[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 19 21:41:58 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
466a96da by Salvatore Bonaccorso at 2024-04-19T22:41:28+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2024-3741 (Electrolink transmitters are vulnerable to an authentication bypa
CVE-2024-3731 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3684 (A server side request forgery vulnerability was identified in GitHub E ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2024-3654 (An XSS vulnerability has been found in Teimas Global's Teixo, version ...)
NOT-FOR-US: Teimas Global's Teixo
CVE-2024-3646 (A command injection vulnerability was identified in GitHub Enterprise ...)
@@ -89,39 +89,39 @@ CVE-2024-30920 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below al
CVE-2024-30107 (HCL Connections contains a broken access control vulnerability that ma ...)
NOT-FOR-US: HCL
CVE-2024-2761 (The Genesis Blocks WordPress plugin before 3.1.3 does not properly esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2440 (A race condition in GitHub Enterprise Server allowed an existing admin ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2024-29991 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-29969 (When a Brocade SANnav installation is upgraded from Brocade SANnav v2. ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2024-29968 (An information disclosure vulnerability exists in Brocade SANnav befor ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2024-29967 (In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was obse ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2024-29966 (Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded creden ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2024-29965 (In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back u ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2024-29964 (Docker instances in Brocade SANnav before v2.3.1 and v2.3.0a have an i ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2024-29963 (Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded keys ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2024-29962 (Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file per ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2024-29961 (A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It a ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2024-29960 (In the Brocade SANnav server versions before v2.3.1 and v2.3.0a, the S ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2024-29959 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Bro ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2024-29958 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2024-29957 (When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured i ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2024-29204 (A Heap Overflow vulnerability in WLAvalancheService component of Ivant ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29183 (OpenRASP is a RASP solution that directly integrates its protection en ...)
TODO: check
CVE-2024-29030 (memos is a privacy-first, lightweight note-taking service. In memos 0. ...)
@@ -131,69 +131,69 @@ CVE-2024-29029 (memos is a privacy-first, lightweight note-taking service. In me
CVE-2024-29028 (memos is a privacy-first, lightweight note-taking service. In memos 0. ...)
TODO: check
CVE-2024-27984 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-27978 (A Null Pointer Dereference vulnerability in WLAvalancheService compone ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-27977 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-27976 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-27975 (An Use-after-free vulnerability in WLAvalancheService component of Iva ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-27752 (Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote ...)
- TODO: check
+ NOT-FOR-US: CSZ CMS
CVE-2024-25000 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-24999 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-24998 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-24997 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-24996 (A Heap overflow vulnerability in WLInfoRailService component of Ivanti ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-24995 (A Race Condition (TOCTOU) vulnerability in web component of Ivanti Ava ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-24994 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-24993 (A Race Condition (TOCTOU) vulnerability in web component of Ivanti Ava ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-24992 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-24991 (A Null Pointer Dereference vulnerability in WLAvalancheService compone ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-23535 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-23534 (An Unrestricted File-upload vulnerability in web component of Ivanti A ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-23533 (An out-of-bounds read vulnerability in WLAvalancheService component of ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-23532 (An out-of-bounds Read vulnerability in WLAvalancheService component of ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-23531 (An Integer Overflow vulnerability in WLInfoRailService component of Iv ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-23530 (An out-of-bounds read vulnerability in WLAvalancheService component of ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-23529 (An out-of-bounds read vulnerability in WLAvalancheService component of ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-23528 (An out-of-bounds read vulnerability in WLAvalancheService component of ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-23526 (An out-of-bounds read vulnerability in WLAvalancheService component of ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-22186 (The application suffers from a privilege escalation vulnerability. An ...)
- TODO: check
+ NOT-FOR-US: Electrolink
CVE-2024-22179 (The application is vulnerable to an unauthenticated parameter manipul ...)
- TODO: check
+ NOT-FOR-US: Electrolink
CVE-2024-22061 (A Heap Overflow vulnerability in WLInfoRailService component of Ivanti ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-21872 (The device allows an unauthenticated attacker to bypass authentication ...)
- TODO: check
+ NOT-FOR-US: Electrolink
CVE-2024-21846 (An unauthenticated attacker can reset the board and stop transmitter ...)
- TODO: check
+ NOT-FOR-US: Electrolink
CVE-2024-1681 (corydolphin/flask-cors is vulnerable to log injection when the log lev ...)
TODO: check
CVE-2024-1491 (The devices allow access to an unprotected endpoint that allows MPFS ...)
- TODO: check
+ NOT-FOR-US: Electrolink
CVE-2024-1065 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...)
TODO: check
CVE-2024-0671 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm ...)
@@ -223,7 +223,7 @@ CVE-2023-50008 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 all
CVE-2023-50007 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a ...)
TODO: check
CVE-2023-49963 (DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-c ...)
- TODO: check
+ NOT-FOR-US: DYMO LabelWriter Print Server
CVE-2023-49502 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a ...)
TODO: check
CVE-2023-49501 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a ...)
@@ -82866,7 +82866,7 @@ CVE-2023-25045 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2023-25044 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25043 (Incorrect Authorization vulnerability in Supsystic Data Tables Generat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25042 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25041 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththeme ...)
@@ -96301,7 +96301,7 @@ CVE-2022-47153 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2022-47152 (Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47151 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47150
RESERVED
CVE-2022-47149 (Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin ...)
@@ -109980,7 +109980,7 @@ CVE-2022-41785 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability i
CVE-2022-41781 (Broken Access Control vulnerability in Permalink Manager Lite plugin < ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41698 (Missing Authorization vulnerability in Layered If Menu.This issue affe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41695 (Missing Authorization vulnerability in SedLex Traffic Manager.This iss ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41692 (Missing Authorization vulnerability in Appointment Hour Booking plugin ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/466a96da80859537421264a92d2a2031a07e3a23
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/466a96da80859537421264a92d2a2031a07e3a23
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240419/7a68f755/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list