[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 10 21:30:54 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c2a68e87 by Salvatore Bonaccorso at 2024-06-10T22:30:06+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
CVE-2024-5786 (Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1_v ...)
- TODO: check
+ NOT-FOR-US: Comtrend router
CVE-2024-5785 (Command injection vulnerability in Comtrend router WLD71-T1_v2.0.20182 ...)
- TODO: check
+ NOT-FOR-US: Comtrend router
CVE-2024-5597 (Fuji Electric Monitouch V-SFTis vulnerable to a type confusion, which ...)
- TODO: check
+ NOT-FOR-US: Fuji Electric Monitouch V-SFT
CVE-2024-5102 (A sym-linked file accessed via the repair function in Avast Antivirus ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2024-4745 (Missing Authorization vulnerability in RafflePress Giveaways and Conte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4744 (Missing Authorization vulnerability in Avirtum iPages Flipbook.This is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4403 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the restar ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2024-3850 (Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: Uniview NVR301-04S2-P4
CVE-2024-3700 (Use of hard-coded password to the patients' database allows an attacke ...)
TODO: check
CVE-2024-3699 (Use of hard-coded password to the patients' database allows an attacke ...)
TODO: check
CVE-2024-37393 (Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA befor ...)
- TODO: check
+ NOT-FOR-US: SecurEnvoy MFA
CVE-2024-37051 (GitHub access token could be exposed to third-party sites in JetBrains ...)
TODO: check
CVE-2024-37014 (Langflow through 0.6.19 allows remote code execution if untrusted user ...)
@@ -29,95 +29,95 @@ CVE-2024-36531 (nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before
CVE-2024-36528 (nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a ...)
TODO: check
CVE-2024-36417 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-36415 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-36414 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-36413 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-36412 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-36411 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-36410 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-36409 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-36408 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-36407 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-36406 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-36405 (liboqs is a C-language cryptographic library that provides implementat ...)
TODO: check
CVE-2024-35754 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35749 (Authentication Bypass by Spoofing vulnerability in Acurax Under Constr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35747 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35746 (Unrestricted Upload of File with Dangerous Type vulnerability in Asgha ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35745 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35744 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35743 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35728 (Improper Neutralization of Special Elements in Output Used by a Downst ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35712 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35680 (Improper Neutralization of Special Elements in Output Used by a Downst ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35677 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35658 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35650 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35474 (A Directory Traversal vulnerability in iceice666 ResourcePack Server b ...)
- TODO: check
+ NOT-FOR-US: iceice666 ResourcePack Server
CVE-2024-35307 (Argument Injection Leading to Remote Code Execution in Realtime Graph ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2024-35306 (OS Command injection in Ajax PHP files via HTTP Request, allows to exe ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2024-35305 (Unauth Time-Based SQL Injection in API allows to exploit HTTP request ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2024-35304 (System command injection through Netflow functiondue to improper input ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2024-34800 (Missing Authentication for Critical Function vulnerability in Aruphash ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34762 (Vulnerability discovered by executing a planned security audit. Impro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34761 (Vulnerability discovered by executing a planned security audit. Impro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34332 (An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before ...)
- TODO: check
+ NOT-FOR-US: SiSoftware SANDRA
CVE-2024-32167 (Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Ar ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Online Medicine Ordering System
CVE-2024-31613 (BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in na ...)
- TODO: check
+ NOT-FOR-US: BOSSCMS
CVE-2024-31612 (Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via tw ...)
- TODO: check
+ NOT-FOR-US: Emlog pro
CVE-2024-31611 (SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2024-28833 (Improper restriction of excessive authentication attempts with two fac ...)
TODO: check
CVE-2024-27792 (This issue was addressed by adding an additional prompt for user conse ...)
TODO: check
CVE-2024-26507 (An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, ...)
- TODO: check
+ NOT-FOR-US: FinalWire
CVE-2024-23524 (Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23299 (The issue was addressed with improved checks. This issue is fixed in m ...)
TODO: check
CVE-2024-22298 (Missing Authorization vulnerability in TMS Amelia ameliabooking.This i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22296 (Missing Authorization vulnerability in Code for Recovery 12 Step Meeti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22279 (Improper handling of requests in Routing Release > v0.273.0 and <= v0. ...)
TODO: check
CVE-2024-21751 (Missing Authorization vulnerability in RabbitLoader.This issue affects ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2a68e8758b53a8b042f704e88c8bfa353dae91f
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2a68e8758b53a8b042f704e88c8bfa353dae91f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240610/d154c5a3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list