[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 9 19:51:50 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
627d4cf2 by Salvatore Bonaccorso at 2024-07-09T20:51:23+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -125,7 +125,7 @@ CVE-2024-3653 (A vulnerability was found in Undertow. This issue requires enabli
- undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274437
CVE-2024-3410 (The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-39600 (Under certain conditions, the memory of SAP GUI for Windows contains t ...)
NOT-FOR-US: SAP
CVE-2024-39599 (Due to a Protection Mechanism Failure in SAP NetWeaver Application Ser ...)
@@ -143,19 +143,19 @@ CVE-2024-39594 (SAP Business Warehouse - Business Planning and Simulation applic
CVE-2024-39593 (SAP Landscape Management allows an authenticated user to read confiden ...)
NOT-FOR-US: SAP
CVE-2024-39592 (Elements of PDCE does not perform necessary authorization checks for a ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-38372 (Undici is an HTTP/1.1 client, written from scratch for Node.js. Depend ...)
TODO: check
CVE-2024-37923 (Cross-Site Request Forgery (CSRF) vulnerability in Cliengo \u2013 Chat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37555 (Unrestricted Upload of File with Dangerous Type vulnerability in Zealo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37180 (Under certain conditions SAP NetWeaver Application Server for ABAP and ...)
NOT-FOR-US: SAP
CVE-2024-37175 (SAP CRM WebClient does not perform necessary authorization check for a ...)
NOT-FOR-US: SAP
CVE-2024-37174 (Custom CSS support option in SAP CRM WebClient UI does not sufficientl ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-37173 (Due to insufficient input validation, SAP CRM WebClient UI allows an ...)
NOT-FOR-US: SAP
CVE-2024-37172 (SAP S/4HANA Finance (Advanced Payment Management) does not perform nec ...)
@@ -163,25 +163,25 @@ CVE-2024-37172 (SAP S/4HANA Finance (Advanced Payment Management) does not perfo
CVE-2024-37171 (SAP Transportation Management (Collaboration Portal) allows an attacke ...)
NOT-FOR-US: SAP
CVE-2024-34786 (UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation ...)
- TODO: check
+ NOT-FOR-US: UniFi iOS app
CVE-2024-34692 (Due to missing verification of file type or content, SAP Enable Now al ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-34689 (WebFlow Services of SAP Business Workflow allows an authenticated atta ...)
NOT-FOR-US: SAP
CVE-2024-34685 (Due to weak encoding of user-controlled input in SAP NetWeaver Knowled ...)
NOT-FOR-US: SAP
CVE-2024-28751 (An high privileged remote attacker can enable telnet access that accep ...)
- TODO: check
+ NOT-FOR-US: ifm electronic GmbH
CVE-2024-28750 (A remote attacker with high privileges may use a deleting file functio ...)
- TODO: check
+ NOT-FOR-US: ifm electronic GmbH
CVE-2024-28749 (A remote attacker with high privileges may use a writing file function ...)
- TODO: check
+ NOT-FOR-US: ifm electronic GmbH
CVE-2024-28748 (A remote attacker with high privileges may use a reading file function ...)
- TODO: check
+ NOT-FOR-US: ifm electronic GmbH
CVE-2024-28747 (An unauthenticated remote attacker can use the hard-coded credentials ...)
- TODO: check
+ NOT-FOR-US: ifm electronic GmbH
CVE-2024-22062 (There is a permissions and access control vulnerability in ZXCLOUD IRA ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2024-37372
- nodejs <not-affected> (Only affect Node.js on Windows)
NOTE: https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#permission-model-improperly-processes-unc-paths-cve-2024-37372---low
@@ -231,7 +231,7 @@ CVE-2024-39677 (NHibernate is an object-relational mapper for the .NET framework
CVE-2024-39312 (Botan is a C++ cryptography library. X.509 certificates can identify e ...)
TODO: check
CVE-2024-39308 (RailsAdmin is a Rails engine that provides an interface for managing d ...)
- TODO: check
+ NOT-FOR-US: RailsAdmin
CVE-2024-39203 (A cross-site scripting (XSS) vulnerability in the Backend Theme Manage ...)
NOT-FOR-US: Backend Theme Management module of Z-BlogPHP
CVE-2024-39202 (D-Link DIR-823X firmware - 240126 was discovered to contain a remote c ...)
@@ -249,56 +249,56 @@ CVE-2024-27459 (The interactive service in OpenVPN 2.6.9 and earlier allows an a
- openvpn <not-affected> (Only affects Windows)
NOTE: https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
CVE-2024-25639 (Khoj is an application that creates personal AI agents. The Khoj Obsid ...)
- TODO: check
+ NOT-FOR-US: Khoj
CVE-2024-24974 (The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVP ...)
- openvpn <not-affected> (Only affects Windows)
NOTE: https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
CVE-2024-23562 (A security vulnerability in HCL Domino could allow disclosure of sensi ...)
NOT-FOR-US: HCL Domino
CVE-2024-21778 (A heap-based buffer overflow vulnerability exists in the configuration ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2024-1305 (tap-windows6 driver version 9.26 and earlier does not properly check ...)
TODO: check
CVE-2023-50383 (Three os command injection vulnerabilities exist in the boa formWsc fu ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-50382 (Three os command injection vulnerabilities exist in the boa formWsc fu ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-50381 (Three os command injection vulnerabilities exist in the boa formWsc fu ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-50330 (A stack-based buffer overflow vulnerability exists in the boa getInfo ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-50244 (Two stack-based buffer overflow vulnerabilities exist in the boa formI ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-50243 (Two stack-based buffer overflow vulnerabilities exist in the boa formI ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-50240 (Two stack-based buffer overflow vulnerabilities exist in the boa set_R ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-50239 (Two stack-based buffer overflow vulnerabilities exist in the boa set_R ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-49867 (A stack-based buffer overflow vulnerability exists in the boa formWsc ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-49595 (A stack-based buffer overflow vulnerability exists in the boa rollback ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-49593 (Leftover debug code exists in the boa formSysCmd functionality of Leve ...)
- TODO: check
+ NOT-FOR-US: LevelOne WBR-6013
CVE-2023-49073 (A stack-based buffer overflow vulnerability exists in the boa formFilt ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-48270 (A stack-based buffer overflow vulnerability exists in the boa formDnsv ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-47856 (A stack-based buffer overflow vulnerability exists in the boa set_Radv ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-47677 (A cross-site request forgery (csrf) vulnerability exists in the boa CS ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-46685 (A hard-coded password vulnerability exists in the telnetd functionalit ...)
- TODO: check
+ NOT-FOR-US: LevelOne WBR-6013
CVE-2023-45742 (An integer overflow vulnerability exists in the boa updateConfigIntoFl ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-45215 (A stack-based buffer overflow vulnerability exists in the boa setRepea ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-41251 (A stack-based buffer overflow vulnerability exists in the boa formRout ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2023-34435 (A firmware update vulnerability exists in the boa formUpload functiona ...)
- TODO: check
+ NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2024-6539 (A vulnerability classified as problematic has been found in heyewei Sp ...)
NOT-FOR-US: heyewei SpringBootCMS
CVE-2024-5711 (Cross-site Scripting (XSS) - Stored in GitHub repository stitionai/dev ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/627d4cf29b0334e92f1bdea6d7016c267d5e5993
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/627d4cf29b0334e92f1bdea6d7016c267d5e5993
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240709/c033f732/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list