[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 20 22:16:29 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a272d647 by Salvatore Bonaccorso at 2024-06-20T23:16:05+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43,45 +43,45 @@ CVE-2024-37897 (SFTPGo is a full-featured and highly configurable SFTP, HTTP/S,
CVE-2024-37818 (Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery ...)
NOT-FOR-US: Strapi
CVE-2024-37699 (An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Inj ...)
- TODO: check
+ NOT-FOR-US: DataLife Engine
CVE-2024-37676 (An issue in htop-dev htop v.2.20 allows a local attacker to cause an o ...)
TODO: check
CVE-2024-37674 (Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote ...)
- moodle <removed>
CVE-2024-37626 (A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 fir ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-37532 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity ...)
NOT-FOR-US: IBM
CVE-2024-37352 (There is a cross-site scripting vulnerability in the management UI of ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37351 (There is a cross-site scripting vulnerability in the management UI of ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37350 (There is a cross-site scripting vulnerability in the policy management ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37349 (There is a cross-site scripting vulnerability in the management UI of ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37348 (There is a cross-site scripting vulnerability in the management UI of ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37347 (There is a cross-site scripting vulnerability in the pool configuratio ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37346 (There is an insufficient input validation vulnerability in the Warehou ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37345 (There is a cross-site scripting vulnerability in the Secure Access adm ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37344 (There is a cross-site scripting vulnerability in the Policy management ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37343 (There is a cross-site scripting vulnerability in the Secure Access adm ...)
- TODO: check
+ NOT-FOR-US: Absolute Secure Access
CVE-2024-37222 (Cross Site Scripting (XSS) vulnerability in Averta Master Slider allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34693 (Improper Input Validation vulnerability in Apache Superset, allows for ...)
- TODO: check
+ NOT-FOR-US: Apache Superset
CVE-2024-33335 (SQL Injection vulnerability in H3C SeaSQL DWS v.2.0 allows a remote at ...)
- TODO: check
+ NOT-FOR-US: H3C SeaSQL DWS
CVE-2024-29013 (Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows ...)
- TODO: check
+ NOT-FOR-US: SonicOS SSL-VPN
CVE-2024-29012 (Stack-based buffer overflow vulnerability in the SonicOS HTTP server a ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2024-28397 (An issue in the component js2py.disable_pyimport() of js2py up to v0.7 ...)
TODO: check
CVE-2024-28147 (An authenticated user can upload arbitrary files in the upload functi ...)
@@ -103100,7 +103100,7 @@ CVE-2023-25648 (There is a weak folder permission vulnerability in ZTE's ZXCLOUD
CVE-2023-25647 (There is a permission and access control vulnerability in some ZTE mob ...)
NOT-FOR-US: ZTE
CVE-2023-25646 (There is an unauthorized access vulnerability in ZTE H388X. If H388X i ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2023-25645 (There is a permission and access control vulnerability in some ZTE And ...)
NOT-FOR-US: ZTE
CVE-2023-25644 (There is a denial of service vulnerability in some ZTEmobile internet ...)
@@ -122119,7 +122119,7 @@ CVE-2022-45931 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL
CVE-2022-45930 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL) befo ...)
NOT-FOR-US: OpenDaylight
CVE-2022-45929 (Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x ...)
- TODO: check
+ NOT-FOR-US: Northern.tech Mender
CVE-2022-45928 (A remote OScript execution issue was discovered in OpenText Content Su ...)
NOT-FOR-US: OpenText
CVE-2022-45927 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...)
@@ -138167,7 +138167,7 @@ CVE-2022-41325 (An integer overflow in the VNC module in VideoLAN VLC Media Play
NOTE: https://www.videolan.org/security/sb-vlc3018.html
NOTE: https://code.videolan.org/videolan/vlc/-/issues/27335
CVE-2022-41324 (Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Inc ...)
- TODO: check
+ NOT-FOR-US: Northern.tech Mender
CVE-2022-41323 (In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, i ...)
{DSA-5254-1}
- python-django 3:3.2.16-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a272d647eb6e198cff5f0c3eb9f67de9d8ca787d
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a272d647eb6e198cff5f0c3eb9f67de9d8ca787d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240620/74ea3fbf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list