Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9baa3dae by Salvatore Bonaccorso at 2024-02-13T09:21:13+01:00 Process several NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,9 +1,9 @@ CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Ma ...) TODO: check CVE-2024-25643 (The SAP Fiori app (My Overtime Request) - version 605, does not perfor ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-25642 (Due to improper validation of certificate in SAP Cloud Connector - ver ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-25407 (SteVe v3.6.0 was discovered to use predictable transaction ID's when r ...) TODO: check CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks infor ...) @@ -27,15 +27,15 @@ CVE-2024-24875 (Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefeb CVE-2024-24826 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) TODO: check CVE-2024-24743 (SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-24742 (SAP CRM WebClient UI- version S4FND 102, S4FND 103, S4FND 104, S4FND 1 ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-24741 (SAP Master Data Governance for Material Data - versions 618, 619, 620, ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-24740 (SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-24739 (SAP Bank Account Management (BAM) allows an authenticated user with re ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-24337 (CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aq ...) TODO: check CVE-2024-23833 (OpenRefine is a free, open source power tool for working with messy da ...) @@ -75,17 +75,17 @@ CVE-2024-22222 (Dell Unity, versions prior to 5.4, contains an OS Command Inject CVE-2024-22221 (Dell Unity, versions prior to 5.4, contains SQL Injection vulnerabilit ...) TODO: check CVE-2024-22132 (SAP IDES ECC-systems contain code that permits the execution of arbitr ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-22131 (In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750 ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-22130 (Print preview option inSAP CRM WebClient UI - versions S4FND 102, S4FN ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-22129 (SAP Companion - version <3.1.38, has a URL with parameter that could b ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-22128 (SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_U ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-22126 (The User Admin application of SAP NetWeaver AS for Java - version 7.50 ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-22024 (An XML external entity or XXE vulnerability in the SAML component of I ...) TODO: check CVE-2024-21491 (Versions of the package svix before 1.17.0 are vulnerable to Authentic ...) @@ -102681,7 +102681,7 @@ CVE-2020-36601 (Out-of-bounds write vulnerability in the kernel modules. Success CVE-2020-36600 (Out-of-bounds write vulnerability in the power consumption module. Suc ...) NOT-FOR-US: Huawei CVE-2022-38714 (IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive cr ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-38713 RESERVED CVE-2022-38712 ("IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services ...) @@ -115121,11 +115121,11 @@ CVE-2022-34313 (IBM CICS TX 11.1 does not set the secure attribute on authorizat CVE-2022-34312 (IBM CICS TX 11.1 allows web pages to be stored locally which can be re ...) NOT-FOR-US: IBM CVE-2022-34311 (IBM CICS TX Standard and Advanced 11.1 could allow a user with physica ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-34310 (IBM CICS TX Standard and Advanced 11.1 uses weaker than expected crypt ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-34309 (IBM CICS TX Standard and Advanced 11.1 uses weaker than expected crypt ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-34308 (IBM CICS TX 11.1 could allow a local user to cause a denial of service ...) NOT-FOR-US: IBM CVE-2022-34307 (IBM CICS TX 11.1 does not set the secure attribute on authorization to ...) @@ -151406,7 +151406,7 @@ CVE-2022-22508 (Improper Input Validation vulnerability in multiple CODESYS V3 p CVE-2022-22507 REJECTED CVE-2022-22506 (IBM Robotic Process Automation 21.0.2 contains a vulnerability that co ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-22505 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a v ...) NOT-FOR-US: IBM CVE-2022-22504 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9baa3dae6935ec67e2056402ea97be99ff490418 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9baa3dae6935ec67e2056402ea97be99ff490418 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits