-v79j-jp86
CVE-2024-44759 (An arbitrary file download vulnerability in the component
/Doc/Downloa ...)
NOT-FOR-US: NUS-M9 ERP Management Software
CVE-2024-44625 (Gogs <=0.13.0 is vulnerable to Directory Traversal via the
editFilePos ...)
NOT-FOR-US: Go Git Service
CVE-2024-43418 (GLPI is a free asset and IT management software package. An
unauthenti ...)
- TODO: check
+ - glpi <removed>
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-x8jv-fcwx-3x6m
CVE-2024-43417 (GLPI is a free asset and IT management software package. An
unauthenti ...)
- TODO: check
+ - glpi <removed>
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-p633-wfj5-8x44
CVE-2024-43189 (IBM Concert Software 1.0.0 through 1.0.1 could allow a remote
attacker ...)
NOT-FOR-US: IBM
CVE-2024-41785 (IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to
cross-site s ...)
@@ -160,11 +165,14 @@ CVE-2024-41785 (IBM Concert Software 1.0.0 through 1.0.1
is vulnerable to cross-
CVE-2024-41784 (IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3,
and 6.1. ...)
NOT-FOR-US: IBM
CVE-2024-41679 (GLPI is a free asset and IT management software package. An
authentica ...)
- TODO: check
+ - glpi <removed>
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-hq9q-jfhp-qqgm
CVE-2024-41678 (GLPI is a free asset and IT management software package. An
unauthenti ...)
- TODO: check
+ - glpi <removed>
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-xwmx-mmrf-hqf9
CVE-2024-40638 (GLPI is a free asset and IT management software package. An
authentica ...)
- TODO: check
+ - glpi <removed>
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-8843-r3m7-gfqx
CVE-2024-3334 (A security bypass vulnerability exists in the Removable Media
Encrypti ...)
TODO: check
CVE-2024-39726 (IBM Engineering Lifecycle Optimization - Engineering Insights
7.0.2 an ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7aa0263117279230f05df8c053b1a12f92a368a7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7aa0263117279230f05df8c053b1a12f92a368a7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
