Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4cbf62e8 by Salvatore Bonaccorso at 2024-08-21T10:29:28+02:00 Process NFUs - - - - - 4bde6fff by Salvatore Bonaccorso at 2024-08-21T10:29:29+02:00 Add CVE-2024-28829/check-mk - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -43,15 +43,15 @@ CVE-2024-42939 (A cross-site scripting (XSS) vulnerability in the component /ind CVE-2024-42363 (Prior to 3385, the user-controlled role parameter enters the applicati ...) TODO: check CVE-2024-42362 (Hertzbeat is an open source, real-time monitoring system. Hertzbeat ha ...) - TODO: check + NOT-FOR-US: Hertzbeat CVE-2024-42361 (Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1. ...) - TODO: check + NOT-FOR-US: Hertzbeat CVE-2024-41658 (Casdoor is a UI-first Identity and Access Management (IAM) / Single-Si ...) - TODO: check + NOT-FOR-US: Casdoor CVE-2024-41657 (Casdoor is a UI-first Identity and Access Management (IAM) / Single-Si ...) - TODO: check + NOT-FOR-US: Casdoor CVE-2024-38305 (Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-52914 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.1.7-1 [bullseye] - linux <not-affected> (Vulnerable code not present) @@ -397,7 +397,7 @@ CVE-2024-43376 (Umbraco is an ASP.NET CMS. Some endpoints in the Management API CVE-2024-42919 (eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Acc ...) NOT-FOR-US: eScan Management Console CVE-2024-42662 (An issue in apollocongif apollo v.2.2.0 allows a remote attacker to ob ...) - TODO: check + NOT-FOR-US: apollocongif apollo CVE-2024-42621 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: Pligg CMS CVE-2024-42619 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...) @@ -525,13 +525,13 @@ CVE-2024-41697 (Priority -CWE-80: Improper Neutralization of Script-Related HTML CVE-2024-41659 (memos is a privacy-first, lightweight note-taking service. A CORS misc ...) TODO: check CVE-2024-40743 (The stripImages and stripIframes methods didn't properly process input ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2024-39690 (Capsule is a multi-tenancy and policy-based framework for Kubernetes. ...) - TODO: check + NOT-FOR-US: Capsule CVE-2024-39094 (Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in setti ...) NOT-FOR-US: Friendica CVE-2024-38175 (An improper access control vulnerability in the Azure Managed Instance ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-35540 (A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 al ...) NOT-FOR-US: Typecho CVE-2024-35214 (A tampering vulnerability in the CylanceOPTICS Windows Installer Packa ...) @@ -547,19 +547,19 @@ CVE-2024-30949 (An issue in newlib v.4.3.0 allows an attacker to execute arbitra NOTE: https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=5f15d7c5817b07a6b18cbab17342c95cb7b42be4 (newlib-4.4.0) NOTE: Only affects riscv, which is still WIP CVE-2024-28829 (Least privilege violation and reliance on untrusted inputs in the mk_i ...) - TODO: check + - check-mk <removed> CVE-2024-27187 (Improper Access Controls allows backend users to overwrite their usern ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2024-27186 (The mail template feature lacks an escaping mechanism, causing XSS vec ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2024-27185 (The pagination class includes arbitrary parameters in links, leading t ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2024-27184 (Inadequate validation of URLs could result into an invalid check wheth ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2024-25009 (Ericsson Packet Core Controller (PCC) contains a vulnerability in Acce ...) - TODO: check + NOT-FOR-US: Ericsson Packet Core Controller (PCC) CVE-2024-21689 (This High severity RCE (Remote Code Execution) vulnerability CVE-2024- ...) - TODO: check + NOT-FOR-US: Atlassian Bamboo Data Center and Server CVE-2024-7949 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Online Graduate Tracer System CVE-2024-7948 (A vulnerability classified as problematic was found in SourceCodester ...) @@ -189590,7 +189590,7 @@ CVE-2022-28329 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All CVE-2022-28328 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All versi ...) NOT-FOR-US: Siemens SCALANCE CVE-2022-1206 (The AdRotate Banner Manager \u2013 The only ad manager you'll need plu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1205 (A NULL pointer dereference flaw was found in the Linux kernel\u2019s A ...) {DSA-5173-1 DSA-5127-1} - linux 5.17.6-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/31f9e6d65af24629eb488f388335dcacec004602...4bde6fff3aeec52f3e1f9b57a4a5002a71a97a28 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/31f9e6d65af24629eb488f388335dcacec004602...4bde6fff3aeec52f3e1f9b57a4a5002a71a97a28 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits