[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jul 13 08:34:26 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
35c90cfe by Salvatore Bonaccorso at 2024-07-13T09:33:54+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -61,63 +61,63 @@ CVE-2024-39914 (FOG is a cloning/imaging/rescue suite/inventory management syste
CVE-2024-39909 (KubeClarity is a tool for detection and management of Software Bill Of ...)
NOT-FOR-US: KubeClarity
CVE-2024-39903 (Solara is a pure Python, React-style framework for scaling Jupyter and ...)
- TODO: check
+ NOT-FOR-US: Solara
CVE-2024-39340 (Securepoint UTM before 12.6.5 mishandles OTP codes.)
- TODO: check
+ NOT-FOR-US: Securepoint
CVE-2024-38736 (Unrestricted Upload of File with Dangerous Type vulnerability in Realt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38735 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38734 (Unrestricted Upload of File with Dangerous Type vulnerability in Sprea ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38717 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38716 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38715 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38709 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38706 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38704 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38700 (Improper Neutralization of Special Elements in Output Used by a Downst ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37941 (Cross-Site Request Forgery (CSRF) vulnerability in Internal Link Juice ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37940 (Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37939 (Cross-Site Request Forgery (CSRF) vulnerability in VolThemes Patricia ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-37938 (Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop Sociall ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-37933 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37932 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37928 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-37927 (Improper Privilege Management vulnerability in NooTheme Jobmonster all ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-37564 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37560 (Improper Privilege Management vulnerability in IqbalRony WP User Switc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37544 (Missing Authorization vulnerability in Tobias Conrad Get Better Review ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37405 (Livechat messages can be leaked by combining two NoSQL injections affe ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat livechat
CVE-2024-37213 (Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Team Ali2Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37202 (Missing Authorization vulnerability in BinaryCarpenter Ultimate Custom ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-36522 (The default configuration of XSLTResourceStream.java is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Apache Wicket
CVE-2024-35773 (Cross-Site Request Forgery (CSRF) vulnerability in WPJohnny, zerOneIT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41093 (Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs Bluetooth SDK
CVE-2024-41006 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/0b9130247f3b6a1122478471ff0e014ea96bb735 (6.10-rc5)
@@ -600,13 +600,13 @@ CVE-2024-4753 (The WP Secure Maintenance WordPress plugin before 1.7 does not sa
CVE-2024-3112 (The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does n ...)
NOT-FOR-US: WordPress plugin
CVE-2024-36435 (An issue was discovered on Supermicro BMC firmware in select X11, X12, ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2024-2696 (The socialdriver-framework WordPress plugin before 2024.04.30 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2640 (The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2430 (The Website Content in Page or Post WordPress plugin before 2024.04.09 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1375 (The Event post plugin for WordPress is vulnerable to unauthorized bulk ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0974 (The Social Media Widget WordPress plugin before 4.0.9 does not sanitis ...)
@@ -640,7 +640,7 @@ CVE-2024-5679 (CWE-787: Out-of-Bounds Write vulnerability exists that could caus
CVE-2024-39905 (Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3r ...)
NOT-FOR-US: Red Discord bot
CVE-2024-39904 (VNote is a note-taking platform. Prior to 3.18.1, a code execution vul ...)
- TODO: check
+ NOT-FOR-US: VNote
CVE-2024-39553 (An Exposure of Resource to Wrong Sphere vulnerability in the sampling ...)
NOT-FOR-US: Juniper
CVE-2024-39552 (An Improper Handling of Exceptional Conditions vulnerability in the ro ...)
@@ -727,9 +727,9 @@ CVE-2024-37151 (Suricata is a network Intrusion Detection System, Intrusion Prev
NOTE: https://redmine.openinfosecfoundation.org/issues/7041
NOTE: https://redmine.openinfosecfoundation.org/issues/7042
CVE-2024-32753 (Under certain circumstances the camera may be susceptible to known vul ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2024-2602 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (' ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-28872 (The TLS certificate validation code is flawed. An attacker can obtain ...)
TODO: check
CVE-2024-6676 (A vulnerability has been found in witmy my-springsecurity-plus up to 2 ...)
@@ -829,23 +829,23 @@ CVE-2024-39511 (An Improper Input Validation vulnerability in the 802.1X Authent
CVE-2024-38433 (Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attac ...)
NOT-FOR-US: Nuvoton
CVE-2024-25077 (An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697 ...)
- TODO: check
+ NOT-FOR-US: Renesas SmartBond devices
CVE-2024-25076 (An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697 ...)
- TODO: check
+ NOT-FOR-US: Renesas SmartBond devices
CVE-2024-23485 (Improperly Preserved Integrity of Hardware Configuration State During ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2024-23317 (External Control of File Name or Path (CWE-73) in the Controller 6000 ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2024-23194 (Improper output Neutralization for Logs (CWE-117) in the Command Centr ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2024-22387 (External Control of Critical State Data (CWE-642) in the Controller 60 ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2024-22280 (VMware Aria Automation does not apply correct input validation which a ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-1845 (The VikRentCar Car Rental Management System WordPress plugin before 1. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0619 (The Payflex Payment Gateway plugin for WordPress is vulnerable to unau ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-15039 (A vulnerability classified as critical was found in mhuertos phpLDAPad ...)
TODO: check
CVE-2024-5528
@@ -1134,7 +1134,7 @@ CVE-2024-23696 (In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitra
CVE-2024-23695 (In CacheOpPMRExec of cache_km.c, there is a possible out of bounds wri ...)
NOT-FOR-US: Android
CVE-2024-22477 (A cross-site scripting vulnerability exists in the admin console OIDC ...)
- TODO: check
+ NOT-FOR-US: PingIdentity
CVE-2024-22377 (The deploy directory in PingFederate runtime nodes is reachable to una ...)
NOT-FOR-US: PingIdentity
CVE-2024-21993 (SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability ...)
@@ -1386,7 +1386,7 @@ CVE-2024-38517 (Tencent RapidJSON is vulnerable to privilege escalation due to a
- rapidjson <unfixed>
NOTE: https://github.com/Tencent/rapidjson/pull/1261
CVE-2024-38363 (Airbyte is a data integration platform for ELT pipelines. Airbyte conn ...)
- TODO: check
+ NOT-FOR-US: Airbyte
CVE-2024-38278 (A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All ver ...)
NOT-FOR-US: Siemens
CVE-2024-38112 (Windows MSHTML Platform Spoofing Vulnerability)
@@ -1838,35 +1838,35 @@ CVE-2023-40702 (PingOne MFA Integration Kit contains a vulnerability where the s
CVE-2023-40356 (PingOne MFA Integration Kit contains a vulnerability related to the Pr ...)
NOT-FOR-US: PingOne MFA Integration Kit
CVE-2023-3290 (A BOLA vulnerability in POST /customers allows a low privileged user t ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-3289 (A BOLA vulnerability in POST /services allows a low privileged user to ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-3288 (A BOLA vulnerability in POST /providers allows a low privileged user t ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-3287 (A BOLA vulnerability in POST /admins allows a low privileged user to c ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-3286 (A BOLA vulnerability in POST /secretaries allows a low privileged user ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-3285 (A BOLA vulnerability in POST /appointments allows a low privileged use ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38055 (A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38054 (A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allow ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38053 (A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allow ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38052 (A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a lo ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38051 (A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} al ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38050 (A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38049 (A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38048 (A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allow ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-38047 (A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allo ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2023-32737 (A vulnerability has been identified in SIMATIC STEP 7 Safety V18 (All ...)
NOT-FOR-US: Siemens
CVE-2023-32735 (A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35c90cfe813f168eef1a5503e2a0f9e468315223
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35c90cfe813f168eef1a5503e2a0f9e468315223
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240713/892d4a76/attachment.htm>
More information about the debian-security-tracker-commits
mailing list