Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
85abe301 by Salvatore Bonaccorso at 2024-12-05T21:44:52+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28,121 +28,121 @@ CVE-2024-53856 (rPGP is a pure Rust implementation of
OpenPGP. Prior to 0.14.1,
CVE-2024-53846 (OTP is a set of Erlang libraries, which consists of the Erlang
runtime ...)
TODO: check
CVE-2024-53703 (A vulnerability in the SonicWall SMA100 SSLVPN firmware
10.2.1.13-72sv ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-53702 (Use of cryptographically weak pseudo-random number generator
(PRNG) vu ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-53490 (Favorites-web 1.3.0 favorites-web has a directory traversal
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Favorites-web
CVE-2024-53472 (WeGIA v3.2.0 was discovered to contain a Cross-Site Request
Forgery (C ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2024-53471 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the comp ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2024-53470 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the comp ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2024-53442 (whapa v1.59 is vulnerable to Command Injection via a crafted
filename ...)
- TODO: check
+ NOT-FOR-US: whapa
CVE-2024-52564 (Inclusion of undocumented features or chicken bits issue
exists in UD- ...)
- TODO: check
+ NOT-FOR-US: UD-LT1
CVE-2024-52271 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Documenso
CVE-2024-52270 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
TODO: check
CVE-2024-51555 (Default Credentail vulnerabilities allows access to an Aspect
device u ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51554 (Default Credentail vulnerabilities in ASPECT on Linux allows
access to ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51551 (Default Credentail vulnerabilities in ASPECT on Linux allows
access to ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51550 (Data Validation / Data Sanitization vulnerabilities in Linux
allows u ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51549 (Absolute File Traversal vulnerabilities allows access and
modificatio ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51548 (Dangerous File Upload vulnerabilities allow upload of
malicious script ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51546 (Credentials Disclosure vulnerabilities allow access to on
board projec ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51545 (Username Enumeration vulnerabilities allow access to
application level ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51544 (Service Control vulnerabilities allow access to service
restart reques ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51543 (Information Disclosure vulnerabilities allow access to
application con ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51542 (Configuration Download vulnerabilities allow access to
dependency conf ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51541 (Local File Inclusion vulnerabilities allow access to sensitive
system ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-48847 (MD5 Checksum Bypass vulnerabilities where found exploiting a
weakness ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-48846 (Cross Site Request Forgery vulnerabilities where found
providing a pot ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-48845 (Weak Password Reset Rules vulnerabilities where found
providing a pot ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-48844 (Denial of Service vulnerabilities where found providing a
potiential f ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-48843 (Denial of Service vulnerabilities where found providing a
potiential f ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-48840 (Unauthorized Access vulnerabilities allow Remote Code
Execution. Affec ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-48839 (Improper Input Validation vulnerability allows Remote Code
Execution. ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-47133 (UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware
Ver.2.1.8 ...)
- TODO: check
+ NOT-FOR-US: UD-LT1
CVE-2024-45841 (Incorrect permission assignment for critical resource issue
exists in ...)
- TODO: check
+ NOT-FOR-US: UD-LT1
CVE-2024-45319 (A vulnerability in the SonicWall SMA100 SSLVPN
firmware10.2.1.13-72s ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-45318 (A vulnerability in the SonicWall SMA100 SSLVPN web management
interfac ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-41579 (DTStack Taier 1.4.0 allows remote attackers to specify the
jobName par ...)
- TODO: check
+ NOT-FOR-US: DTStack Taier
CVE-2024-40763 (Heap-based buffer overflow vulnerability in the SonicWall
SMA100 SSLVP ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-12247 (Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x
<= 9.9.2 ...)
TODO: check
CVE-2024-12235 (A vulnerability was found in Shenzhen Dashi Tongzhou
Information Techn ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Dashi Tongzhou Information Technology AgileBPM
CVE-2024-12234 (A vulnerability was found in 1000 Projects Beauty Parlour
Management S ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects Beauty Parlour Management System
CVE-2024-12233 (A vulnerability was found in code-projects Online Notice Board
up to 1 ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Notice Board
CVE-2024-12232 (A vulnerability has been found in code-projects Simple CRUD
Functional ...)
- TODO: check
+ NOT-FOR-US: code-projects Simple CRUD Functionality
CVE-2024-12231 (A vulnerability, which was classified as critical, was found
in CodeZi ...)
- TODO: check
+ NOT-FOR-US: CodeZips Project Management System
CVE-2024-12230 (A vulnerability, which was classified as critical, has been
found in P ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Complaint Management System
CVE-2024-12229 (A vulnerability classified as critical was found in PHPGurukul
Complai ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Complaint Management System
CVE-2024-12228 (A vulnerability classified as critical has been found in
PHPGurukul Co ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Complaint Management System
CVE-2024-12227 (A vulnerability, which was classified as problematic, was
found in MSI ...)
- TODO: check
+ NOT-FOR-US: MSI Dragon Center
CVE-2024-12130 (An \u201cout of bounds read\u201d code execution vulnerability
exists ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-12094 (This vulnerability exists in the Tinxy mobile app due to
storage of lo ...)
- TODO: check
+ NOT-FOR-US: Tinxy mobile app
CVE-2024-11942 (A vulnerability in Drupal Core allows File Manipulation.This
issue aff ...)
TODO: check
CVE-2024-11941 (A vulnerability in Drupal Core allows Excessive
Allocation.This issue ...)
TODO: check
CVE-2024-11779 (The WIP WooCarousel Lite plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11420 (The Blocksy theme for WordPress is vulnerable to Stored
Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11341 (The Simple Redirection plugin for WordPress is vulnerable to
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11324 (The Accounting for WooCommerce plugin for WordPress is
vulnerable to R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11317 (Session Fixation vulnerabilities allow an attacker to fix a
users sess ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-11316 (Fileszie Check vulnerabilities allow a malicious user to
bypass size l ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-11158 (An \u201cuninitialized variable\u201d code execution
vulnerability exi ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-11156 (An \u201cout of bounds write\u201d code execution
vulnerability exist ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-11155 (A \u201cuse after free\u201d code execution vulnerability
exists in t ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-11148 (In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata
020, ht ...)
TODO: check
CVE-2024-10937 (The Related Posts, Inline Related Posts, Contextual Related
Posts, Rel ...)
@@ -240,7 +240,7 @@ CVE-2024-52278
CVE-2024-52277 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
NOT-FOR-US: DocuSeal
CVE-2024-52276 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
- TODO: check
+ NOT-FOR-US: DocuSign
CVE-2024-52275 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda
Technology ...)
NOT-FOR-US: Tenda
CVE-2024-52274 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda
Technology ...)
@@ -250,7 +250,7 @@ CVE-2024-52273 (Stack-based Buffer Overflow vulnerability
in Shenzhen Tenda Tech
CVE-2024-52272 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda
Technology ...)
NOT-FOR-US: Tenda
CVE-2024-52269 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
- TODO: check
+ NOT-FOR-US: DocuSign
CVE-2024-51465 (IBM App Connect Enterprise Certified Container 11.4, 11.5,
11.6, 12.0, ...)
NOT-FOR-US: IBM
CVE-2024-48453 (An issue in INOVANCE AM401_CPU1608TPTN allows a remote
attacker to exe ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85abe3012b474cb67080058039801c2b8475966e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85abe3012b474cb67080058039801c2b8475966e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
