[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 3 21:43:27 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fd2955a9 by Salvatore Bonaccorso at 2024-06-03T22:42:50+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2024-5404 (An unauthenticated remote attackercan change the admin password in amo ...)
- TODO: check
+ NOT-FOR-US: ifm electronic GmbH
CVE-2024-5388
REJECTED
CVE-2024-5387
@@ -13,27 +13,27 @@ CVE-2024-5197 (There exists interger overflows in libvpx in versions prior to 1.
- libvpx 1.14.1-1
NOTE: https://issues.chromium.org/issues/332382766
CVE-2024-4540 (A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Request ...)
- TODO: check
+ NOT-FOR-US: Keycloak
CVE-2024-4332 (An authentication bypass vulnerability has been identified in the REST ...)
- TODO: check
+ NOT-FOR-US: Tripwire Enterprise
CVE-2024-3829 (qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read a ...)
- TODO: check
+ NOT-FOR-US: qdrant
CVE-2024-37019 (Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 ha ...)
- TODO: check
+ NOT-FOR-US: Northern.tech Mender Enterprise
CVE-2024-36783 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-36729 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2024-36728 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2024-36674 (LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via adm ...)
- TODO: check
+ NOT-FOR-US: LyLme_spage
CVE-2024-36569 (Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbi ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Gas Agency Management System
CVE-2024-36568 (Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Gas Agency Management System
CVE-2024-36128 (Directus is a real-time API and App dashboard for managing SQL databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2024-36127 (apko is an apk-based OCI image builder. apko exposures HTTP basic auth ...)
TODO: check
CVE-2024-36124 (iq80 Snappy is a compression/decompression library. When uncompressing ...)
@@ -41,77 +41,77 @@ CVE-2024-36124 (iq80 Snappy is a compression/decompression library. When uncompr
CVE-2024-36123 (Citizen is a MediaWiki skin that makes extensions part of the cohesive ...)
TODO: check
CVE-2024-35639 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35638 (Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. Act ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35637 (Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35635 (Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35633 (Server-Side Request Forgery (SSRF) vulnerability in CreativeThemes Blo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35632 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integrat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35631 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35630 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34987 (A SQL Injection vulnerability exists in the `ofrs/admin/index.php` scr ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Online Fire Reporting System
CVE-2024-34803 (Missing Authorization vulnerability in Fastly.This issue affects Fastl ...)
TODO: check
CVE-2024-34801 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34798 (Insertion of Sensitive Information into Log File vulnerability in Lukm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34797 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34796 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34795 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34794 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34793 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34791 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34790 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34789 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34770 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34769 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34767 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34766 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34764 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34754 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34385 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34051 (A Reflected Cross-site scripting (XSS) vulnerability located in htdocs ...)
TODO: check
CVE-2024-32983 (Misskey is an open source, decentralized microblogging platform. Missk ...)
TODO: check
CVE-2024-31684 (Incorrect access control in the fingerprint authentication mechanism o ...)
- TODO: check
+ NOT-FOR-US: Bitdefender Mobile Security
CVE-2024-31682 (Incorrect access control in the fingerprint authentication mechanism o ...)
TODO: check
CVE-2024-23670 (An improper authorization in Fortinet FortiWebManager version 7.2.0 an ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-23668 (An improper authorization in Fortinet FortiWebManager version 7.2.0 an ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-23667 (An improper authorization in Fortinet FortiWebManager version 7.2.0 an ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-23665 (Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-23664 (A URL redirection to untrusted site ('open redirect') in Fortinet Fort ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-23363 (Transient DOS while processing an improperly formatted Fine Time Measu ...)
TODO: check
CVE-2024-23360 (Memory corruption while creating a LPAC client as LPAC engine was allo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd2955a970c70ca4695f76cc302cb267cc9d0691
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd2955a970c70ca4695f76cc302cb267cc9d0691
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240603/a7f37dcc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list