[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 17 21:22:01 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d9120475 by Salvatore Bonaccorso at 2024-07-17T22:21:30+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,31 +1,31 @@
CVE-2024-6834 (A vulnerability in APIML Spring Cloud Gateway which leverages user pri ...)
- TODO: check
+ NOT-FOR-US: APIML Spring Cloud Gateway
CVE-2024-6833 (A vulnerability in Zowe CLI allows local, privileged actors to store p ...)
- TODO: check
+ NOT-FOR-US: Zowe CLI
CVE-2024-6830 (A vulnerability, which was classified as critical, was found in Source ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Simple Inventory Management System
CVE-2024-6765
REJECTED
CVE-2024-5471 (Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnera ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine DDI Central
CVE-2024-40641 (Nuclei is a fast and customizable vulnerability scanner based on simpl ...)
- TODO: check
+ NOT-FOR-US: Nuclei
CVE-2024-40640 (vodozemac is an open source implementation of Olm and Megolm in pure R ...)
- TODO: check
+ NOT-FOR-US: vodozemac
CVE-2024-40639
REJECTED
CVE-2024-40636 (Steeltoe is an open source project that provides a collection of libra ...)
- TODO: check
+ NOT-FOR-US: Steeltoe
CVE-2024-40633 (Sylius is an Open Source eCommerce Framework on Symfony. A security vu ...)
- TODO: check
+ NOT-FOR-US: Sylius
CVE-2024-40617 (Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 ( ...)
- TODO: check
+ NOT-FOR-US: FUJITSU Network Edgiot GW1500
CVE-2024-40420 (A Server-Side Template Injection (SSTI) vulnerability in the edit them ...)
- TODO: check
+ NOT-FOR-US: openCart
CVE-2024-40402 (A SQL injection vulnerability was found in 'ajax.php' of Sourcecodeste ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Simple Library Management System
CVE-2024-40119 (Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmw ...)
- TODO: check
+ NOT-FOR-US: Nepstech Wifi Router
CVE-2024-39126 (Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG do ...)
TODO: check
CVE-2024-39125 (Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Refere ...)
@@ -33,7 +33,7 @@ CVE-2024-39125 (Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP
CVE-2024-39124 (In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.)
TODO: check
CVE-2024-38870 (Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpM ...)
- TODO: check
+ NOT-FOR-US: ZohocorpZohocorp ManageEngine
CVE-2024-38447 (NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modi ...)
TODO: check
CVE-2024-38446 (NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a r ...)
@@ -43,51 +43,51 @@ CVE-2024-36491 (FutureNet NXR series, VXR series and WXR series provided by Cent
CVE-2024-36475 (FutureNet NXR series, VXR series and WXR series provided by Century Sy ...)
TODO: check
CVE-2024-32981 (Silverstripe framework is the PHP framework forming the base for the S ...)
- TODO: check
+ NOT-FOR-US: Silverstripe framework
CVE-2024-31979 (Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes ...)
- TODO: check
+ NOT-FOR-US: Apache StreamPipes
CVE-2024-31411 (Unrestricted Upload of File with dangerous type vulnerability in Apach ...)
- TODO: check
+ NOT-FOR-US: Apache StreamPipes
CVE-2024-31070 (Initialization of a resource with an insecure default vulnerability in ...)
- TODO: check
+ NOT-FOR-US: FutureNet
CVE-2024-30471 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apa ...)
- TODO: check
+ NOT-FOR-US: Apache StreamPipes
CVE-2024-29885 (silverstripe/reports is an API for creating backend reports in the Sil ...)
- TODO: check
+ NOT-FOR-US: Silverstripe reports
CVE-2024-29737 (In streampark, the project module integrates Maven's compilation capab ...)
TODO: check
CVE-2024-29120 (In Streampark (version < 2.1.4), when a user logged in successfully, t ...)
TODO: check
CVE-2024-28993 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-28992 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-28796 (IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross- ...)
- TODO: check
+ NOT-FOR-US: IBM X-Force ID:
CVE-2024-28074 (It was discovered that a previous vulnerability was not completely fix ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-27311 (Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnera ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-23475 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23474 (The SolarWinds Access Rights Manager was found to be susceptible to an ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23472 (SolarWinds Access Rights Manager (ARM) is susceptible to Directory Tra ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23471 (The SolarWinds Access Rights Manager was found to be susceptible to a ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23470 (The SolarWinds Access Rights Manager was found to be susceptible to a ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23469 (SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23468 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23467 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23466 (SolarWinds Access Rights Manager (ARM) is susceptible to a Directory T ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23465 (The SolarWinds Access Rights Manager was found to be susceptible to an ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-20435 (A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance c ...)
TODO: check
CVE-2024-20429 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
@@ -201,9 +201,9 @@ CVE-2024-39863 (Apache Airflow versions before 2.9.3 have a vulnerability that a
CVE-2024-2884 (Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allo ...)
TODO: check
CVE-2024-21687 (This High severity File Inclusion vulnerability was introduced in vers ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2024-21188 (Vulnerability in the Oracle Financial Services Revenue Management and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2024-21185 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2024-21184 (Vulnerability in the Oracle Database RDBMS Security component of Oracl ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d91204753f79fea080d8c7f4cb3d2ba517ed6438
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d91204753f79fea080d8c7f4cb3d2ba517ed6438
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240717/68c98ed8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list