Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fb8e0578 by Salvatore Bonaccorso at 2024-12-19T22:50:09+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2024-9154 (A code injection vulnerability in HMS Networks Ewon Flexy 205
allows e ...)
- TODO: check
+ NOT-FOR-US: HMS Networks Ewon Flexy 205
CVE-2024-7139 (Due to an unchecked buffer length, a specially crafted L2CAP
packet ca ...)
TODO: check
CVE-2024-7138 (An assert may be triggered, causing a temporary denial of
service when ...)
@@ -7,33 +7,33 @@ CVE-2024-7138 (An assert may be triggered, causing a
temporary denial of service
CVE-2024-7137 (The L2CAP receive data buffer for L2CAP packets is restricted
to packe ...)
TODO: check
CVE-2024-56200 (Altair is a fork of Misskey v12. Affected versions lack of
request val ...)
- TODO: check
+ NOT-FOR-US: Altair
CVE-2024-56159 (Astro is a web framework for content-driven websites. A bug in
the bui ...)
TODO: check
CVE-2024-55196 (Insufficiently Protected Credentials in the Mail Server
Configuration ...)
- TODO: check
+ NOT-FOR-US: GoPhish
CVE-2024-55082 (A Server-Side Request Forgery (SSRF) in the endpoint
http://{your-serv ...)
- TODO: check
+ NOT-FOR-US: Stirling-PDF
CVE-2024-55081 (An XML External Entity (XXE) injection vulnerability in the
component ...)
- TODO: check
+ NOT-FOR-US: Chat2DB
CVE-2024-54790 (A SQL Injection vulnerability was found in /index.php in
PHPGurukul Pr ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Pre-School Enrollment System
CVE-2024-54150 (cjwt is a C JSON Web Token (JWT) Implementation. Algorithm
confusion o ...)
- TODO: check
+ NOT-FOR-US: cjwt
CVE-2024-53991 (Discourse is an open source platform for community discussion.
This vu ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-52897 (IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSweb console could
allow a ...)
NOT-FOR-US: IBM
CVE-2024-52896 (IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web
console coul ...)
NOT-FOR-US: IBM
CVE-2024-52794 (Discourse is an open source platform for community discussion.
Users c ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-52589 (Discourse is an open source platform for community discussion.
Moderat ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-51471 (IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSweb console could
allow a ...)
NOT-FOR-US: IBM
CVE-2024-49765 (Discourse is an open source platform for community discussion.
Sites t ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-49336 (IBM Security Guardium 11.5 is vulnerable to server-side
request forger ...)
NOT-FOR-US: IBM
CVE-2024-47093 (Improper neutralization of input in Nagvis before version
1.9.42 which ...)
@@ -41,43 +41,43 @@ CVE-2024-47093 (Improper neutralization of input in Nagvis
before version 1.9.42
CVE-2024-38864 (Incorrect permissions on the Checkmk Windows Agent's data
directory in ...)
TODO: check
CVE-2024-37962 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Agency Dominion Fusion
CVE-2024-12801 (Server-Side Request Forgery (SSRF) in SaxEventRecorder by
QOS.CH logba ...)
TODO: check
CVE-2024-12798 (ACE vulnerability in JaninoEventEvaluator by QOS.CH
logback-core ...)
TODO: check
CVE-2024-12794 (A vulnerability, which was classified as critical, was found
in Codezi ...)
- TODO: check
+ NOT-FOR-US: Codezips E-Commerce Site
CVE-2024-12793 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: PbootCMS
CVE-2024-12792 (A vulnerability classified as critical was found in Codezips
E-Commerc ...)
- TODO: check
+ NOT-FOR-US: Codezips E-Commerce Site
CVE-2024-12791 (A vulnerability was found in Codezips E-Commerce Site 1.0. It
has been ...)
- TODO: check
+ NOT-FOR-US: Codezips E-Commerce Site
CVE-2024-12790 (A vulnerability was found in code-projects Hostel Management
Site 1.0. ...)
- TODO: check
+ NOT-FOR-US: code-projects Hostel Management Site
CVE-2024-12789 (A vulnerability was found in PbootCMS up to 3.2.3. It has been
classif ...)
- TODO: check
+ NOT-FOR-US: PbootCMS
CVE-2024-12788 (A vulnerability was found in Codezips Technical Discussion
Forum 1.0 a ...)
- TODO: check
+ NOT-FOR-US: Codezips Technical Discussion Forum
CVE-2024-12787 (A vulnerability has been found in 1000 Projects Attendance
Tracking Ma ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects Attendance Tracking Management System
CVE-2024-12786 (A vulnerability, which was classified as critical, was found
in X1a0He ...)
- TODO: check
+ NOT-FOR-US: X1a0He Adobe Downloader on macOS
CVE-2024-12785 (A vulnerability was found in itsourcecode Vehicle Management
System 1. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Vehicle Management System
CVE-2024-12784 (A vulnerability was found in itsourcecode Vehicle Management
System 1. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Vehicle Management System
CVE-2024-12783 (A vulnerability was found in itsourcecode Vehicle Management
System 1. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Vehicle Management System
CVE-2024-12782 (A vulnerability has been found in Fujifilm Apeos C3070, Apeos
C5570 an ...)
- TODO: check
+ NOT-FOR-US: Apeos
CVE-2024-12626 (The AutomatorWP \u2013 Automator plugin for no-code
automations, webho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12569 (Disclosure of sensitive information in HikVision camera
driver's log f ...)
- TODO: check
+ NOT-FOR-US: HikVision camera driver
CVE-2024-12331 (The File Manager Pro \u2013 Filester plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11616 (Netskope was made aware of a security vulnerability in
Netskope Endpoi ...)
TODO: check
CVE-2024-10244 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -85,7 +85,7 @@ CVE-2024-10244 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2023-7005 (A specially crafted message can be sent to the TTLock App that
downgra ...)
TODO: check
CVE-2023-4617 (Incorrect authorization vulnerability in HTTP POST method in
Govee Hom ...)
- TODO: check
+ NOT-FOR-US: Govee Home application on Android and iOS
CVE-2024-9102 (phpLDAPadmin since at least version 1.2.0 through the latest
version 1 ...)
- phpldapadmin <unfixed>
NOTE:
https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/
@@ -93,11 +93,11 @@ CVE-2024-9101 (A reflected cross-site scripting (XSS)
vulnerability in the 'Entr
- phpldapadmin <unfixed>
NOTE:
https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/
CVE-2024-56319 (In Matter (aka connectedhomeip or Project CHIP) through
1.4.0.0 before ...)
- TODO: check
+ NOT-FOR-US: Matter (aka connectedhomeip or Project CHIP)
CVE-2024-56318 (In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP)
through ...)
- TODO: check
+ NOT-FOR-US: Matter (aka connectedhomeip or Project CHIP)
CVE-2024-56317 (In Matter (aka connectedhomeip or Project CHIP) through
1.4.0.0, the W ...)
- TODO: check
+ NOT-FOR-US: Matter (aka connectedhomeip or Project CHIP)
CVE-2024-56145 (Craft is a flexible, user-friendly CMS for creating custom
digital exp ...)
NOT-FOR-US: Craft CMS
CVE-2024-56140 (Astro is a web framework for content-driven websites. In
affected vers ...)
@@ -161,7 +161,7 @@ CVE-2024-12560 (The Button Block \u2013 Get fully
customizable & multi-functiona
CVE-2024-12121 (The Broken Link Checker | Finder plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11984 (A unrestricted upload of file with dangerous type
vulnerability in epa ...)
- TODO: check
+ NOT-FOR-US: Corporate Training Management System
CVE-2024-11768 (The Download Manager plugin for WordPress is vulnerable to
unauthorize ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11740 (The The Download Manager plugin for WordPress is vulnerable to
arbitra ...)
@@ -281824,7 +281824,7 @@ CVE-2021-32591 (A missing cryptographic steps
vulnerability in the function that
CVE-2021-32590 (Multiple improper neutralization of special elements used in
an SQL co ...)
NOT-FOR-US: FortiPortal
CVE-2021-32589 (A Use After Free (CWE-416) vulnerability in FortiManager
version 7.0.0 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-32588 (A use of hard-coded credentials (CWE-798) vulnerability in
FortiPortal ...)
NOT-FOR-US: FortiGuard
CVE-2021-32587 (An improper access control vulnerability in FortiManager and
FortiAnal ...)
@@ -298798,7 +298798,7 @@ CVE-2021-26117 (The optional ActiveMQ LDAP login
module can be configured to use
CVE-2021-26116 (An improper neutralization of special elements used in an OS
command v ...)
NOT-FOR-US: FortiAuthenticator
CVE-2021-26115 (An OS command injection (CWE-78) vulnerability in FortiWAN
version 4.5 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-26114 (Multiple improper neutralization of special elements used in
an SQL co ...)
NOT-FOR-US: FortiWAN
CVE-2021-26113 (A use of a one-way hash with a predictable salt vulnerability
[CWE-760 ...)
@@ -298824,7 +298824,7 @@ CVE-2021-26104 (Multiple OS command injection
(CWE-78) vulnerabilities in the co
CVE-2021-26103 (An insufficient verification of data authenticity
vulnerability (CWE-3 ...)
NOT-FOR-US: FortiGuard
CVE-2021-26102 (A relative path traversal vulnerability (CWE-23) in FortiWAN
version 4 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-26101
RESERVED
CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption
service ...)
@@ -307487,7 +307487,7 @@ CVE-2021-22503 (Possible Improper Neutralization of
Input During Web Page Gener
CVE-2021-22502 (Remote Code execution vulnerability in Micro Focus Operation
Bridge Re ...)
NOT-FOR-US: Micro Focus
CVE-2021-22501 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2021-22500 (Cross Site Request Forgery vulnerability in Micro Focus
Application Pe ...)
NOT-FOR-US: Micro Focus
CVE-2021-22499 (Persistent Cross-Site scripting vulnerability in Micro Focus
Applicati ...)
@@ -353370,7 +353370,7 @@ CVE-2020-15936 (A improper input validation in
Fortinet FortiGate version 6.4.3
CVE-2020-15935 (A cleartext storage of sensitive information in GUI in
FortiADC versio ...)
NOT-FOR-US: Fortiguard
CVE-2020-15934 (An execution with unnecessary privileges vulnerability in the
VCM engi ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-15933 (A exposure of sensitive information to an unauthorized actor
in Fortin ...)
NOT-FOR-US: FortiGuard
CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during
updates, c ...)
@@ -361904,7 +361904,7 @@ CVE-2020-12822
CVE-2020-12821 (Gossipsub 1.0 does not properly resist invalid message spam,
such as a ...)
NOT-FOR-US: Gossipsub
CVE-2020-12820 (Under non-default configuration, a stack-based buffer overflow
in Fort ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-12819 (A heap-based buffer overflow vulnerability in the processing
of Link C ...)
NOT-FOR-US: FortiGuard
CVE-2020-12818 (An insufficient logging vulnerability in FortiGate before
6.4.1 may al ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb8e05782288503d058f51a3c07bbd03daa8e487
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb8e05782288503d058f51a3c07bbd03daa8e487
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
