[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 4 21:46:37 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
da801b57 by Salvatore Bonaccorso at 2024-10-04T22:46:07+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,81 +37,81 @@ CVE-2024-47789 (** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D
CVE-2024-47769 (IDURAR is open source ERP CRM accounting invoicing software. The vulne ...)
NOT-FOR-US: IDURAR
CVE-2024-47768 (Lif Authentication Server is a server used by Lif to do various tasks ...)
- TODO: check
+ NOT-FOR-US: Lif Auth Server
CVE-2024-47765 (Minecraft MOTD Parser is a PHP library to parse minecraft server motd. ...)
TODO: check
CVE-2024-47764 (cookie is a basic HTTP cookie parser and serializer for HTTP servers. ...)
TODO: check
CVE-2024-47657 (This vulnerability exists in the Shilpi Net Back Office due to imprope ...)
- TODO: check
+ NOT-FOR-US: Shilpi Net Back Office
CVE-2024-47656 (This vulnerability exists in Shilpi Client Dashboard due to missing re ...)
- TODO: check
+ NOT-FOR-US: Shilpi Client Dashboard
CVE-2024-47655 (This vulnerability exists in the Shilpi Client Dashboard due to improp ...)
- TODO: check
+ NOT-FOR-US: Shilpi Client Dashboard
CVE-2024-47654 (This vulnerability exists in Shilpi Client Dashboard due to lack of ra ...)
- TODO: check
+ NOT-FOR-US: Shilpi Client Dashboard
CVE-2024-47653 (This vulnerability exists in Shilpi Client Dashboard due to lack of au ...)
- TODO: check
+ NOT-FOR-US: Shilpi Client Dashboard
CVE-2024-47652 (This vulnerability exists in Shilpi Client Dashboard due to implementa ...)
- TODO: check
+ NOT-FOR-US: Shilpi Client Dashboard
CVE-2024-47651 (This vulnerability exists in Shilpi Client Dashboard due to improper h ...)
- TODO: check
+ NOT-FOR-US: Shilpi Client Dashboard
CVE-2024-47211 (In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x a ...)
TODO: check
CVE-2024-47183 (Parse Server is an open source backend that can be deployed to any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2024-46486 (TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execut ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2024-46409 (A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 a ...)
- TODO: check
+ NOT-FOR-US: SeedDMS
CVE-2024-46078 (itsourcecode Sports Management System Project 1.0 is vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Sports Management System Project
CVE-2024-46077 (itsourcecode Online Tours and Travels Management System v1.0 is vulner ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Online Tours and Travels Management System
CVE-2024-44439 (An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligen ...)
- TODO: check
+ NOT-FOR-US: Shanghai Zhouma Network Technology CO
CVE-2024-43687 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Microchip
CVE-2024-43686 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Microchip
CVE-2024-43685 (Improper Authentication vulnerability in Microchip TimeProvider 4100 ( ...)
- TODO: check
+ NOT-FOR-US: Microchip
CVE-2024-43684 (Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvi ...)
- TODO: check
+ NOT-FOR-US: Microchip
CVE-2024-43683 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in M ...)
- TODO: check
+ NOT-FOR-US: Microchip
CVE-2024-41516 (A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.asp ...)
- TODO: check
+ NOT-FOR-US: CADClick
CVE-2024-41515 (A reflected cross-site scripting (XSS) vulnerability in "ccHandlerReso ...)
- TODO: check
+ NOT-FOR-US: CADClick
CVE-2024-41514 (A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.a ...)
- TODO: check
+ NOT-FOR-US: CADClick
CVE-2024-41513 (A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" ...)
- TODO: check
+ NOT-FOR-US: CADClick
CVE-2024-41512 (A SQL Injection vulnerability in "ccHandler.aspx" in all versions of C ...)
- TODO: check
+ NOT-FOR-US: CADClick
CVE-2024-41511 (A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRe ...)
- TODO: check
+ NOT-FOR-US: CADClick
CVE-2024-38040 (There is a local file inclusion vulnerability in Esri Portal for ArcGI ...)
- TODO: check
+ NOT-FOR-US: Esri Portal for ArcGIS
CVE-2024-38039 (There is an HTML injection vulnerability in Esri Portal for ArcGIS ver ...)
- TODO: check
+ NOT-FOR-US: Esri Portal for ArcGIS
CVE-2024-38038 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
- TODO: check
+ NOT-FOR-US: Esri Portal for ArcGIS
CVE-2024-38037 (There is an unvalidated redirect vulnerability in Esri Portal for ArcG ...)
- TODO: check
+ NOT-FOR-US: Esri Portal for ArcGIS
CVE-2024-38036 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
- TODO: check
+ NOT-FOR-US: Esri Portal for ArcGIS
CVE-2024-25707 (There is a reflected cross site scripting in Esri Portal for ArcGIS 11 ...)
- TODO: check
+ NOT-FOR-US: Esri Portal for ArcGIS
CVE-2024-25702 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
- TODO: check
+ NOT-FOR-US: Esri Portal for ArcGIS
CVE-2024-25701 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
- TODO: check
+ NOT-FOR-US: Esri Portal for ArcGIS
CVE-2024-25694 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
- TODO: check
+ NOT-FOR-US: Esri Portal for ArcGIS
CVE-2024-25691 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
- TODO: check
+ NOT-FOR-US: Esri Portal for ArcGIS
CVE-2024-47191
{DSA-5784-1}
- oath-toolkit 2.6.12-1
@@ -124030,9 +124030,9 @@ CVE-2023-26773 (Cross Site Scripting vulnerability found in Sales Tracker Manage
CVE-2023-26772
RESERVED
CVE-2023-26771 (Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a ...)
- TODO: check
+ NOT-FOR-US: Taskcafe
CVE-2023-26770 (TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticat ...)
- TODO: check
+ NOT-FOR-US: Taskcafe
CVE-2023-26769 (Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 all ...)
- liblouis 3.24.0-2 (bug #1033202; unimportant)
NOTE: https://github.com/liblouis/liblouis/pull/1300
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da801b57073d92988f5a00ddda252bce0f164bc2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da801b57073d92988f5a00ddda252bce0f164bc2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241004/12db2b43/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list