Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e4835588 by Salvatore Bonaccorso at 2024-06-25T21:05:58+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -175,57 +175,57 @@ CVE-2024-36682 (In the module "Theme settings" (pk_themesettings) <= 1.8.8 from CVE-2024-36681 (SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7 ...) NOT-FOR-US: PrestaShop module CVE-2024-34992 (SQL Injection vulnerability in the module "Help Desk - Customer Suppor ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-34991 (In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-34988 (SQL injection vulnerability in the module "Complete for Create a Quote ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-33898 (Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorre ...) - TODO: check + NOT-FOR-US: Axiros AXESS Auto Configuration Server (ACS) CVE-2024-32855 (Dell Client Platform BIOS contains an Out-of-bounds Write vulnerabilit ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-23159 (A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll t ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23158 (A maliciously crafted IGES file, when parsed in ASMImport229A.dll thro ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23157 (A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL. ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23156 (A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMke ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23155 (A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23154 (A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll throug ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23153 (A maliciously crafted MODEL file, when parsed in libodx.dll through Au ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23152 (A maliciously crafted 3DM file, when parsed in opennurbs.dll through A ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23151 (A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23150 (A maliciously crafted PRT file, when parsed in odxug_dll.dll through A ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23149 (A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll throug ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23148 (A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll throu ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23147 (A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228 ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23146 (A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL th ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23145 (A maliciously crafted PRT file, when parsed in opennurbs.dll through A ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23144 (A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMB ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23143 (A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern2 ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23142 (A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23141 (A maliciously crafted MODEL file, when parsed in libodxdll through Aut ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-23140 (A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2024-22385 (Incorrect Default Permissions vulnerability in Hitachi Storage Provide ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2024-22168 (A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud H ...) TODO: check CVE-2023-6198 (Use of Hard-coded Credentials vulnerability in Baicells Snap Router Ba ...) @@ -259,7 +259,7 @@ CVE-2024-6287 (Incorrect Calculation vulnerability in Renesas arm-trusted-firmwa CVE-2024-6285 (Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-tr ...) TODO: check CVE-2024-6160 (SQL Injection vulnerability in MegaBIP software allows attacker to dis ...) - TODO: check + NOT-FOR-US: MegaBIP CVE-2024-6104 (go-retryablehttp prior to 0.7.7 did not sanitize urls when writing the ...) TODO: check CVE-2024-5862 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) @@ -271,11 +271,11 @@ CVE-2024-4839 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the ' CVE-2024-4754 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Next4Biz CRM & BPM Software Business Process Manangement (BPM) CVE-2024-4748 (The CRUDDIY project is vulnerable to shell command injection via sendi ...) - TODO: check + NOT-FOR-US: CRUDDIY project CVE-2024-3264 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia ...) TODO: check CVE-2024-38373 (FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS ...) - TODO: check + NOT-FOR-US: FreeRTOS-Plus-TCP CVE-2024-38369 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2024-37825 (An issue in EnvisionWare Computer Access & Reservation Control SelfChe ...) @@ -311,27 +311,27 @@ CVE-2024-37091 (Improper Neutralization of Special Elements used in a Command (' CVE-2024-37089 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: WordPress plugin CVE-2024-36497 (The decrypted configuration file contains the password in cleartext w ...) - TODO: check + NOT-FOR-US: WINSelect CVE-2024-36496 (The configuration file is encrypted with a static key derived from a ...) - TODO: check + NOT-FOR-US: WINSelect CVE-2024-36495 (The application Faronics WINSelect (Standard + Enterprise)saves its co ...) - TODO: check + NOT-FOR-US: WINSelect CVE-2024-36038 (Zoho ManageEngine ITOM products versions from128234 to 128248 are affe ...) NOT-FOR-US: Zoho ManageEngine CVE-2024-34313 (An issue in VPL Jail System up to v4.0.2 allows attackers to execute a ...) - TODO: check + NOT-FOR-US: VPL Jail System CVE-2024-34312 (Virtual Programming Lab for Moodle up to v4.2.3 was discovered to cont ...) - TODO: check + NOT-FOR-US: Virtual Programming Lab for Moodle CVE-2024-33881 (An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5. ...) - TODO: check + NOT-FOR-US: VirtoSoftware Virto Bulk File Download for SharePoint CVE-2024-33880 (An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5. ...) - TODO: check + NOT-FOR-US: VirtoSoftware Virto Bulk File Download for SharePoint CVE-2024-33879 (An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5. ...) - TODO: check + NOT-FOR-US: VirtoSoftware Virto Bulk File Download for SharePoint CVE-2024-33687 (Insufficient verification of data authenticity issue exists in NJ Seri ...) TODO: check CVE-2024-33278 (Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware ve ...) - TODO: check + NOT-FOR-US: ASUS CVE-2023-49793 (CodeChecker is an analyzer tooling, defect database and viewer extensi ...) TODO: check CVE-2024-39292 (In the Linux kernel, the following vulnerability has been resolved: u ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e48355888f10156192a077030be8d3175118ce20 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e48355888f10156192a077030be8d3175118ce20 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits