Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
987f8afd by Salvatore Bonaccorso at 2024-11-22T21:43:10+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,115 +1,115 @@
CVE-2024-7882 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Special Minds Design and Software e-Commerce
CVE-2024-7837 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Firmanet Software ERP
CVE-2024-53438 (EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL
injection. ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2024-53253 (Sentry is an error tracking and performance monitoring
platform. Versi ...)
- TODO: check
+ NOT-FOR-US: Sentry
CVE-2024-52998 (Substance3D - Stager versions 3.0.2 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-52814 (Argo Helm is a collection of community maintained charts for
`argoproj ...)
- TODO: check
+ NOT-FOR-US: Argo Helm
CVE-2024-52804 (Tornado is a Python web framework and asynchronous networking
library. ...)
TODO: check
CVE-2024-52802 (RIOT is an operating system for internet of things (IoT)
devices. In v ...)
- TODO: check
+ NOT-FOR-US: RIOT
CVE-2024-52793 (The Deno Standard Library provides APIs for Deno and the Web.
Prior to ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2024-52726 (CRMEB v5.4.0 is vulnerable to Arbitrary file read in the
save_basics f ...)
- TODO: check
+ NOT-FOR-US: CRMEB
CVE-2024-52723 (In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file,
the Uci ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-51766 (A potential security vulnerability has been identified in the
HPE NonS ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-51074 (Incorrect access control in Instrument Cluster KIA Seltos
Software v1. ...)
- TODO: check
+ NOT-FOR-US: Instrument Cluster KIA Seltos
CVE-2024-51073 (An issue in Instrument Cluster KIA Seltos Software v1.0,
Hardware v1.0 ...)
- TODO: check
+ NOT-FOR-US: Instrument Cluster KIA Seltos
CVE-2024-51072 (An issue in Instrument Cluster KIA Seltos Software v1.0,
Hardware v1.0 ...)
- TODO: check
+ NOT-FOR-US: Instrument Cluster KIA Seltos
CVE-2024-50965 (Cross Site Scripting vulnerability in Public Knowledge Project
PKP Pla ...)
- TODO: check
+ NOT-FOR-US: Public Knowledge Project PKP Platform OJS/OMP/OPS-
CVE-2024-50657 (An issue in Owncloud android apk v.4.3.1 allows a physically
proximate ...)
- TODO: check
+ NOT-FOR-US: Owncloud android apk
CVE-2024-50401 (A use of externally-controlled format string vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50400 (A use of externally-controlled format string vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50399 (A use of externally-controlled format string vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50398 (A use of externally-controlled format string vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50397 (A use of externally-controlled format string vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50396 (A use of externally-controlled format string vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50395 (An authorization bypass through user-controlled key
vulnerability has ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-49054 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-48862 (A link following vulnerability has been reported to affect
QuLog Cente ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-48861 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-48860 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-47863 (An issue was discovered in Centreon Web through 24.10. A
stored XSS wa ...)
TODO: check
CVE-2024-45719 (Inadequate Encryption Strength vulnerability in Apache Answer.
This i ...)
- TODO: check
+ NOT-FOR-US: Apache Answer
CVE-2024-44786 (Incorrect access control in Meabilis CMS 1.0 allows attackers
to acces ...)
- TODO: check
+ NOT-FOR-US: Meabilis CMS
CVE-2024-41781 (IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00
through ...)
NOT-FOR-US: IBM
CVE-2024-41779 (IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2
and 7.0. ...)
NOT-FOR-US: IBM
CVE-2024-38647 (An exposure of sensitive information vulnerability has been
reported t ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-38646 (An incorrect permission assignment for critical resource
vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-38645 (A server-side request forgery (SSRF) vulnerability has been
reported t ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-38644 (An OS command injection vulnerability has been reported to
affect Note ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-38643 (A missing authentication for critical function vulnerability
has been ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37783 (A reflected cross-site scripting (XSS) vulnerability in
Gladinet Centr ...)
- TODO: check
+ NOT-FOR-US: Gladinet CentreStack
CVE-2024-37782 (An LDAP injection vulnerability in the login page of Gladinet
CentreSt ...)
- TODO: check
+ NOT-FOR-US: Gladinet CentreStack
CVE-2024-37050 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37049 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37048 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37047 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37046 (A path traversal vulnerability has been reported to affect
several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37045 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37044 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37043 (A path traversal vulnerability has been reported to affect
several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37042 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37041 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32770 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32769 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32768 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32767 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-11618 (A vulnerability classified as critical was found in IPC Unigy
Manageme ...)
- TODO: check
+ NOT-FOR-US: IPC Unigy Management System
CVE-2024-10863 (: Insufficient Logging vulnerability in OpenText Secure
Content Manage ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-10220 (The Kubernetes kubelet component allows arbitrary command
execution vi ...)
TODO: check
CVE-2024-9542 (The Sky Addons for Elementor plugin for WordPress is vulnerable
to Sen ...)
@@ -146441,9 +146441,9 @@ CVE-2023-24469 (Potential Cross-Site Scripting in
ArcSight Logger versions prior
CVE-2023-24468 (Broken access control in Advanced Authentication versions
prior to 6.4 ...)
NOT-FOR-US: NetIQ
CVE-2023-24467 (Possible Command Injection in iManager GET parameter has
been disco ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2023-24466 (Possible XML External Entity Injection in iManager GET
parameter ha ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2023-24020 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior
could bypass ...)
NOT-FOR-US: Snap One Wattbox WB-300-IP-3
CVE-2023-23582 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are
vulnerab ...)
@@ -220328,7 +220328,7 @@ CVE-2022-26326 (Potential open redirection
vulnerability when URL is crafted in
CVE-2022-26325 (Reflected Cross Site Scripting (XSS) vulnerability in NetIQ
Access Man ...)
NOT-FOR-US: NetIQ Access Manager
CVE-2022-26324 (Possible XSS in iManager URL for access Component has been
discovered ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2022-26323
RESERVED
CVE-2022-26322 (Possible Insertion of Sensitive Information into Log File
Vulnerabilit ...)
@@ -260446,9 +260446,9 @@ CVE-2021-38136 (Corero SecureWatch Managed Services
9.7.2.0020 is affected by a
CVE-2021-3688 (A flaw was found in Red Hat JBoss Core Services HTTP Server in
all ver ...)
NOT-FOR-US: Red Hat JBoss Core Services HTTP Server
CVE-2021-38135 (Possible External Service Interaction attack in iManager has
been di ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2021-38134 (Possible XSS in iManager URL for access Component has been
discovered ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2021-38133 (Possible External Service Interaction attack in eDirectory
has been ...)
NOT-FOR-US: NetIQ
CVE-2021-38132 (Possible External Service Interaction attack in eDirectory
has been ...)
@@ -260478,13 +260478,13 @@ CVE-2021-38121 (Insufficient or weak TLS protocol
version identified in Advance
CVE-2021-38120 (A vulnerability identified in Advance Authentication that
allows bash ...)
NOT-FOR-US: NetIQ
CVE-2021-38119 (Possible Reflected Cross-Site Scripting (XSS) Vulnerability
in iManag ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2021-38118 (Possible improper input validation Vulnerability in iManager
has been ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2021-38117 (Possible Command injection Vulnerability in iManager has been
discove ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2021-38116 (Possible Elevation of Privilege Vulnerability in iManager has
been di ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka
LibGD) thr ...)
{DLA-3781-1}
- libgd2 2.3.3-1 (bug #991912)
@@ -280669,7 +280669,7 @@ CVE-2021-30301 (Possible denial of service due to out
of memory while processing
CVE-2021-30300 (Possible denial of service due to incorrectly decoding hex
data for th ...)
NOT-FOR-US: Qualcomm
CVE-2021-30299 (Possible out of bound access in audio module due to lack of
validation ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2021-30298 (Possible out of bound access due to improper validation of
item size a ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30297 (Possible out of bound read due to improper validation of
packet length ...)
@@ -523384,7 +523384,7 @@ CVE-2017-9713
CVE-2017-9712 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9711 (Certain unprivileged processes are able to perform IOCTL calls.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2017-9710 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9709 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/987f8afdf93b9271ec5e0a6aeeca3780ceeaa315
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/987f8afdf93b9271ec5e0a6aeeca3780ceeaa315
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
