Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0d182553 by Salvatore Bonaccorso at 2024-06-01T17:16:33+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -39,9 +39,9 @@ CVE-2024-34002 (In a shared hosting environment that has been
misconfigured to a
CVE-2024-34001 (Actions in the admin preset tool did not include the necessary
token t ...)
- moodle <removed>
CVE-2024-2933 (The Page Builder Gutenberg Blocks \u2013 CoBlocks plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2506 (The Popup Builder \u2013 Create highly converting, mobile
friendly mar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2295 (The Contact Form Manager plugin for WordPress is vulnerable to
Stored ...)
TODO: check
CVE-2024-1324 (The QQWorld Auto Save Images plugin for WordPress is vulnerable
to una ...)
@@ -84,7 +84,7 @@ CVE-2024-36120 (javascript-deobfuscator removes common
JavaScript obfuscation te
CVE-2024-36108 (casgate is an Open Source Identity and Access Management
system. In af ...)
TODO: check
CVE-2024-35196 (Sentry is a developer-first error tracking and performance
monitoring ...)
- TODO: check
+ NOT-FOR-US: Sentry
CVE-2024-35142 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could
allow a ...)
NOT-FOR-US: IBM
CVE-2024-35140 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could
allow a ...)
@@ -108,29 +108,29 @@ CVE-2024-31889 (IBM Planning Analytics Local 2.0 and 2.1
is vulnerable to cross-
CVE-2024-31030 (An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows
remote ...)
TODO: check
CVE-2024-29848 (An unrestricted file upload vulnerability in web component of
Ivanti A ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29846 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29830 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29829 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29828 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29827 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29826 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29825 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29824 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29823 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29822 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-28736 (An issue in Debezium Community debezium-ui v.2.5 allows a
local attack ...)
- TODO: check
+ NOT-FOR-US: Debezium Community debezium-ui
CVE-2024-23692 (Rejetto HTTP File Server, up to and including version 2.3m, is
vulnera ...)
TODO: check
CVE-2024-23316 (HTTP request desynchronization in Ping Identity PingAccess,
all versio ...)
@@ -186,9 +186,9 @@ CVE-2024-36246 (Missing authorization vulnerability exists
in Unifier and Unifie
CVE-2024-36119 (Statamic is a, Laravel + Git powered CMS designed for building
website ...)
TODO: check
CVE-2024-32850 (Improper neutralization of special elements used in a command
('Comman ...)
- TODO: check
+ NOT-FOR-US: SkyBridge
CVE-2024-2793 (The Visual Website Collaboration, Feedback & Project Management
\u2013 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23847 (Incorrect default permissions issue exists in Unifier and
Unifier Cast ...)
TODO: check
CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where
an Atta ...)
@@ -269,9 +269,9 @@ CVE-2024-3584 (qdrant/qdrant version 1.9.0-dev is
vulnerable to path traversal d
CVE-2024-3583 (The Simple Like Page Plugin plugin for WordPress is vulnerable
to Stor ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3301 (An unsafe .NET object deserialization vulnerability in DELMIA
Apriso R ...)
- TODO: check
+ NOT-FOR-US: DELMIA Apriso
CVE-2024-3300 (An unsafe .NET object deserialization vulnerability in DELMIA
Apriso R ...)
- TODO: check
+ NOT-FOR-US: DELMIA Apriso
CVE-2024-36118 (MeterSphere is a test management and interface testing tool.
In affect ...)
NOT-FOR-US: MeterSphere
CVE-2024-35504 (A cross-site scripting (XSS) vulnerability in the login page
of FineSo ...)
@@ -317,17 +317,17 @@ CVE-2024-35349 (A vulnerability has been discovered in
Di\xf1o Physics School As
CVE-2024-35345 (A vulnerability has been discovered in Di\xf1o Physics School
Assistan ...)
NOT-FOR-US: Dino Physics School Assistant
CVE-2024-35228 (Wagtail is an open source content management system built on
Django. D ...)
- TODO: check
+ NOT-FOR-US: Wagtail
CVE-2024-35189 (Fides is an open-source privacy engineering platform. The
Fides webser ...)
- TODO: check
+ NOT-FOR-US: Fides
CVE-2024-34171 (Fuji Electric Monitouch V-SFT is vulnerable to a stack-based
buffer o ...)
- TODO: check
+ NOT-FOR-US: Fuji Electric Monitouch V-SFT
CVE-2024-32877 (Yii 2 is a PHP application framework. During internal
penetration test ...)
TODO: check
CVE-2024-32029
REJECTED
CVE-2024-2657 (The Font Farsi plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2422 (LenelS2 NetBox access control and event monitoring system was
discover ...)
TODO: check
CVE-2024-2421 (LenelS2 NetBox access control and event monitoring system was
discover ...)
@@ -769,7 +769,7 @@ CVE-2024-36267 (Path traversal vulnerability exists in
Redmine DMSF Plugin versi
CVE-2024-36114 (Aircompressor is a library with ports of the Snappy, LZO, LZ4,
and Zst ...)
TODO: check
CVE-2024-35221 (Rubygems.org is the Ruby community's gem hosting service. A
Gem publis ...)
- TODO: check
+ NOT-FOR-US: Rubygems.org gem hosting service
CVE-2024-2253 (The Testimonial Carousel For Elementor plugin for WordPress is
vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5185 (The EmbedAI application is susceptible to security issues that
enable ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d182553e2b13640d44ba0e25d45aed507b9a1c9
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d182553e2b13640d44ba0e25d45aed507b9a1c9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
