Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4cbf62e8 by Salvatore Bonaccorso at 2024-08-21T10:29:28+02:00
Process NFUs
- - - - -
4bde6fff by Salvatore Bonaccorso at 2024-08-21T10:29:29+02:00
Add CVE-2024-28829/check-mk
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43,15 +43,15 @@ CVE-2024-42939 (A cross-site scripting (XSS) vulnerability
in the component /ind
CVE-2024-42363 (Prior to 3385, the user-controlled role parameter enters the
applicati ...)
TODO: check
CVE-2024-42362 (Hertzbeat is an open source, real-time monitoring system.
Hertzbeat ha ...)
- TODO: check
+ NOT-FOR-US: Hertzbeat
CVE-2024-42361 (Hertzbeat is an open source, real-time monitoring system.
Hertzbeat 1. ...)
- TODO: check
+ NOT-FOR-US: Hertzbeat
CVE-2024-41658 (Casdoor is a UI-first Identity and Access Management (IAM) /
Single-Si ...)
- TODO: check
+ NOT-FOR-US: Casdoor
CVE-2024-41657 (Casdoor is a UI-first Identity and Access Management (IAM) /
Single-Si ...)
- TODO: check
+ NOT-FOR-US: Casdoor
CVE-2024-38305 (Dell SupportAssist for Home PCs Installer exe version 4.0.3
contains a ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-52914 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -397,7 +397,7 @@ CVE-2024-43376 (Umbraco is an ASP.NET CMS. Some endpoints
in the Management API
CVE-2024-42919 (eScan Management Console 14.0.1400.2281 is vulnerable to
Incorrect Acc ...)
NOT-FOR-US: eScan Management Console
CVE-2024-42662 (An issue in apollocongif apollo v.2.2.0 allows a remote
attacker to ob ...)
- TODO: check
+ NOT-FOR-US: apollocongif apollo
CVE-2024-42621 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
NOT-FOR-US: Pligg CMS
CVE-2024-42619 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
@@ -525,13 +525,13 @@ CVE-2024-41697 (Priority -CWE-80: Improper Neutralization
of Script-Related HTML
CVE-2024-41659 (memos is a privacy-first, lightweight note-taking service. A
CORS misc ...)
TODO: check
CVE-2024-40743 (The stripImages and stripIframes methods didn't properly
process input ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2024-39690 (Capsule is a multi-tenancy and policy-based framework for
Kubernetes. ...)
- TODO: check
+ NOT-FOR-US: Capsule
CVE-2024-39094 (Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS)
in setti ...)
NOT-FOR-US: Friendica
CVE-2024-38175 (An improper access control vulnerability in the Azure Managed
Instance ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-35540 (A stored cross-site scripting (XSS) vulnerability in Typecho
v1.3.0 al ...)
NOT-FOR-US: Typecho
CVE-2024-35214 (A tampering vulnerability in the CylanceOPTICS Windows
Installer Packa ...)
@@ -547,19 +547,19 @@ CVE-2024-30949 (An issue in newlib v.4.3.0 allows an
attacker to execute arbitra
NOTE:
https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=5f15d7c5817b07a6b18cbab17342c95cb7b42be4
(newlib-4.4.0)
NOTE: Only affects riscv, which is still WIP
CVE-2024-28829 (Least privilege violation and reliance on untrusted inputs in
the mk_i ...)
- TODO: check
+ - check-mk <removed>
CVE-2024-27187 (Improper Access Controls allows backend users to overwrite
their usern ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2024-27186 (The mail template feature lacks an escaping mechanism, causing
XSS vec ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2024-27185 (The pagination class includes arbitrary parameters in links,
leading t ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2024-27184 (Inadequate validation of URLs could result into an invalid
check wheth ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2024-25009 (Ericsson Packet Core Controller (PCC) contains a vulnerability
in Acce ...)
- TODO: check
+ NOT-FOR-US: Ericsson Packet Core Controller (PCC)
CVE-2024-21689 (This High severity RCE (Remote Code Execution) vulnerability
CVE-2024- ...)
- TODO: check
+ NOT-FOR-US: Atlassian Bamboo Data Center and Server
CVE-2024-7949 (A vulnerability, which was classified as critical, was found in
Source ...)
NOT-FOR-US: SourceCodester Online Graduate Tracer System
CVE-2024-7948 (A vulnerability classified as problematic was found in
SourceCodester ...)
@@ -189590,7 +189590,7 @@ CVE-2022-28329 (A vulnerability has been identified
in SCALANCE W1788-1 M12 (All
CVE-2022-28328 (A vulnerability has been identified in SCALANCE W1788-1 M12
(All versi ...)
NOT-FOR-US: Siemens SCALANCE
CVE-2022-1206 (The AdRotate Banner Manager \u2013 The only ad manager you'll
need plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1205 (A NULL pointer dereference flaw was found in the Linux
kernel\u2019s A ...)
{DSA-5173-1 DSA-5127-1}
- linux 5.17.6-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/31f9e6d65af24629eb488f388335dcacec004602...4bde6fff3aeec52f3e1f9b57a4a5002a71a97a28
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/31f9e6d65af24629eb488f388335dcacec004602...4bde6fff3aeec52f3e1f9b57a4a5002a71a97a28
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
