[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 10 21:58:45 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ef54c2dc by Salvatore Bonaccorso at 2024-07-10T22:58:18+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53,29 +53,29 @@ CVE-2024-40329 (idccms v1.35 was discovered to contain a Cross-Site Request Forg
CVE-2024-40328 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
NOT-FOR-US: idccms
CVE-2024-3799 (Insecure handling of POST header parameter bodyincluded in requests be ...)
- TODO: check
+ NOT-FOR-US: Phoniebox
CVE-2024-3798 (Insecure handling of GET header parameter fileincluded in requests bei ...)
- TODO: check
+ NOT-FOR-US: Phoniebox
CVE-2024-3325 (Vulnerability in Jaspersoft JasperReport Servers.This issue affects Ja ...)
- jasperreports <removed>
CVE-2024-39693 (Next.js is a React framework. A Denial of Service (DoS) condition was ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2024-38354 (CodiMD allows realtime collaborative markdown notes on all platforms. ...)
- TODO: check
+ NOT-FOR-US: HackMD CodiMD
CVE-2024-38353 (CodiMD allows realtime collaborative markdown notes on all platforms. ...)
- TODO: check
+ NOT-FOR-US: HackMD CodiMD
CVE-2024-37770 (14Finger v1.1 was discovered to contain a remote command execution (RC ...)
- TODO: check
+ NOT-FOR-US: 14Finger
CVE-2024-37504 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37498 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37310 (EVerest is an EV charging software stack. An integer overflow in the " ...)
TODO: check
CVE-2024-37270 (Insertion of Sensitive Information into Log File vulnerability in Trus ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37205 (Insertion of Sensitive Information into Log File vulnerability in SERV ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37149 (GLPI is an open-source asset and IT management software package that p ...)
- glpi <removed>
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cwvp-j887-m4xh
@@ -86,25 +86,25 @@ CVE-2024-37147 (GLPI is an open-source asset and IT management software package
- glpi <removed>
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-f2cg-fc85-ffmh
CVE-2024-37115 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37113 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37110 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32759 (Under certain circumstances the Software House C\u25cfCURE 9000 instal ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2024-32469 (Decidim is a participatory democracy framework. The pagination feature ...)
- TODO: check
+ NOT-FOR-US: Decidim
CVE-2024-28828 (Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p4 ...)
TODO: check
CVE-2024-28827 (Incorrect permissions on the Checkmk Windows Agent's data directory in ...)
TODO: check
CVE-2024-27095 (Decidim is a participatory democracy framework. The admin panel is sub ...)
- TODO: check
+ NOT-FOR-US: Decidim
CVE-2024-27090 (Decidim is a participatory democracy framework, written in Ruby on Rai ...)
- TODO: check
+ NOT-FOR-US: Decidim
CVE-2024-20456 (A vulnerability in the boot process of Cisco IOS XR Software could all ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-35006 (IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote ...)
NOT-FOR-US: IBM
CVE-2023-33860 (IBM Security QRadar EDR 3.12 does not set the secure attribute on auth ...)
@@ -116,9 +116,9 @@ CVE-2024-6550 (The Gravity Forms: Multiple Form Instances plugin for WordPress i
CVE-2024-6433 (Relative Path Traversal in GitHub repository stitionai/devika prior to ...)
NOT-FOR-US: stitionai/devika
CVE-2024-6422 (An unauthenticated remote attacker can manipulate the device via Telne ...)
- TODO: check
+ NOT-FOR-US: Pepperl+Fuchs SE
CVE-2024-6421 (An unauthenticated remote attacker can read out sensitive device infor ...)
- TODO: check
+ NOT-FOR-US: Pepperl+Fuchs SE
CVE-2024-6411 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6410 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
@@ -182,7 +182,7 @@ CVE-2024-38301 (Dell Alienware Command Center, version 5.7.3.0 and prior, contai
CVE-2024-37865 (An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allo ...)
NOT-FOR-US: S3Browser
CVE-2024-37829 (An issue in Outline <= v0.76.1 allows attackers to execute a session h ...)
- TODO: check
+ NOT-FOR-US: Outline
CVE-2024-36676 (Incorrect access control in BookStack before v24.05.1 allows attackers ...)
NOT-FOR-US: bookstack
CVE-2024-36453 (Cross-site scripting vulnerability exists in session_login.cgi of Webm ...)
@@ -457,9 +457,9 @@ CVE-2024-3563 (The Genesis Blocks plugin for WordPress is vulnerable to Stored C
CVE-2024-3228 (The Social Sharing Plugin \u2013 Kiwi plugin for WordPress is vulnerab ...)
NOT-FOR-US: WordPress plugin
CVE-2024-39899 (PrivateBin is an online pastebin where the server has zero knowledge o ...)
- TODO: check
+ NOT-FOR-US: PrivateBin
CVE-2024-39897 (zot is an OCI image registry. Prior to 2.1.0, the cache driver `GetBlo ...)
- TODO: check
+ NOT-FOR-US: zot
CVE-2024-39888 (A vulnerability has been identified in Mendix Encryption (All versions ...)
NOT-FOR-US: Siemens
CVE-2024-39876 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
@@ -489,7 +489,7 @@ CVE-2024-39865 (A vulnerability has been identified in SINEMA Remote Connect Ser
CVE-2024-39698 (electron-updater allows for automatic updates for Electron apps. The f ...)
TODO: check
CVE-2024-39697 (phonenumber is a library for parsing, formatting and validating intern ...)
- TODO: check
+ NOT-FOR-US: Rust crate phonenumber
CVE-2024-39684 (Tencent RapidJSON is vulnerable to privilege escalation due to an inte ...)
TODO: check
CVE-2024-39675 (A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < ...)
@@ -713,7 +713,7 @@ CVE-2024-37871 (SQL injection vulnerability in login.php in Itsourcecode Online
CVE-2024-37870 (SQL injection vulnerability in processscore.php in Learning Management ...)
NOT-FOR-US: Learning Management System Project In PHP With Source Code
CVE-2024-37830 (An issue in Outline <= v0.76.1 allows attackers to redirect a victim u ...)
- TODO: check
+ NOT-FOR-US: Outline
CVE-2024-37520 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: WordPress plugin
CVE-2024-37513 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef54c2dc4b556133eeccc8b1ae4338f350502a5a
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef54c2dc4b556133eeccc8b1ae4338f350502a5a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240710/f3b5dc39/attachment.htm>
More information about the debian-security-tracker-commits
mailing list