[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 14 22:00:15 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
db2c9515 by Salvatore Bonaccorso at 2024-11-14T22:59:52+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25,7 +25,7 @@ CVE-2024-5918 (An improper certificate validation vulnerability in Palo Alto Net
CVE-2024-5917 (A server-side request forgery in PAN-OS software enables an unauthenti ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2024-5125 (parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scriptin ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2024-52524 (Giskard is an evaluation and testing framework for AI systems. A Remot ...)
TODO: check
CVE-2024-52505 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging ...)
@@ -69,59 +69,59 @@ CVE-2024-52369 (Unrestricted Upload of File with Dangerous Type vulnerability in
CVE-2024-52302 (common-user-management is a robust Spring Boot application featuring u ...)
TODO: check
CVE-2024-51688 (Cross-Site Request Forgery (CSRF) vulnerability in FraudLabs Pro Fraud ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50843 (A Directory listing issue was found in PHPGurukul User Registration & ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul User Registration & Login and User Management System
CVE-2024-50842 (A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/ ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50841 (A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/ ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50840 (A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/ ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50839 (A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/ ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50838 (A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/ ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50837 (A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/ ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50836 (A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/ ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50835 (A SQL Injection vulnerability was found in /admin/edit_student.php in ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50834 (A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learni ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50833 (A SQL Injection vulnerability was found in /login.php in KASHIPARA E-l ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50832 (A SQL Injection vulnerability was found in /admin/edit_class.php in ka ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50831 (A SQL Injection was found in /admin/admin_user.php in kashipara E-lear ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50830 (A SQL Injection vulnerability was found in /admin/calendar_of_events.p ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50829 (A SQL Injection vulnerability was found in /admin/edit_subject.php in ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50828 (A SQL Injection vulnerability was found in /admin/edit_department.php ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50827 (A SQL Injection vulnerability was found in /admin/add_subject.php in k ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50826 (A SQL Injection vulnerability was found in /admin/add_content.php in k ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50825 (A SQL Injection vulnerability was found in /admin/school_year.php in k ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50824 (A SQL Injection vulnerability was found in /admin/class.php in kashipa ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-50823 (A SQL Injection vulnerability was found in /admin/login.php in kashipa ...)
- TODO: check
+ NOT-FOR-US: KASHIPARA E-learning Management System Project
CVE-2024-4343 (A Python command injection vulnerability exists in the `SagemakerLLM` ...)
TODO: check
CVE-2024-4311 (zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due ...)
- TODO: check
+ NOT-FOR-US: zenml-io/zenml
CVE-2024-49362 (Joplin is a free, open source note taking and to-do application. Jopli ...)
TODO: check
CVE-2024-49025 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-48284 (A Reflected Cross-Site Scripting (XSS) vulnerability was found in the ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul User Registration & Login and User Management System
CVE-2024-47916 (Boa web server - CWE-22: Improper Limitation of a Pathname to a Restri ...)
TODO: check
CVE-2024-47915 (VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthor ...)
@@ -129,47 +129,47 @@ CVE-2024-47915 (VaeMendis - CWE-200: Exposure of Sensitive Information to an Un
CVE-2024-47914 (VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF))
TODO: check
CVE-2024-45670 (IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-45642 (IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This v ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-45254 (VaeMendis - CWE-79: Improper Neutralization of Input During Web Page G ...)
TODO: check
CVE-2024-45253 (Avigilon \u2013 CWE-22: Improper Limitation of a Pathname to a Restric ...)
TODO: check
CVE-2024-45099 (IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This v ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-42188 (HCL Connections is vulnerable to a broken access control vulnerability ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-3760 (In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-3502 (In lunary-ai/lunary versions up to and including 1.2.5, an information ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-3501 (In lunary-ai/lunary versions up to and including 1.2.5, an information ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-3379 (In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authori ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-37285 (A deserialization issue in Kibana can lead to arbitrary code execution ...)
- TODO: check
+ - kibana <itp> (bug #700337)
CVE-2024-2552 (A command injection vulnerability in Palo Alto Networks PAN-OS softwar ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2024-2551 (A null pointer dereference vulnerability in Palo Alto Networks PAN-OS ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2024-2550 (A null pointer dereference vulnerability in the GlobalProtect gateway ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2024-1682 (An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio f ...)
TODO: check
CVE-2024-11215 (Absolute path traversal (incorrect restriction of a path to a restrict ...)
TODO: check
CVE-2024-11214 (A vulnerability has been found in SourceCodester Best Employee Managem ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best Employee Management System
CVE-2024-11213 (A vulnerability, which was classified as critical, was found in Source ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best Employee Management System
CVE-2024-11212 (A vulnerability, which was classified as critical, has been found in S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best Employee Management System
CVE-2024-11211 (A vulnerability classified as critical has been found in EyouCMS 1.5.6 ...)
- TODO: check
+ NOT-FOR-US: EyouCMS
CVE-2024-11210 (A vulnerability was found in EyouCMS 1.51. It has been rated as critic ...)
- TODO: check
+ NOT-FOR-US: EyouCMS
CVE-2024-11209 (A vulnerability was found in Apereo CAS 6.6. It has been classified as ...)
TODO: check
CVE-2024-11208 (A vulnerability was found in Apereo CAS 6.6 and classified as problema ...)
@@ -179,11 +179,11 @@ CVE-2024-11207 (A vulnerability has been found in Apereo CAS 6.6 and classified
CVE-2024-11136 (The default TCL Camera application exposes a provider vulnerable to pa ...)
TODO: check
CVE-2024-10962 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10921 (An authorized user may trigger crashes or receive the contents of buff ...)
TODO: check
CVE-2024-10571 (The Chartify \u2013 WordPress Chart Plugin plugin for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10979 (Incorrect control of environment variables in PostgreSQL PL/Perl allow ...)
- postgresql-17 17.1-1
- postgresql-16 <unfixed>
@@ -1309,7 +1309,7 @@ CVE-2024-10218 (XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility),
CVE-2024-10217 (XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility),monito ...)
TODO: check
CVE-2023-52268 (The End-User Portal module before 1.0.65 for FreeScout sometimes allow ...)
- TODO: check
+ NOT-FOR-US: FreeScout module
CVE-2023-50176 (A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and ...)
NOT-FOR-US: FortiGuard
CVE-2023-47543 (An authorization bypass through user-controlled key vulnerability [CWE ...)
@@ -1506,7 +1506,7 @@ CVE-2024-34015 (Sensitive information disclosure during file browsing due to imp
CVE-2024-34014 (Arbitrary file overwrite during recovery due to improper symbolic link ...)
NOT-FOR-US: Acronis
CVE-2024-29075 (Active debug code vulnerability exists in Mesh Wi-Fi router RP562B fir ...)
- TODO: check
+ NOT-FOR-US: Mesh Wi-Fi router RP562B firmware
CVE-2024-25255 (Sublime Text 4 was discovered to contain a command injection vulnerabi ...)
TODO: check
CVE-2024-25254 (SuperScan v4.1 was discovered to contain a buffer overflow via the Hos ...)
@@ -161590,7 +161590,7 @@ CVE-2022-45159
CVE-2022-45158
RESERVED
CVE-2022-45157 (A vulnerability has been identified in the way that Rancher stores vSp ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2022-45156
RESERVED
CVE-2022-45155 (An Improper Handling of Exceptional Conditions vulnerability in obs-se ...)
@@ -201633,17 +201633,17 @@ CVE-2022-31673 (VMware vRealize Operations contains an information disclosure vu
CVE-2022-31672 (VMware vRealize Operations contains a privilege escalation vulnerabili ...)
NOT-FOR-US: VMware
CVE-2022-31671 (Harbor fails to validate user permissions when reading and updating jo ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2022-31670 (Harbor fails to validate the user permissions when updating tag retent ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2022-31669 (Harbor fails to validate the user permissions when updating tag immuta ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2022-31668 (Harbor fails to validate the user permissions when updating p2p prehea ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2022-31667 (Harbor fails to validate the user permissions when updating a robot ac ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2022-31666 (Harbor fails to validate user permissions while deleting Webhook polic ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2022-31665 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
NOT-FOR-US: VMware
CVE-2022-31664 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db2c95156ba234e774e781be4e2ad9dc52da6636
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db2c95156ba234e774e781be4e2ad9dc52da6636
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241114/a525f508/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list