[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 3 22:06:05 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
536cec60 by Salvatore Bonaccorso at 2024-04-03T23:05:24+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,13 +17,13 @@ CVE-2024-3252 (A vulnerability classified as critical has been found in SourceCo
CVE-2024-3251 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...)
NOT-FOR-US: SourceCodester Computer Laboratory Management System
CVE-2024-3181 (Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8 ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2024-3180 (Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2024-3179 (Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.1 ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2024-3178 (Concrete CMS versions 9 below 9.2.8 and versions below8.5.16 are vulne ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2024-31420 (A NULL pointer dereference flaw was found in KubeVirt. This flaw allow ...)
TODO: check
CVE-2024-31419 (An information disclosure flaw was found in OpenShift Virtualization. ...)
@@ -33,51 +33,51 @@ CVE-2024-31393 (Dragging Javascript URLs to the address bar could cause them to
CVE-2024-31392 (If an insecure element was added to a page after a delay, Firefox woul ...)
TODO: check
CVE-2024-31390 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31380 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30572 (Netgear R6850 1.1.0.88 was discovered to contain a command injection v ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-30571 (An information leak in the BRS_top.html component of Netgear R6850 v1. ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-30570 (An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-30569 (An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 a ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-30568 (Netgear R6850 1.1.0.88 was discovered to contain a command injection v ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-30366 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30334 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30333 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30332 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30331 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30330 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30329 (Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vuln ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30328 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30327 (Foxit PDF Reader template Use-After-Free Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30326 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30325 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30324 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30323 (Foxit PDF Reader template Out-Of-Bounds Read Remote Code Execution Vul ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30322 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-2758 (Tempesta FW rate limits are not enabled by default. They are either se ...)
- TODO: check
+ NOT-FOR-US: Tempesta FW
CVE-2024-2753 (Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5 ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2024-2653 (amphp/http will collect CONTINUATION frames in an unbounded buffer and ...)
TODO: check
CVE-2024-29477 (Lack of sanitization during Installation Process in Dolibarr ERP CRM u ...)
@@ -85,101 +85,101 @@ CVE-2024-29477 (Lack of sanitization during Installation Process in Dolibarr ERP
CVE-2024-28782 (IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pa ...)
NOT-FOR-US: IBM
CVE-2024-28275 (Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovere ...)
- TODO: check
+ NOT-FOR-US: Puwell Cloud Tech Co, Ltd 360Eyes Pro
CVE-2024-27972 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27951 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27674 (Macro Expert through 4.9.4 allows BUILTIN\Users:(OI)(CI)(M) access to ...)
- TODO: check
+ NOT-FOR-US: Macro Expert
CVE-2024-27673
REJECTED
CVE-2024-27346 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclo ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27345 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclo ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27344 (Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Executi ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27343 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclo ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27342 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execu ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27341 (Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Cod ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27340 (Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Cod ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27339 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execu ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27338 (Kofax Power PDF app response Out-Of-Bounds Read Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27337 (Kofax Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Co ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27336 (Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclo ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27335 (Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execut ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27254 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...)
NOT-FOR-US: IBM
CVE-2024-27201 (An improper input validation vulnerability exists in the OAS Engine Us ...)
- TODO: check
+ NOT-FOR-US: OAS Engine User Configuration
CVE-2024-27191 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-26701
REJECTED
CVE-2024-25918 (Unrestricted Upload of File with Dangerous Type vulnerability in Insta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25096 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25046 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
NOT-FOR-US: IBM
CVE-2024-25030 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
NOT-FOR-US: IBM
CVE-2024-24976 (A denial of service vulnerability exists in the OAS Engine File Data S ...)
- TODO: check
+ NOT-FOR-US: OAS Engine File Data Source Configuration
CVE-2024-24707 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23540 (The HCL BigFix Inventory server is vulnerable to path traversal which ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-22360 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
NOT-FOR-US: IBM
CVE-2024-22178 (A file write vulnerability exists in the OAS Engine Save Security Conf ...)
- TODO: check
+ NOT-FOR-US: OAS Engine Save Security Configuration
CVE-2024-21870 (A file write vulnerability exists in the OAS Engine Tags Configuration ...)
- TODO: check
+ NOT-FOR-US: OAS Engine Tags Configuration
CVE-2024-20368 (A vulnerability in the web-based management interface of Cisco Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20367 (A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20362 (A vulnerability in the web-based management interface of Cisco Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20352 (A vulnerability in Cisco Emergency Responder could allow an authentica ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20348 (A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature o ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20347 (A vulnerability in Cisco Emergency Responder could allow an unauthenti ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20334 (A vulnerability in the web-based management interface of Cisco TelePre ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20332 (A vulnerability in the web-based management interface of Cisco Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20310 (A vulnerability in the web-based interface of Cisco Unified Communicat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20302 (A vulnerability in the tenant security implementation of Cisco Nexus D ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20283 (A vulnerability in Cisco Nexus Dashboard could allow an authenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20282 (A vulnerability in Cisco Nexus Dashboard could allow an authenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20281 (A vulnerability in the web-based management interface of Cisco Nexus D ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-1180 (TP-Link Omada ER605 Access Control Command Injection Remote Code Execu ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-0394 (Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege esca ...)
- TODO: check
+ NOT-FOR-US: Rapid7 Minerva Armor
CVE-2024-0335 (ABB has internally identified a vulnerability in the ABB VPNI feature ...)
TODO: check
CVE-2024-0172 (Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an imp ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-5755
REJECTED
CVE-2023-52296 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
@@ -758,7 +758,7 @@ CVE-2024-25864 (Server Side Request Forgery (SSRF) vulnerability in Friendica ve
CVE-2024-25075 (An issue was discovered in Softing uaToolkit Embedded before 1.41.1. W ...)
NOT-FOR-US: Softing uaToolkit Embedded
CVE-2024-24724 (Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSetting ...)
- TODO: check
+ NOT-FOR-US: GibbonEdu Gibbon
CVE-2024-24506 (Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edit ...)
TODO: check
CVE-2024-1327 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/536cec604094dba18b2c0ffa72557387491cb681
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/536cec604094dba18b2c0ffa72557387491cb681
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240403/5deb123e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list