[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 15 22:03:54 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
83206806 by Salvatore Bonaccorso at 2024-08-15T23:03:23+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2024-7263 (Improper path validation in promecefpluginhost.exe in Kingsoft WP
CVE-2024-7262 (Improper path validation in promecefpluginhost.exe in Kingsoft WPS Off ...)
NOT-FOR-US: Kingsoft WPS Office
CVE-2024-6347 (* Unprotected privileged mode access through UDS session in the Blind ...)
- TODO: check
+ NOT-FOR-US: Nissan
CVE-2024-43373 (webcrack is a tool for reverse engineering javascript. An arbitrary fi ...)
NOT-FOR-US: webcrack
CVE-2024-43357 (ECMA-262 is the language specification for the scripting language ECMA ...)
@@ -119,33 +119,33 @@ CVE-2024-40705 (IBM InfoSphere Information Server could allow an authenticated u
CVE-2024-40704 (IBM InfoSphere Information Server 11.7 could allow a privileged user t ...)
NOT-FOR-US: IBM
CVE-2024-32231 (Stash up to v0.25.1 was discovered to contain a SQL injection vulnerab ...)
- TODO: check
+ NOT-FOR-US: Stash
CVE-2024-31905 (IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to ...)
NOT-FOR-US: IBM
CVE-2024-31800 (Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allow ...)
- TODO: check
+ NOT-FOR-US: GNCC's GC2 Indoor Security Camera 1080P
CVE-2024-31799 (Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allo ...)
- TODO: check
+ NOT-FOR-US: GNCC's GC2 Indoor Security Camera 1080P
CVE-2024-31798 (Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor ...)
- TODO: check
+ NOT-FOR-US: GNCC's GC2 Indoor Security Camera 1080P
CVE-2024-27731 (Cross Site Scripting vulnerability in Friendica v.2023.12 allows a rem ...)
- TODO: check
+ NOT-FOR-US: Friendica
CVE-2024-27730 (Insecure Permissions vulnerability in Friendica v.2023.12 allows a rem ...)
- TODO: check
+ NOT-FOR-US: Friendica
CVE-2024-27729 (Cross Site Scripting vulnerability in Friendica v.2023.12 allows a rem ...)
- TODO: check
+ NOT-FOR-US: Friendica
CVE-2024-27728 (Cross Site Scripting vulnerability in Friendica v.2023.12 allows a rem ...)
- TODO: check
+ NOT-FOR-US: Friendica
CVE-2024-25633 (eLabFTW is an open source electronic lab notebook for research labs. ...)
- TODO: check
+ NOT-FOR-US: eLabFTW
CVE-2024-23168 (Vulnerability in Xiexe XSOverlay before build 647 allows non-local web ...)
- TODO: check
+ NOT-FOR-US: Xiexe XSOverlay
CVE-2024-22219 (XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 throu ...)
- TODO: check
+ NOT-FOR-US: Terminalfour
CVE-2024-22218 (XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 throu ...)
- TODO: check
+ NOT-FOR-US: Terminalfour
CVE-2024-22217 (A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour bef ...)
- TODO: check
+ NOT-FOR-US: Terminalfour
CVE-2023-37228
REJECTED
CVE-2024-7815 (A vulnerability has been found in CodeAstro Online Railway Reservation ...)
@@ -391,7 +391,7 @@ CVE-2024-39386 (Bridge versions 13.0.8, 14.1.1 and earlier are affected by an ou
CVE-2024-39383 (Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.0 ...)
NOT-FOR-US: Adobe
CVE-2024-39283 (Incomplete filtering of special elements in Intel(R) TDX module softwa ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-38483 (Dell BIOS contains an Improper Input Validation vulnerability in an ex ...)
NOT-FOR-US: Dell
CVE-2024-37529 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
@@ -403,7 +403,7 @@ CVE-2024-35152 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server
CVE-2024-35136 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) fede ...)
NOT-FOR-US: IBM
CVE-2024-34163 (Improper input validation in firmware for some Intel(R) NUC may allow ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-34138 (Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL P ...)
NOT-FOR-US: Adobe
CVE-2024-34137 (Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL P ...)
@@ -431,113 +431,113 @@ CVE-2024-34117 (Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affect
CVE-2024-31882 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
NOT-FOR-US: IBM
CVE-2024-29015 (Uncontrolled search path in some Intel(R) VTune(TM) Profiler software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-28953 (Uncontrolled search path in some EMON software before version 11.44 ma ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-28947 (Improper input validation in kernel mode driver for some Intel(R) Serv ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-28887 (Uncontrolled search path in some Intel(R) IPP software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-28876 (Uncontrolled search path for some Intel(R) MPI Library software before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-28799 (IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pa ...)
NOT-FOR-US: IBM
CVE-2024-28172 (Uncontrolled search path for some Intel(R) Trace Analyzer and Collecto ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-28050 (Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-28046 (Uncontrolled search path in some Intel(R) GPA software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-27461 (Incorrect default permissions in software installer for Intel(R) MAS ( ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-27267 (The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7. ...)
NOT-FOR-US: IBM
CVE-2024-27120 (A Local File Inclusion vulnerability has been found in ComfortKey, a p ...)
- TODO: check
+ NOT-FOR-US: ComfortKey
CVE-2024-26027 (Uncontrolled search path for some Intel(R) Simics Package Manager soft ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-26025 (Incorrect default permissions for some Intel(R) Advisor software befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-26022 (Improper access control in some Intel(R) UEFI Integrator Tools on Apti ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-25939 (Mirrored regions with different values in 3rd Generation Intel(R) Xeon ...)
- intel-microcode <unfixed> (bug #1078742)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
CVE-2024-25576 (improper access control in firmware for some Intel(R) FPGA products be ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-25562 (Improper buffer restrictions in some Intel(R) Distribution for GDB sof ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-25561 (Insecure inherited permissions in some Intel(R) HID Event Filter softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-25157 (An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6. ...)
- TODO: check
+ NOT-FOR-US: GoAnywhere MFT
CVE-2024-24986 (Improper access control in Linux kernel mode driver for some Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-24983 (Protection mechanism failure in firmware for some Intel(R) Ethernet Ne ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-24980 (Protection mechanism failure in some 3rd, 4th, and 5th Generation Inte ...)
- intel-microcode <unfixed> (bug #1078742)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
CVE-2024-24977 (Uncontrolled search path for some Intel(R) License Manager for FLEXlm ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-24973 (Improper input validation for some Intel(R) Distribution for GDB softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-24853 (Incorrect behavior order in transition between executive monitor and S ...)
- intel-microcode <unfixed> (bug #1078742)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
CVE-2024-24580 (Improper conditions check in some Intel(R) Data Center GPU Max Series ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23981 (Wrap-around error in Linux kernel mode driver for some Intel(R) Ethern ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23974 (Incorrect default permissions in some Intel(R) ISH software installers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23909 (Uncontrolled search path in some Intel(R) FPGA SDK for OpenCL(TM) soft ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23908 (Insecure inherited permissions in some Flexlm License Daemons for Inte ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23907 (Uncontrolled search path in some Intel(R) High Level Synthesis Compile ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23499 (Protection mechanism failure in Linux kernel mode driver for some Inte ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23497 (Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethe ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23495 (Incorrect default permissions in some Intel(R) Distribution for GDB so ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23491 (Uncontrolled search path in some Intel(R) Distribution for GDB softwar ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23489 (Uncontrolled search path for some Intel(R) VROC software before versio ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-22378 (Incorrect default permissions in some Intel Unite(R) Client Extended D ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-22376 (Uncontrolled search path element in some installation software for Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-22374 (Insufficient control flow management for some Intel(R) Xeon Processors ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-22184 (Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Editio ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21857 (Uncontrolled search path for some Intel(R) oneAPI Compiler software be ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21844 (Integer overflow in firmware for some Intel(R) CSME may allow an unaut ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21810 (Improper input validation in the Linux kernel mode driver for some Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21807 (Improper initialization in the Linux kernel mode driver for some Intel ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21806 (Improper conditions check in Linux kernel mode driver for some Intel(R ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21801 (Insufficient control flow management in some Intel(R) TDX module softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21787 (Inadequate encryption strength for some BMRA software before version 2 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21784 (Uncontrolled search path for some Intel(R) IPP Cryptography software b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21769 (Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21766 (Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-20790 (Dimension versions 3.4.11 and earlier are affected by an out-of-bounds ...)
NOT-FOR-US: Adobe
CVE-2024-20789 (Dimension versions 3.4.11 and earlier are affected by a Use After Free ...)
@@ -547,29 +547,29 @@ CVE-2023-50315 (IBM WebSphere Application Server 8.5 and 9.0 could allow an atta
CVE-2023-50314 (IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 cou ...)
NOT-FOR-US: IBM
CVE-2023-49144 (Out of bounds read in OpenBMC Firmware for some Intel(R) Server Platfo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-49141 (Improper isolation in some Intel(R) Processors stream cache mechanism ...)
- intel-microcode <unfixed> (bug #1078742)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
CVE-2023-48361 (Improper initialization in firmware for some Intel(R) CSME may allow a ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-43747 (Incorrect default permissions for some Intel(R) Connectivity Performan ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-43489 (Improper access control for some Intel(R) CIP software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-42667 (Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cac ...)
- intel-microcode <unfixed> (bug #1078742)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
CVE-2023-40067 (Unchecked return value in firmware for some Intel(R) CSME may allow an ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38655 (Improper buffer restrictions in firmware for some Intel(R) AMT and Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-35123 (Uncaught exception in OpenBMC Firmware for some Intel(R) Server Platfo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-34424 (Improper input validation in firmware for some Intel(R) CSME may allow ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-7347 (NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ...)
- nginx <unfixed>
[bookworm] - nginx <no-dsa> (Minor issue)
@@ -642,7 +642,7 @@ CVE-2024-7730
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2427
NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/98e77e3dd8dd6e7aa9a7dffa60f49c8c8a49d4e3 (v9.1.0-rc0)
CVE-2024-7746 (Use of Default Credentials vulnerability in Tananaev Solutions Traccar ...)
- TODO: check
+ NOT-FOR-US: Tananaev Solutions Traccar Server
CVE-2024-7741 (A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as ...)
NOT-FOR-US: wanglongcn ltcms
CVE-2024-7740 (A vulnerability has been found in wanglongcn ltcms 1.0.20 and classifi ...)
@@ -722,7 +722,7 @@ CVE-2024-41613 (A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.1
CVE-2024-40697 (IBM Common Licensing 9.0 does not require that users should have stron ...)
NOT-FOR-US: IBM
CVE-2024-3913 (An unauthenticated remote attacker can use this vulnerability to chang ...)
- TODO: check
+ NOT-FOR-US: PHOENIX CONTACT
CVE-2024-39651 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: WordPress plugin
CVE-2024-39642 (Authorization Bypass Through User-Controlled Key vulnerability in Thim ...)
@@ -748,9 +748,9 @@ CVE-2024-38699 (Missing Authorization vulnerability in WP Swings Wallet System f
CVE-2024-38688 (Missing Authorization vulnerability in Igor Beni\u0107 Recipe Maker Fo ...)
NOT-FOR-US: WordPress plugin
CVE-2024-38502 (An unauthenticated remote attacker may use stored XSS vulnerability to ...)
- TODO: check
+ NOT-FOR-US: Pepperl+Fuchs SE
CVE-2024-38501 (An unauthenticated remote attacker may use a HTML injection vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Pepperl+Fuchs SE
CVE-2024-38223 (Windows Initial Machine Configuration Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
CVE-2024-38215 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
@@ -916,7 +916,7 @@ CVE-2024-37935 (Missing Authorization vulnerability in anhvnit Woocommerce OpenP
CVE-2024-37287 (A flaw allowing arbitrary code execution was discovered in Kibana. An ...)
TODO: check
CVE-2024-37015 (An issue was discovered in Ada Web Server 20.0. When configured to use ...)
- TODO: check
+ NOT-FOR-US: Ada Web Server
CVE-2024-36505 (An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 th ...)
NOT-FOR-US: FortiGuard
CVE-2024-36446 (The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8320680626b3f63d7056fe51382622a8886ec390
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8320680626b3f63d7056fe51382622a8886ec390
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240815/6369d4ed/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list