[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 26 21:28:47 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e6cf2bf0 by Salvatore Bonaccorso at 2024-06-26T22:28:16+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
CVE-2024-6354 (Improper access control in PAM dashboard in Devolutions Remote Desktop ...)
- TODO: check
+ NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2024-6349
REJECTED
CVE-2024-6344 (A vulnerability, which was classified as problematic, was found in ZKT ...)
- TODO: check
+ NOT-FOR-US: ZKTeco ZKBio CVSecurity V5000
CVE-2024-4604 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in M ...)
- TODO: check
+ NOT-FOR-US: Magarsus Consultancy SSO (Single Sign On)
CVE-2024-4228 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Magarsus Consultancy SSO (Single Sign On)
CVE-2024-39460 (Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier p ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2024-39459 (In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 an ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2024-39458 (When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to c ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2024-39243 (An issue discovered in skycaiji 2.8 allows attackers to run arbitrary ...)
- TODO: check
+ NOT-FOR-US: skycaiji
CVE-2024-39242 (A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows att ...)
- TODO: check
+ NOT-FOR-US: skycaiji
CVE-2024-39241 (Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attack ...)
- TODO: check
+ NOT-FOR-US: skycaiji
CVE-2024-38950 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attacker ...)
TODO: check
CVE-2024-38949 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attacker ...)
@@ -27,7 +27,7 @@ CVE-2024-38949 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows at
CVE-2024-38527 (ZenUML is JavaScript-based diagramming tool that requires no server, u ...)
TODO: check
CVE-2024-38520 (SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Pro ...)
- TODO: check
+ NOT-FOR-US: SoftEtherVPN
CVE-2024-38375 (@fastly/js-compute is a JavaScript SDK and runtime for building Fastly ...)
TODO: check
CVE-2024-38272 (There exists a vulnerability in Quickshare/Nearby where an attacker ca ...)
@@ -35,11 +35,11 @@ CVE-2024-38272 (There exists a vulnerability in Quickshare/Nearby where an attac
CVE-2024-38271 (There exists a vulnerability in Quickshare/Nearby where an attacker ca ...)
TODO: check
CVE-2024-37252 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37098 (Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes Blo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35545 (MAP-OS v4.45.0 and earlier was discovered to contain a cross-site scri ...)
- TODO: check
+ NOT-FOR-US: MAP-OS
CVE-2024-33329 (A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows att ...)
TODO: check
CVE-2024-33328 (A cross-site scripting (XSS) vulnerability in the component main.jsp o ...)
@@ -125,9 +125,9 @@ CVE-2024-37138 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7
CVE-2024-36802
REJECTED
CVE-2024-35527 (An arbitrary file upload vulnerability in /fileupload/upload.cfm in Da ...)
- TODO: check
+ NOT-FOR-US: Daemon PTY Limited FarCry Core framework
CVE-2024-35526 (An issue in Daemon PTY Limited FarCry Core framework before 7.2.14 all ...)
- TODO: check
+ NOT-FOR-US: Daemon PTY Limited FarCry Core framework
CVE-2024-34581 (The W3C XML Signature Syntax and Processing (XMLDsig) specification, s ...)
TODO: check
CVE-2024-34580 (Apache XML Security for C++ through 2.0.4 implements the XML Signature ...)
@@ -264,7 +264,7 @@ CVE-2024-37086 (VMware ESXi contains an out-of-bounds read vulnerability.A mali
CVE-2024-37085 (VMware ESXi contains an authentication bypass vulnerability.A maliciou ...)
NOT-FOR-US: VMware
CVE-2024-36819 (MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting (XSS). ...)
- TODO: check
+ NOT-FOR-US: MAP-OS
CVE-2024-34142 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
NOT-FOR-US: Adobe
CVE-2024-34141 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
@@ -582,7 +582,7 @@ CVE-2024-37678 (Cross Site Scripting vulnerability in Hangzhou Meisoft Informati
CVE-2024-37677 (An issue in Shenzhen Weitillage Industrial Co., Ltd the access managem ...)
NOT-FOR-US: Shenzhen Weitillage Industrial
CVE-2024-37233 (Improper Authentication vulnerability in Play.Ht allows Accessing Func ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37231 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: Salon Booking System Salon booking system
CVE-2024-37228 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6cf2bf01b1a41d0f35117cc0f46f077d7bb362c
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6cf2bf01b1a41d0f35117cc0f46f077d7bb362c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240626/40c31e57/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list