[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 23 21:33:11 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
64b4a28a by Salvatore Bonaccorso at 2024-08-23T22:32:17+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,129 +1,129 @@
CVE-2024-8113 (Stored XSS in organizer and event settings of pretix up to 2024.7.0 al ...)
- TODO: check
+ NOT-FOR-US: pretix
CVE-2024-8112 (A vulnerability was found in thinkgem JeeSite 5.3. It has been rated a ...)
- TODO: check
+ NOT-FOR-US: thinkgem JeeSite
CVE-2024-7986 (A vulnerability exists in the Rockwell AutomationThinManager\xae ThinS ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-7954 (The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4. ...)
TODO: check
CVE-2024-7428 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in O ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-7427 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-5586 (ZohocorpManageEngineADAudit Plus versions below8121 are vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-5556 (ZohocorpManageEngineADAudit Plus versions below8000 are vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-5502 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5490 (ZohocorpManageEngineADAudit Plus versions below8000 are vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-5467 (ZohocorpManageEngineADAudit Plus versions below8121 are vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-5466 (Zohocorp ManageEngine OpManager andRemote Monitoring and Management ve ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-45190 (Mage AI allows remote users with the "Viewer" role to leak arbitrary f ...)
- TODO: check
+ NOT-FOR-US: Mage AI
CVE-2024-45189 (Mage AI allows remote users with the "Viewer" role to leak arbitrary f ...)
- TODO: check
+ NOT-FOR-US: Mage AI
CVE-2024-45188 (Mage AI allows remote users with the "Viewer" role to leak arbitrary f ...)
- TODO: check
+ NOT-FOR-US: Mage AI
CVE-2024-45187 (Guest users in the Mage AI framework that remain logged in after their ...)
- TODO: check
+ NOT-FOR-US: Mage AI
CVE-2024-44390 (Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-44387 (Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-44386 (Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-44382 (D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-44381 (D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-43794 (OpenSearch Dashboards Security Plugin adds a configuration management ...)
- TODO: check
+ NOT-FOR-US: OpenSearch Dashboards Security Plugin
CVE-2024-43791 (RequestStore provides per-request global storage for Rack. The files p ...)
TODO: check
CVE-2024-43782 (This openedx-translations repository contains translation files from O ...)
TODO: check
CVE-2024-43032 (autMan v2.9.6 allows attackers to bypass authentication via a crafted ...)
- TODO: check
+ NOT-FOR-US: autMan
CVE-2024-43031 (autMan v2.9.6 was discovered to contain an access control issue.)
- TODO: check
+ NOT-FOR-US: autMan
CVE-2024-42992 (Python Pip Pandas v2.2.2 was discovered to contain an arbitrary file r ...)
TODO: check
CVE-2024-42918 (itsourcecode Online Accreditation Management System contains a Cross S ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Online Accreditation Management System
CVE-2024-42915 (A host header injection vulnerability in Staff Appraisal System v1.0 a ...)
- TODO: check
+ NOT-FOR-US: Staff Appraisal System
CVE-2024-42914 (A host header injection vulnerability exists in the forgot password fu ...)
- TODO: check
+ NOT-FOR-US: ArrowCMS
CVE-2024-42852 (Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b ...)
- TODO: check
+ NOT-FOR-US: AcuToWeb server
CVE-2024-42845 (An eval Injection vulnerability in the component invesalius/reader/dic ...)
TODO: check
CVE-2024-42766 (Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorr ...)
- TODO: check
+ NOT-FOR-US: Kashipara Bus Ticket Reservation System
CVE-2024-42765 (A SQL injection vulnerability in "/login.php" of the Kashipara Bus Tic ...)
- TODO: check
+ NOT-FOR-US: Kashipara Bus Ticket Reservation System
CVE-2024-42764 (Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Si ...)
- TODO: check
+ NOT-FOR-US: Kashipara Bus Ticket Reservation System
CVE-2024-42756 (An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-42636 (DedeCMS V5.7.115 has a command execution vulnerability via file_manage ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2024-42531 (Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated ...)
- TODO: check
+ NOT-FOR-US: Ezviz Internet PT Camera CS-CV246 D15655150
CVE-2024-42523 (publiccms V4.0.202302.e and before is vulnerable to Any File Upload vi ...)
- TODO: check
+ NOT-FOR-US: publiccms
CVE-2024-42364 (Homepage is a highly customizable homepage with Docker and service API ...)
TODO: check
CVE-2024-42040 (Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from ...)
TODO: check
CVE-2024-41878 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41877 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41876 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41875 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41849 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41848 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41847 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41846 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41845 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41844 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41843 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41842 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41841 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41150 (An Stored Cross-site Scripting vulnerability in request module affects ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-39841 (A SQL Injection vulnerability exists in the service configuration func ...)
TODO: check
CVE-2024-38869 (An Stored Cross-site Scripting vulnerability affects ZohocorpManageEng ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-38807 (Applications that use spring-boot-loaderor spring-boot-loader-classica ...)
TODO: check
CVE-2024-37311 (Collabora Online is a collaborative online office suite based on Libre ...)
- TODO: check
+ NOT-FOR-US: Collabora Online
CVE-2024-36517 (ZohocorpManageEngineADAudit Plus versions below8000 are vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-36516 (ZohocorpManageEngineADAudit Plus versions below8000 are vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-36515 (ZohocorpManageEngineADAudit Plus versions below8000 are vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-36514 (ZohocorpManageEngineADAudit Plus versions below8000 are vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-33854 (A SQL Injection vulnerability exists in the Graph Template component i ...)
TODO: check
CVE-2024-33853 (A SQL Injection vulnerability exists in the Timeperiod component in Ce ...)
@@ -334118,7 +334118,7 @@ CVE-2020-11849 (Elevation of privilege and/or unauthorized access vulnerability
CVE-2020-11848 (Denial of service vulnerability on Micro Focus ArcSight Management Cen ...)
NOT-FOR-US: Micro Focus
CVE-2020-11847 (SSH authenticated user when access the PAM server can execute an OS co ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2020-11846 (A vulnerability found in OpenText Privileged Access Manager that issue ...)
NOT-FOR-US: OpenText Privileged Access Manager
CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service Manager prod ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64b4a28a421eb46fcfe6d0fa3f6b305512179fb3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64b4a28a421eb46fcfe6d0fa3f6b305512179fb3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240823/dd40d2f4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list