[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 2 20:45:25 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
30e7764d by Salvatore Bonaccorso at 2024-02-02T21:44:42+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,101 +1,101 @@
CVE-2024-25006 (XenForo before 2.2.14 allows Directory Traversal (with write access) b ...)
- TODO: check
+ NOT-FOR-US: XenForo
CVE-2024-25001
REJECTED
CVE-2024-24760 (mailcow is a dockerized email package, with multiple containers linked ...)
- TODO: check
+ NOT-FOR-US: mailcow
CVE-2024-24757 (open-irs is an issue response robot that reponds to issues in the inst ...)
TODO: check
CVE-2024-24560 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2024-24470 (Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows ...)
- TODO: check
+ NOT-FOR-US: flusity-CMS
CVE-2024-24388 (Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 ...)
- TODO: check
+ NOT-FOR-US: XunRuiCMS
CVE-2024-24161 (MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2024-24160 (MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /adm ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2024-24029 (JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data ...)
- TODO: check
+ NOT-FOR-US: JFinalCMS
CVE-2024-23895 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...)
- TODO: check
+ NOT-FOR-US: Cups Easy (Purchase & Inventory)
CVE-2024-23831 (LedgerSMB is a free web-based double-entry accounting system. When a L ...)
TODO: check
CVE-2024-23824 (mailcow is a dockerized email package, with multiple containers linked ...)
- TODO: check
+ NOT-FOR-US: mailcow
CVE-2024-23635 (AntiSamy is a library for performing fast, configurable cleansing of H ...)
TODO: check
CVE-2024-22851 (Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows ...)
- TODO: check
+ NOT-FOR-US: LiveConfig
CVE-2024-22108 (An issue was discovered in GTB Central Console 15.17.1-30814.NG. The m ...)
- TODO: check
+ NOT-FOR-US: GTB Central Console
CVE-2024-22107 (An issue was discovered in GTB Central Console 15.17.1-30814.NG. The m ...)
- TODO: check
+ NOT-FOR-US: GTB Central Console
CVE-2024-1201 (Search path or unquoted item vulnerability in HDD Health affecting ver ...)
- TODO: check
+ NOT-FOR-US: HDD Health
CVE-2024-1192 (A vulnerability was found in South River WebDrive 18.00.5057. It has b ...)
- TODO: check
+ NOT-FOR-US: South River WebDrive
CVE-2024-1191 (A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classi ...)
- TODO: check
+ NOT-FOR-US: Hyper CdCatalog
CVE-2024-1190 (A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classifi ...)
- TODO: check
+ NOT-FOR-US: Global Scape CuteFTP
CVE-2024-1189 (A vulnerability has been found in AMPPS 2.7 and classified as problema ...)
- TODO: check
+ NOT-FOR-US: AMPPS
CVE-2024-1188 (A vulnerability, which was classified as problematic, was found in Riz ...)
- TODO: check
+ NOT-FOR-US: Rizone Soft Notepad3
CVE-2024-1187 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: Munsoft Easy Outlook Express Recovery
CVE-2024-1186 (A vulnerability classified as problematic was found in Munsoft Easy Ar ...)
- TODO: check
+ NOT-FOR-US: Munsoft Easy Archive Recovery
CVE-2024-1185 (A vulnerability classified as problematic has been found in Nsasoft NB ...)
- TODO: check
+ NOT-FOR-US: Nsasoft NBMonitor Network Bandwidth Monitor
CVE-2024-1184 (A vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It has be ...)
- TODO: check
+ NOT-FOR-US: Nsasoft Network Sleuth
CVE-2024-0963 (The Calculated Fields Form plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0844 (The Popup More Popups, Lightboxes, and more popup modules plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0338 (A buffer overflow vulnerability has been found in XAMPP affecting vers ...)
TODO: check
CVE-2024-0269 (ManageEngine ADAudit Plus versions7270and below are vulnerable to the ...)
- TODO: check
+ NOT-FOR-US: ManageEngine
CVE-2024-0253 (ManageEngine ADAudit Plus versions7270and below are vulnerable to the ...)
- TODO: check
+ NOT-FOR-US: ManageEngine
CVE-2023-6676 (Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber ...)
- TODO: check
+ NOT-FOR-US: National Keep Cyber Security Services CyberMath
CVE-2023-6675 (Unrestricted Upload of File with Dangerous Type vulnerability in Natio ...)
- TODO: check
+ NOT-FOR-US: National Keep Cyber Security Services CyberMath
CVE-2023-6673 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: National Keep Cyber Security Services CyberMath
CVE-2023-6672 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: National Keep Cyber Security Services CyberMath
CVE-2023-6387 (A potential buffer overflow exists in the Bluetooth LE HCI CPC sample ...)
TODO: check
CVE-2023-51838 (Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Crypt ...)
- TODO: check
+ NOT-FOR-US: Ylianst MeshCentral
CVE-2023-51820 (An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows ...)
- TODO: check
+ NOT-FOR-US: Blurams Lumi Security Camera (A31C)
CVE-2023-51072 (A stored cross-site scripting (XSS) vulnerability in the NOC component ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-50488 (An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allo ...)
- TODO: check
+ NOT-FOR-US: Blurams Lumi Security Camera (A31C)
CVE-2023-50359 (An unchecked return value vulnerability has been reported to affect se ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-48645 (An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a l ...)
- TODO: check
+ NOT-FOR-US: Archibus app
CVE-2023-47568 (A SQL injection vulnerability has been reported to affect several QNAP ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-47567 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-47566 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-47564 (An incorrect permission assignment for critical resource vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-47562 (An OS command injection vulnerability has been reported to affect Phot ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-47561 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-47148 (IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console ...)
NOT-FOR-US: IBM
CVE-2023-47144 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7. ...)
@@ -105,61 +105,61 @@ CVE-2023-47143 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 thro
CVE-2023-47142 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7. ...)
NOT-FOR-US: IBM
CVE-2023-45037 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-45036 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-45035 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-45028 (An uncontrolled resource consumption vulnerability has been reported t ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-45027 (A path traversal vulnerability has been reported to affect several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-45026 (A path traversal vulnerability has been reported to affect several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-45025 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41292 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41283 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41282 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41281 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41280 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41279 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41278 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41277 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41276 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41275 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41274 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41273 (A heap-based buffer overflow vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-39611 (An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attac ...)
TODO: check
CVE-2023-39303 (An improper authentication vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-39302 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-39297 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-38273 (IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate ...)
NOT-FOR-US: IBM
CVE-2023-37530 (A cross-site scripting (XSS) vulnerability in the Web Reports componen ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-37529 (A cross-site scripting (XSS) vulnerability in the Web Reports componen ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-37527 (A reflected cross-site scripting (XSS) vulnerability in the Web Report ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-32967 (An incorrect authorization vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-XXXX [GHSA-7g9j-g5jg-3vv3: Unauthenticated Nonce Increment in snow]
- rust-snow <unfixed> (bug #1062663)
NOTE: https://github.com/mcginty/snow/security/advisories/GHSA-7g9j-g5jg-3vv3
@@ -74382,7 +74382,7 @@ CVE-2022-47074
CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create Ticket page o ...)
NOT-FOR-US: Small CRM
CVE-2022-47072 (SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit a ...)
- TODO: check
+ NOT-FOR-US: Enterprise Architect
CVE-2022-47071 (In NVS365 V01, the background network test function can trigger comman ...)
NOT-FOR-US: NVS365 V01
CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After entering a ...)
@@ -113116,7 +113116,7 @@ CVE-2022-34383 (Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an
CVE-2022-34382 (Dell Command Update, Dell Update and Alienware Update versions prior t ...)
NOT-FOR-US: Dell
CVE-2022-34381 (Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell B ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34380 (Dell CloudLink 7.1.3 and all earlier versions contain an Authenticatio ...)
NOT-FOR-US: Dell
CVE-2022-34379 (Dell EMC CloudLink 7.1.2 and all prior versions contain an Authenticat ...)
@@ -218336,7 +218336,7 @@ CVE-2021-21577 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based
CVE-2021-21576 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross ...)
NOT-FOR-US: EMC
CVE-2021-21575 (Dell BSAFE Micro Edition Suite,versions before 4.5.2, contain an Obser ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-21574 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...)
NOT-FOR-US: Dell
CVE-2021-21573 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...)
@@ -227203,7 +227203,7 @@ CVE-2020-29506 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and De
CVE-2020-29505 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSA ...)
NOT-FOR-US: Dell
CVE-2020-29504 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSA ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-29503 (Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file per ...)
NOT-FOR-US: EMC PowerStore
CVE-2020-29502 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Te ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e7764da3c704a6aa463104f748a72c022e3125
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e7764da3c704a6aa463104f748a72c022e3125
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240202/52fb9d4a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list