[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 12 21:27:44 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fc7b6fe7 by Salvatore Bonaccorso at 2024-06-12T22:26:24+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,79 +1,79 @@
CVE-2024-5909 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-5908 (A problem with the Palo Alto Networks GlobalProtect app can result in ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-5907 (A privilege escalation (PE) vulnerability in the Palo Alto Networks Co ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-5906 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prism ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-5905 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-5898 (A vulnerability was found in itsourcecode Payroll Management System 1. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Payroll Management System
CVE-2024-5897 (A vulnerability has been found in SourceCodester Employee and Visitor ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Employee and Visitor Gate Pass Logging System
CVE-2024-5896 (A vulnerability, which was classified as critical, was found in Source ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Employee and Visitor Gate Pass Logging System
CVE-2024-5895 (A vulnerability, which was classified as critical, has been found in S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Employee and Visitor Gate Pass Logging System
CVE-2024-5894 (A vulnerability classified as critical was found in SourceCodester Onl ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Eyewear Shop
CVE-2024-5893 (A vulnerability classified as critical has been found in SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Cab Management System
CVE-2024-5891 (A vulnerability was found in Quay. If an attacker can obtain the clien ...)
- TODO: check
+ NOT-FOR-US: Quay
CVE-2024-5798 (Vault and Vault Enterprise did not properly validate the JSON Web Toke ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2024-5759 (An improper privilege management vulnerability exists in Tenable Secur ...)
- TODO: check
+ NOT-FOR-US: Tenable Security Center
CVE-2024-5674 (The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5560 (CWE-125: Out-of-bounds Read vulnerability exists that could cause deni ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-5559 (CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-5558 (CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-5557 (CWE-532: Insertion of Sensitive Information into Log File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-5468 (The WordPress Header Builder Plugin \u2013 Pearl plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5313 (CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists th ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-5266 (The Download Manager Pro plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5211 (A path traversal vulnerability in mintplex-labs/anything-llm allowed a ...)
- TODO: check
+ NOT-FOR-US: mintplex-labs/anything-llm
CVE-2024-5056 (CWE-552: Files or Directories Accessible to External Parties vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-4898 (The InstaWP Connect \u2013 1-click WP Staging & Migration plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4845 (The Icegram Express plugin for WordPress is vulnerable to SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3492 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37878 (Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote at ...)
- TODO: check
+ NOT-FOR-US: TWCMS
CVE-2024-37629 (SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the ...)
- TODO: check
+ NOT-FOR-US: SummerNote
CVE-2024-37304 (NuGet Gallery is a package repository that powers nuget.org. The NuGet ...)
TODO: check
CVE-2024-37300 (OAuthenticator is software that allows OAuth2 identity providers to be ...)
TODO: check
CVE-2024-37297 (WooCommerce is an open-source e-commerce platform built on WordPress. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37040 (CWE-120: Buffer Copy without Checking Size of Input (\u2018Classic Buf ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-37039 (CWE-252: Unchecked Return Value vulnerability exists that could cause ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-37038 (CWE-276: Incorrect Default Permissions vulnerability exists that could ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-37037 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\ ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-37036 (CWE-787: Out-of-bounds Write vulnerability exists that could result in ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-36840 (SQL Injection vulnerability in Boelter Blue System Management v.1.3 al ...)
- TODO: check
+ NOT-FOR-US: Boelter Blue System Management
CVE-2024-36761 (naga v0.14.0 was discovered to contain a stack overflow via the compon ...)
TODO: check
CVE-2024-36699 (GNU Debugger v8.2 to v14.2 was discovered to contain a buffer overflow ...)
@@ -81,11 +81,11 @@ CVE-2024-36699 (GNU Debugger v8.2 to v14.2 was discovered to contain a buffer ov
CVE-2024-36691 (Insecure permissions in the AdminController.AjaxSave() method of PPGo_ ...)
TODO: check
CVE-2024-36265 (** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability ...)
- TODO: check
+ NOT-FOR-US: Apache Submarine Server Core
CVE-2024-36264 (** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability ...)
- TODO: check
+ NOT-FOR-US: Apache Submarine Commons Utils
CVE-2024-36263 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Ele ...)
- TODO: check
+ NOT-FOR-US: Apache Submarine Server Core
CVE-2024-34065 (Strapi is an open-source content management system. By combining two v ...)
TODO: check
CVE-2024-31881 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc7b6fe78e181ab6e34789a53ab41b5cf5391cea
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc7b6fe78e181ab6e34789a53ab41b5cf5391cea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240612/016f33df/attachment.htm>
More information about the debian-security-tracker-commits
mailing list