[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 10 21:32:27 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
730aeaaa by Salvatore Bonaccorso at 2024-04-10T22:32:01+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,19 +21,19 @@ CVE-2024-3515 (Use after free in Dawn in Google Chrome prior to 123.0.6312.122 a
CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In this v ...)
TODO: check
CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3387 (A weak (low bit strength) device certificate in Palo Alto Networks Pan ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3386 (An incorrect string comparison vulnerability in Palo Alto Networks PAN ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3385 (A packet processing mechanism in Palo Alto Networks PAN-OS software en ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3384 (A vulnerability in Palo Alto Networks PAN-OS software enables a remote ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3383 (A vulnerability in how Palo Alto Networks PAN-OS software processes da ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that enable ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with manage ...)
TODO: check
CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome prior to 1 ...)
@@ -47,21 +47,21 @@ CVE-2024-3098 (A vulnerability was identified in the `exec_utils` class of the `
CVE-2024-3025 (mintplex-labs/anything-llm is vulnerable to path traversal attacks due ...)
TODO: check
CVE-2024-31984 (Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, an ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31983 (XWiki Platform is a generic wiki platform. In multilingual wikis, tran ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31982 (XWiki Platform is a generic wiki platform. Starting in version 2.4-mil ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31981 (XWiki Platform is a generic wiki platform. Starting in version 3.0.1 a ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31944 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31943 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31939 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any X ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31924 (Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Im ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31874 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninit ...)
NOT-FOR-US: IBM
CVE-2024-31873 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains ha ...)
@@ -71,71 +71,71 @@ CVE-2024-31872 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could
CVE-2024-31871 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...)
NOT-FOR-US: IBM
CVE-2024-31819 (An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2024-31492 (An external control of file name or path vulnerability [CWE-73] in Fo ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-31465 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31464 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31461 (Plane, an open-source project management tool, has a Server-Side Reque ...)
- TODO: check
+ NOT-FOR-US: Plane
CVE-2024-31430 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31386 (Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31358 (Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating ...)
- TODO: check
+ NOT-FOR-US: Saleswonder.Biz 5 Stars Rating Funnel
CVE-2024-31356 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31355 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31353 (Insertion of Sensitive Information into Log File vulnerability in Trib ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31343 (Missing Authorization vulnerability in Sonaar Music MP3 Audio Player f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31342 (Missing Authorization vulnerability in WPcloudgallery WordPress Galler ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31302 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31299 (Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31298 (Insertion of Sensitive Information into Log File vulnerability in Joel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31297 (Missing Authorization vulnerability in WPExperts Wholesale For WooComm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31287 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31282 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31278 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31259 (Insertion of Sensitive Information into Log File vulnerability in Sear ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31254 (Insertion of Sensitive Information into Log File vulnerability in WebT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31253 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31249 (Insertion of Sensitive Information into Log File vulnerability in WPKu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31247 (Insertion of Sensitive Information into Log File vulnerability in Fr\x ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31245 (Insertion of Sensitive Information into Log File vulnerability in Conv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31242 (Missing Authorization vulnerability in Bricksforge.This issue affects ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31240 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31230 (Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31214 (Traccar is an open source GPS tracking system. Traccar versions 5.1 th ...)
- TODO: check
+ NOT-FOR-US: Traccar
CVE-2024-2952 (BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) ...)
TODO: check
CVE-2024-2731 (Users with low privileges (all permissions deselected in the administr ...)
TODO: check
CVE-2024-2730 (Mautic uses predictable page indices for unpublished landing pages, th ...)
- TODO: check
+ NOT-FOR-US: Mautic
CVE-2024-2221 (qdrant/qdrant is vulnerable to a path traversal and arbitrary file upl ...)
TODO: check
CVE-2024-2217 (gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, a ...)
@@ -147,47 +147,47 @@ CVE-2024-2195 (A critical Remote Code Execution (RCE) vulnerability was identifi
CVE-2024-2029 (A command injection vulnerability exists in the `TranscriptEndpoint` o ...)
TODO: check
CVE-2024-29502 (An issue in Secure Lockdown Multi Application Edition v2.00.219 allows ...)
- TODO: check
+ NOT-FOR-US: Secure Lockdown Multi Application
CVE-2024-29500 (An issue in the kiosk mode of Secure Lockdown Multi Application Editio ...)
- TODO: check
+ NOT-FOR-US: Secure Lockdown Multi Application
CVE-2024-29296 (A user enumeration vulnerability was found in Portainer CE 2.19.4. Thi ...)
- TODO: check
+ NOT-FOR-US: Portainer
CVE-2024-29269 (An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows a ...)
- TODO: check
+ NOT-FOR-US: Telesquare TLR-2005Ksh
CVE-2024-28345 (An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows ...)
- TODO: check
+ NOT-FOR-US: Sipwise C5 NGCP Dashboard
CVE-2024-28344 (An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard ...)
- TODO: check
+ NOT-FOR-US: Sipwise C5 NGCP Dashboard
CVE-2024-27477 (In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within ...)
- TODO: check
+ NOT-FOR-US: Leantime
CVE-2024-27476 (Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/ti ...)
- TODO: check
+ NOT-FOR-US: Leantime
CVE-2024-27474 (Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). Thi ...)
- TODO: check
+ NOT-FOR-US: Leantime
CVE-2024-26122 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-26098 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-26097 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-26087 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-26084 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-26079 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-26076 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-26047 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-26046 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-24809 (Traccar is an open source GPS tracking system. Versions prior to 6.0 a ...)
- TODO: check
+ NOT-FOR-US: Traccar
CVE-2024-23735 (Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate ...)
- TODO: check
+ NOT-FOR-US: savignano S/Notify
CVE-2024-23734 (Cross Site Request Forgery vulnerability in in the upload functionalit ...)
- TODO: check
+ NOT-FOR-US: savignano S/Notify
CVE-2024-23083 (Time4J Base v5.9.3 was discovered to contain a NullPointerException vi ...)
TODO: check
CVE-2024-23080 (Joda Time v2.12.5 was discovered to contain a NullPointerException via ...)
@@ -197,23 +197,23 @@ CVE-2024-23077 (JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexO
CVE-2024-23076 (FreeChart v1.5.4 was discovered to contain a NullPointerException via ...)
TODO: check
CVE-2024-20780 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20779 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20778 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20772 (Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a St ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20770 (Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20766 (InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20759 (Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20758 (Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-20737 (After Effects versions 24.1, 23.6.2 and earlier are affected by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-1902 (lunary-ai/lunary is vulnerable to a session reuse attack, allowing a r ...)
TODO: check
CVE-2024-1741 (lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/730aeaaab50b67ace3e5c67a4107a458307b0fa5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/730aeaaab50b67ace3e5c67a4107a458307b0fa5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240410/ed816919/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list