[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 22 22:00:13 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b1f8c82f by Salvatore Bonaccorso at 2024-08-22T22:59:19+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -39,39 +39,39 @@ CVE-2024-43398 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has
CVE-2024-43331 (Missing Authorization vulnerability in VeronaLabs WP SMS.This issue af ...)
TODO: check
CVE-2024-42776 (Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Acce ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42775 (An Incorrect Access Control vulnerability was found in /admin/add_room ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42774 (An Incorrect Access Control vulnerability was found in /admin/delete_r ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42773 (An Incorrect Access Control vulnerability was found in /admin/edit_roo ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42772 (An Incorrect Access Control vulnerability was found in /admin/rooms.ph ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42771 (A Stored Cross Site Scripting (XSS) vulnerability was found in " /admi ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42770 (A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/ ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42769 (A Reflected Cross Site Scripting (XSS) vulnerability was found in "/co ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42768 (A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipa ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42767 (Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted F ...)
- TODO: check
+ NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42599 (SeaCMS 13.0 has a remote code execution vulnerability. The reason for ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2024-42497 (Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, ...)
- mattermost-server <itp> (bug #823556)
CVE-2024-42490 (authentik is an open-source Identity Provider. Several API endpoints c ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2024-42418 (Avtec Outpost uses a default cryptographic key that can be used to dec ...)
- TODO: check
+ NOT-FOR-US: Avtec Outpost
CVE-2024-40884 (Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly ...)
- mattermost-server <itp> (bug #823556)
CVE-2024-3127 (An issue has been discovered in GitLab EE affecting all versions start ...)
TODO: check
CVE-2024-39776 (Avtec Outpost stores sensitive information in an insecure location wit ...)
- TODO: check
+ NOT-FOR-US: Avtec Outpost
CVE-2024-39746 (IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could ...)
NOT-FOR-US: IBM
CVE-2024-39745 (IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses w ...)
@@ -79,21 +79,21 @@ CVE-2024-39745 (IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3
CVE-2024-39744 (IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vul ...)
NOT-FOR-US: IBM
CVE-2024-39717 (The Versa Director GUI provides an option to customize the look and fe ...)
- TODO: check
+ NOT-FOR-US: Versa Director GUI
CVE-2024-36445 (Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a ro ...)
- TODO: check
+ NOT-FOR-US: Swissphone DiCal-RED 4009 devices
CVE-2024-36444 (cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an ...)
- TODO: check
+ NOT-FOR-US: Swissphone DiCal-RED 4009 devices
CVE-2024-36443 (Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read ...)
- TODO: check
+ NOT-FOR-US: Swissphone DiCal-RED 4009 devices
CVE-2024-36442 (cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an ...)
- TODO: check
+ NOT-FOR-US: Swissphone DiCal-RED 4009 devices
CVE-2024-36441 (Swissphone DiCal-RED 4009 devices allow an unauthenticated attacker us ...)
- TODO: check
+ NOT-FOR-US: Swissphone DiCal-RED 4009 devices
CVE-2024-36440 (An issue was discovered on Swissphone DiCal-RED 4009 devices. An attac ...)
- TODO: check
+ NOT-FOR-US: Swissphone DiCal-RED 4009 devices
CVE-2024-36439 (Swissphone DiCal-RED 4009 devices allow a remote attacker to gain acce ...)
- TODO: check
+ NOT-FOR-US: Swissphone DiCal-RED 4009 devices
CVE-2024-35151 (IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users ...)
NOT-FOR-US: IBM
CVE-2023-6452 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1f8c82fbe788a09e1197412a3d8d982a7484afb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1f8c82fbe788a09e1197412a3d8d982a7484afb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240822/ee5955ff/attachment.htm>
More information about the debian-security-tracker-commits
mailing list