[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 7 09:20:18 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0348c0d2 by Salvatore Bonaccorso at 2024-02-07T10:18:42+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,103 +35,103 @@ CVE-2024-24255 (A Race Condition discovered in geofence.cpp and mission_feasibil
CVE-2024-24254 (PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mec ...)
NOT-FOR-US: PX4 Autopilot
CVE-2024-24019 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...)
- TODO: check
+ NOT-FOR-US: Novel-Plus
CVE-2024-24015 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...)
- TODO: check
+ NOT-FOR-US: Novel-Plus
CVE-2024-24013 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...)
- TODO: check
+ NOT-FOR-US: Novel-Plus
CVE-2024-24004 (jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller ...)
- TODO: check
+ NOT-FOR-US: jshERP
CVE-2024-24002 (jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller ...)
- TODO: check
+ NOT-FOR-US: jshERP
CVE-2024-24001 (jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.contro ...)
- TODO: check
+ NOT-FOR-US: jshERP
CVE-2024-24000 (jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/sy ...)
- TODO: check
+ NOT-FOR-US: jshERP
CVE-2024-23917 (In JetBrains TeamCity before 2023.11.3 authentication bypass leading t ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2024-23673 (Malicious code execution via path traversal in Apache Software Foundat ...)
- TODO: check
+ NOT-FOR-US: Apache Sling Servlets Resolver
CVE-2024-23447 (An issue was discovered in the Windows Network Drive Connector when us ...)
TODO: check
CVE-2024-23446 (An issue was discovered by Elastic, whereby the Detection Engine Searc ...)
TODO: check
CVE-2024-23344 (Tuleap is an Open Source Suite to improve management of software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2024-22520 (An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers t ...)
TODO: check
CVE-2024-22519 (An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to imper ...)
TODO: check
CVE-2024-22515 (Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5. ...)
- TODO: check
+ NOT-FOR-US: iSpyConnect.com Agent DVR
CVE-2024-22514 (An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attack ...)
- TODO: check
+ NOT-FOR-US: iSpyConnect.com Agent DVR
CVE-2024-22388 (Certain configuration available in the communication channel for encod ...)
TODO: check
CVE-2024-22331 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, ...)
NOT-FOR-US: IBM
CVE-2024-22241 (Aria Operations for Networks contains a cross site scripting vulnerabi ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-22240 (Aria Operations for Networks contains a local file read vulnerability. ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-22239 (Aria Operations for Networks contains a local privilege escalation vul ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-22238 (Aria Operations for Networks contains a cross site scripting vulnerabi ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-22237 (Aria Operations for Networks contains a local privilege escalation vul ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-22022 (Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-22021 (VulnerabilityCVE-2024-22021 allowsaVeeam Recovery Orchestrator user wi ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-1269 (A vulnerability has been found in SourceCodester Product Management Sy ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Product Management System
CVE-2024-1268 (A vulnerability, which was classified as critical, was found in CodeAs ...)
- TODO: check
+ NOT-FOR-US: CodeAstro Restaurant POS System
CVE-2024-1267 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: CodeAstro Restaurant POS System
CVE-2024-1266 (A vulnerability classified as problematic was found in CodeAstro Unive ...)
- TODO: check
+ NOT-FOR-US: CodeAstro University Management System
CVE-2024-1265 (A vulnerability classified as problematic has been found in CodeAstro ...)
- TODO: check
+ NOT-FOR-US: CodeAstro University Management System
CVE-2024-1264 (A vulnerability has been found in Juanpao JPShop up to 1.5.02 and clas ...)
- TODO: check
+ NOT-FOR-US: Juanpao JPShop
CVE-2024-1263 (A vulnerability, which was classified as critical, was found in Juanpa ...)
- TODO: check
+ NOT-FOR-US: Juanpao JPShop
CVE-2024-1262 (A vulnerability, which was classified as critical, has been found in J ...)
- TODO: check
+ NOT-FOR-US: Juanpao JPShop
CVE-2024-1261 (A vulnerability classified as critical was found in Juanpao JPShop up ...)
- TODO: check
+ NOT-FOR-US: Juanpao JPShop
CVE-2024-1260 (A vulnerability classified as critical has been found in Juanpao JPSho ...)
- TODO: check
+ NOT-FOR-US: Juanpao JPShop
CVE-2024-1259 (A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been ...)
- TODO: check
+ NOT-FOR-US: Juanpao JPShop
CVE-2024-1258 (A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been ...)
- TODO: check
+ NOT-FOR-US: Juanpao JPShop
CVE-2024-1257 (A vulnerability was found in Jspxcms 10.2.0. It has been classified as ...)
- TODO: check
+ NOT-FOR-US: Jspxcms
CVE-2024-1256 (A vulnerability was found in Jspxcms 10.2.0 and classified as problema ...)
- TODO: check
+ NOT-FOR-US: Jspxcms
CVE-2024-1255 (A vulnerability has been found in sepidz SepidzDigitalMenu up to 7.1.0 ...)
- TODO: check
+ NOT-FOR-US: SepidzDigitalMenu
CVE-2024-1254 (A vulnerability, which was classified as critical, was found in Beijin ...)
- TODO: check
+ NOT-FOR-US: Beijing Baichuo Smart S20 Management Platform
CVE-2024-1253 (A vulnerability, which was classified as critical, has been found in B ...)
- TODO: check
+ NOT-FOR-US: Beijing Baichuo Smart S40 Management Platform
CVE-2024-1252 (A vulnerability classified as critical was found in Tongda OA 2017 up ...)
- TODO: check
+ NOT-FOR-US: Tongda
CVE-2024-1251 (A vulnerability classified as critical has been found in Tongda OA 201 ...)
- TODO: check
+ NOT-FOR-US: Tongda
CVE-2024-1079 (The Quiz Maker plugin for WordPress is vulnerable to unauthorized acce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1078 (The Quiz Maker plugin for WordPress is vulnerable to unauthorized modi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1055 (The PowerPack Addons for Elementor (Free Widgets, Extensions and Templ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1037 (The All-In-One Security (AIOS) \u2013 Security and Firewall plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0977 (The Timeline Widget For Elementor (Elementor Timeline, Vertical & Hori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0971 (A SQL injection vulnerability exists where an authenticated, low-privi ...)
TODO: check
CVE-2024-0955 (A stored XSS vulnerability exists where an authenticated, remote attac ...)
@@ -139,25 +139,25 @@ CVE-2024-0955 (A stored XSS vulnerability exists where an authenticated, remote
CVE-2024-0849 (Leanote version 2.7.0 allows obtaining arbitrary local files. This is ...)
TODO: check
CVE-2024-0628 (The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Sid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0256 (The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6388 (Suite CRM version 7.14.2 allows making arbitrary HTTP requests through ...)
- TODO: check
+ NOT-FOR-US: Suite CRM
CVE-2023-5584
REJECTED
CVE-2023-50395 (SQL Injection Remote Code Execution Vulnerability was found using an u ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-47618 (A post authentication command execution vulnerability exists in the we ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-47617 (A post authentication command injection vulnerability exists when conf ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-47209 (A post authentication command injection vulnerability exists in the ip ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-47167 (A post authentication command injection vulnerability exists in the GR ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-46683 (A post authentication command injection vulnerability exists when con ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-46183 (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW ...)
NOT-FOR-US: IBM
CVE-2023-45735 (A potential attacker with access to the Westermo Lynx device may be ab ...)
@@ -169,25 +169,25 @@ CVE-2023-45222 (An attacker with access to the web application that has the vuln
CVE-2023-45213 (A potential attacker with access to the Westermo Lynx device would be ...)
TODO: check
CVE-2023-43482 (A command execution vulnerability exists in the guest resource functio ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-42765 (An attacker with access to the vulnerable software could introduce arb ...)
TODO: check
CVE-2023-42664 (A post authentication command injection vulnerability exists when sett ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-40545 (Authenticationbypass when an OAuth2 Client is using client_secret_jwt ...)
TODO: check
CVE-2023-40544 (An attacker with access to the network where the affected devices are ...)
TODO: check
CVE-2023-40355 (Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 b ...)
- TODO: check
+ NOT-FOR-US: Axigen
CVE-2023-40143 (An attacker with access to the Westermo Lynx web application that has ...)
TODO: check
CVE-2023-38579 (The cross-site request forgery token in the request may be predictable ...)
TODO: check
CVE-2023-36498 (A post-authentication command injection vulnerability exists in the PP ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-35188 (SQL Injection Remote Code Execution Vulnerability was found using a cr ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-1271 [privileges escalation from root to domain admin]
- freeipa <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262978
@@ -461,13 +461,13 @@ CVE-2023-51951 (SQL Injection vulnerability in Stock Management System 1.0 allow
CVE-2023-4637 (The WPvivid plugin for WordPress is vulnerable to unauthorized access ...)
NOT-FOR-US: WordPress plugin
CVE-2023-47889 (The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes ...)
- TODO: check
+ NOT-FOR-US: Android application BINHDRM26 com.bdrm.superreboot
CVE-2023-47354 (An issue in the PowerOffWidgetReceiver function of Super Reboot (Root) ...)
TODO: check
CVE-2023-47353 (An issue in the com.oneed.dvr.service.DownloadFirmwareService componen ...)
TODO: check
CVE-2023-47022 (An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to e ...)
- TODO: check
+ NOT-FOR-US: NCR Terminal Handler
CVE-2023-46360 (Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable ...)
NOT-FOR-US: Hardy Barth cPH2 eCharge Ladestation
CVE-2023-46359 (An OS command injection vulnerability in Hardy Barth cPH2 eCharge Lade ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0348c0d2584dea5bf3153392a16cf6212e1cabb2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0348c0d2584dea5bf3153392a16cf6212e1cabb2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240207/f8fc79b7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list