[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 22 09:21:42 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ca6a0024 by Salvatore Bonaccorso at 2024-08-22T10:21:06+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
CVE-2024-8072 (Mage AI allows remote unauthenticated attackers to leak the terminal s ...)
- TODO: check
+ NOT-FOR-US: Mage AI
CVE-2024-8071 (Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 a ...)
TODO: check
CVE-2024-7836 (The Themify Builder plugin for WordPress is vulnerable to unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7384 (The AcyMailing \u2013 An Ultimate Newsletter Plugin and Marketing Auto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6386 (The WPML plugin for WordPress is vulnerable to Remote Code Execution i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5583 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-45169 (An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2 ...)
TODO: check
CVE-2024-45168 (An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2 ...)
@@ -25,7 +25,7 @@ CVE-2024-45163 (The Mirai botnet through 2024-08-19 mishandles simultaneous TCP
CVE-2024-43813 (Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce p ...)
TODO: check
CVE-2024-43033 (JPress through 5.1.1 on Windows has an arbitrary file upload vulnerabi ...)
- TODO: check
+ NOT-FOR-US: JPress
CVE-2024-42411 (Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, ...)
TODO: check
CVE-2024-42056 (Retool (self-hosted enterprise) through 3.40.0 inserts resource authen ...)
@@ -37,11 +37,11 @@ CVE-2024-39836 (Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.
CVE-2024-39810 (Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time l ...)
TODO: check
CVE-2024-39576 (Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incor ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-32939 (Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, ...)
TODO: check
CVE-2024-28987 (The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2022-48943 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 5.16.12-1
[bullseye] - linux 5.10.103-1
@@ -379,29 +379,29 @@ CVE-2024-41572 (Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scri
CVE-2024-40453 (squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to ...)
TODO: check
CVE-2024-39344 (An issue was discovered in the Docusign API package 8.142.14 for Sales ...)
- TODO: check
+ NOT-FOR-US: Docusign API package for Salesforce
CVE-2024-37008 (A maliciously crafted DWG file, when parsed in Revit, can force a stac ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-33657 (This SMM vulnerability affects certain modules, allowing privileged at ...)
TODO: check
CVE-2024-33656 (The DXE module SmmComputrace contains a vulnerability that allows loca ...)
TODO: check
CVE-2024-28000 (Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-21690 (This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence Data Center and Server
CVE-2024-20488 (A vulnerability in the web-based management interface of Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20486 (A vulnerability in the web-based management interface of Cisco Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20466 (A vulnerability in the web-based management interface of Cisco Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20417 (Multiple vulnerabilities in the REST API of Cisco Identity Services En ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20375 (A vulnerability in the SIP call processing function of Cisco Unified C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-49198 (Mysql security vulnerability in Apache SeaTunnel. Attackers can read ...)
- TODO: check
+ NOT-FOR-US: Apache SeaTunnel
CVE-2024-8023 (A vulnerability classified as critical has been found in chillzhuang S ...)
NOT-FOR-US: chillzhuang SpringBlade
CVE-2024-8022 (A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03 ...)
@@ -105171,7 +105171,7 @@ CVE-2023-29931 (laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/
CVE-2023-29930 (An issue was found in Genesys CIC Polycom phone provisioning TFTP Serv ...)
NOT-FOR-US: Genesys
CVE-2023-29929 (Buffer Overflow vulnerability found in Kemptechnologies Loadmaster bef ...)
- TODO: check
+ NOT-FOR-US: Kemptechnologies Loadmaster
CVE-2023-29928
RESERVED
CVE-2023-29927 (Versions of Sage 300 through 2022 implement role-based access controls ...)
@@ -128522,7 +128522,7 @@ CVE-2015-10011 (A vulnerability classified as problematic has been found in Open
CVE-2015-10010 (A vulnerability was found in OpenDNS OpenResolve. It has been rated as ...)
NOT-FOR-US: OpenResolve
CVE-2023-22576 (Dell Repository Manager version 3.4.2 and earlier, contain a Local Pri ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-22575 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensit ...)
NOT-FOR-US: Dell
CVE-2023-22574 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensit ...)
@@ -196261,9 +196261,9 @@ CVE-2022-26330 (Potential vulnerabilities have been identified in Micro Focus Ar
CVE-2022-26329 (File existence disclosure vulnerability in NetIQ Identity Manager plug ...)
NOT-FOR-US: Micro Focus
CVE-2022-26328 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: OpenText Performance Center
CVE-2022-26327 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: OpenText Performance Center
CVE-2022-26326 (Potential open redirection vulnerability when URL is crafted in specif ...)
NOT-FOR-US: NetIQ Access Manager
CVE-2022-26325 (Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Man ...)
@@ -333760,7 +333760,7 @@ CVE-2020-11852 (DKIM key management page vulnerability on Micro Focus Secure Mes
CVE-2020-11851 (Arbitrary code execution vulnerability on Micro Focus ArcSight Logger ...)
NOT-FOR-US: Micro Focus
CVE-2020-11850 (Improper Input Validation vulnerability in OpenText Self Service Passw ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2020-11849 (Elevation of privilege and/or unauthorized access vulnerability in Mic ...)
NOT-FOR-US: Micro Focus
CVE-2020-11848 (Denial of service vulnerability on Micro Focus ArcSight Management Cen ...)
@@ -333768,7 +333768,7 @@ CVE-2020-11848 (Denial of service vulnerability on Micro Focus ArcSight Manageme
CVE-2020-11847 (SSH authenticated user when access the PAM server can execute an OS co ...)
TODO: check
CVE-2020-11846 (A vulnerability found in OpenText Privileged Access Manager that issue ...)
- TODO: check
+ NOT-FOR-US: OpenText Privileged Access Manager
CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service Manager prod ...)
NOT-FOR-US: Micro Focus
CVE-2020-11844 (Incorrect Authorization vulnerability in Micro Focus Container Deploym ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6a0024ab9c8eaaf7c49e2c83fbbe9164d520cc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6a0024ab9c8eaaf7c49e2c83fbbe9164d520cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240822/88c167d7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list