[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Aug 23 11:13:30 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
938d194e by Moritz Muehlenhoff at 2024-08-23T12:12:38+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
CVE-2024-8089 (A vulnerability was found in SourceCodester E-Commerce System 1.0. It ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-8087 (A vulnerability was found in SourceCodester E-Commerce System 1.0 and ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-8086 (A vulnerability has been found in SourceCodester E-Commerce System 1.0 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-8084 (A vulnerability, which was classified as problematic, was found in Sou ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-8083 (A vulnerability, which was classified as critical, has been found in S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-8081 (A vulnerability classified as critical was found in itsourcecode Payro ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Payroll Management System
CVE-2024-8080 (A vulnerability classified as critical has been found in SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2024-8079 (A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-8078 (A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-7559 (The File Manager Pro plugin for WordPress is vulnerable to arbitrary f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7258 (The WooCommerce Google Feed Manager plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6715 (The Ditty WordPress plugin before 3.1.46 re-introduced a previously f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43790 (Vim is an open source command line text editor. When performing a sear ...)
TODO: check
CVE-2024-43477 (Improper access control in Decentralized Identity Services allows an u ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43105 (Mattermost Plugin Channel Export versions <=1.0.0 fail to restrict con ...)
- TODO: check
+ NOT-FOR-US: Mattermost plugin
CVE-2024-42763 (A Reflected Cross Site Scripting (XSS) vulnerability was found in the ...)
- TODO: check
+ NOT-FOR-US: Kashipara Bus Ticket Reservation System
CVE-2024-42762 (A Stored Cross Site Scripting (XSS) vulnerability was found in "/histo ...)
- TODO: check
+ NOT-FOR-US: Kashipara Bus Ticket Reservation System
CVE-2024-42761 (A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin ...)
- TODO: check
+ NOT-FOR-US: Kashipara Bus Ticket Reservation System
CVE-2024-40766 (An improper access control vulnerability has been identified in the So ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-3282 (The WP Table Builder WordPress plugin through 1.5.0 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38210 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38209 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38208 (Microsoft Edge for Android Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-7260 (Path Traversal vulnerability discovered in OpenText\u2122 CX-E Voice, ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-8088 (There is a HIGH severity vulnerability affecting the CPython "zipfile" ...)
- python3.13 <unfixed>
- python3.12 <unfixed>
@@ -72,7 +72,7 @@ CVE-2024-7848 (The User Private Files \u2013 WordPress File Sharing Plugin plugi
CVE-2024-7778 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...)
NOT-FOR-US: WordPress plugin
CVE-2024-7634 (NGINX Agent's "config_dirs" restriction feature allows a highly privil ...)
- TODO: check
+ NOT-FOR-US: NGINX Agent
CVE-2024-7110 (An issue was discovered in GitLab EE affecting all versions starting 1 ...)
TODO: check
CVE-2024-6870 (The Responsive Lightbox & Gallery plugin for WordPress is vulnerable t ...)
@@ -105,7 +105,7 @@ CVE-2024-43780 (Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.
CVE-2024-43398 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS ...)
TODO: check
CVE-2024-43331 (Missing Authorization vulnerability in VeronaLabs WP SMS.This issue af ...)
- TODO: check
+ NOT-FOR-US: VeronaLabs WP SMS
CVE-2024-42776 (Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Acce ...)
NOT-FOR-US: Kashipara Hotel Management System
CVE-2024-42775 (An Incorrect Access Control vulnerability was found in /admin/add_room ...)
@@ -165,7 +165,7 @@ CVE-2024-36439 (Swissphone DiCal-RED 4009 devices allow a remote attacker to gai
CVE-2024-35151 (IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users ...)
NOT-FOR-US: IBM
CVE-2023-6452 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Forcepoint
CVE-2024-8072 (Mage AI allows remote unauthenticated attackers to leak the terminal s ...)
NOT-FOR-US: Mage AI
CVE-2024-8071 (Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 a ...)
@@ -189,7 +189,7 @@ CVE-2024-45166 (An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) thr
CVE-2024-45165 (An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2 ...)
NOT-FOR-US: UCI IDOL 2 (aka uciIDOL or IDOL2)
CVE-2024-45163 (The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connec ...)
- TODO: check
+ NOT-FOR-US: Mirai botnet
CVE-2024-43813 (Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce p ...)
- mattermost-server <itp> (bug #823556)
CVE-2024-43033 (JPress through 5.1.1 on Windows has an arbitrary file upload vulnerabi ...)
@@ -543,17 +543,17 @@ CVE-2024-41675 (CKAN is an open-source data management system for powering data
CVE-2024-41674 (CKAN is an open-source data management system for powering data hubs a ...)
NOT-FOR-US: CKAN
CVE-2024-41572 (Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting ...)
- TODO: check
+ NOT-FOR-US: Learning with Texts
CVE-2024-40453 (squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to ...)
- TODO: check
+ NOT-FOR-US: squirrelly
CVE-2024-39344 (An issue was discovered in the Docusign API package 8.142.14 for Sales ...)
NOT-FOR-US: Docusign API package for Salesforce
CVE-2024-37008 (A maliciously crafted DWG file, when parsed in Revit, can force a stac ...)
NOT-FOR-US: Autodesk
CVE-2024-33657 (This SMM vulnerability affects certain modules, allowing privileged at ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2024-33656 (The DXE module SmmComputrace contains a vulnerability that allows loca ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2024-28000 (Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies ...)
NOT-FOR-US: WordPress plugin
CVE-2024-21690 (This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) ...)
@@ -613,7 +613,7 @@ CVE-2024-43396 (Khoj is an application that creates personal AI agents. The Auto
CVE-2024-42939 (A cross-site scripting (XSS) vulnerability in the component /index/ind ...)
NOT-FOR-US: YZNCMS
CVE-2024-42363 (Prior to 3385, the user-controlled role parameter enters the applicati ...)
- TODO: check
+ NOT-FOR-US: Zendesk
CVE-2024-42362 (Hertzbeat is an open source, real-time monitoring system. Hertzbeat ha ...)
NOT-FOR-US: Hertzbeat
CVE-2024-42361 (Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1. ...)
@@ -1109,7 +1109,7 @@ CVE-2024-41698 (Priority \u2013 CWE-200: Exposure of Sensitive Information to an
CVE-2024-41697 (Priority -CWE-80: Improper Neutralization of Script-Related HTML Tags ...)
NOT-FOR-US: Priority
CVE-2024-41659 (memos is a privacy-first, lightweight note-taking service. A CORS misc ...)
- TODO: check
+ NOT-FOR-US: memos
CVE-2024-40743 (The stripImages and stripIframes methods didn't properly process input ...)
NOT-FOR-US: Joomla!
CVE-2024-39690 (Capsule is a multi-tenancy and policy-based framework for Kubernetes. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/938d194e3c7b943b0bcf792359f34063af2efca5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/938d194e3c7b943b0bcf792359f34063af2efca5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240823/c1f40656/attachment.htm>
More information about the debian-security-tracker-commits
mailing list