[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Feb 7 09:47:24 GMT 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d1eafc42 by Moritz Muehlenhoff at 2024-02-07T10:46:53+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,9 +5,9 @@ CVE-2024-24943 (In JetBrains Toolbox App before 2.2 a DoS attack was possible vi
 CVE-2024-24942 (In JetBrains TeamCity before 2023.11.3 path traversal allowed reading  ...)
 	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-24941 (In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Spac ...)
-	TODO: check
+	- intellij-idea <itp> (bug #747616)
 CVE-2024-24940 (In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible ...)
-	TODO: check
+	- intellij-idea <itp> (bug #747616)
 CVE-2024-24939 (In JetBrains Rider before 2023.3.3 logging of environment variables co ...)
 	NOT-FOR-US: JetBrains Rider
 CVE-2024-24938 (In JetBrains TeamCity before 2023.11.2 limited directory traversal was ...)
@@ -53,21 +53,21 @@ CVE-2024-23917 (In JetBrains TeamCity before 2023.11.3 authentication bypass lea
 CVE-2024-23673 (Malicious code execution via path traversal in Apache Software Foundat ...)
 	NOT-FOR-US: Apache Sling Servlets Resolver
 CVE-2024-23447 (An issue was discovered in the Windows Network Drive Connector when us ...)
-	TODO: check
+	NOT-FOR-US: Elastic Network Drive Connector
 CVE-2024-23446 (An issue was discovered by Elastic, whereby the Detection Engine Searc ...)
-	TODO: check
+	- kibana <itp> (bug #700337)
 CVE-2024-23344 (Tuleap is an Open Source Suite to improve management of software devel ...)
 	NOT-FOR-US: Tuleap
 CVE-2024-22520 (An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers t ...)
-	TODO: check
+	NOT-FOR-US: Dronetag Drone Scanner
 CVE-2024-22519 (An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to imper ...)
-	TODO: check
+	NOT-FOR-US: OpenDroneID OSM
 CVE-2024-22515 (Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5. ...)
 	NOT-FOR-US: iSpyConnect.com Agent DVR
 CVE-2024-22514 (An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attack ...)
 	NOT-FOR-US: iSpyConnect.com Agent DVR
 CVE-2024-22388 (Certain configuration available in the communication channel for encod ...)
-	TODO: check
+	NOT-FOR-US: HID Global iCLASS SE CP1000 Encoder
 CVE-2024-22331 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, ...)
 	NOT-FOR-US: IBM
 CVE-2024-22241 (Aria Operations for Networks contains a cross site scripting vulnerabi ...)
@@ -133,11 +133,11 @@ CVE-2024-1037 (The All-In-One Security (AIOS) \u2013 Security and Firewall plugi
 CVE-2024-0977 (The Timeline Widget For Elementor (Elementor Timeline, Vertical & Hori ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-0971 (A SQL injection vulnerability exists where an authenticated, low-privi ...)
-	TODO: check
+	NOT-FOR-US: Nessus
 CVE-2024-0955 (A stored XSS vulnerability exists where an authenticated, remote attac ...)
-	TODO: check
+	NOT-FOR-US: Nessur
 CVE-2024-0849 (Leanote version 2.7.0 allows obtaining arbitrary local files. This is  ...)
-	TODO: check
+	NOT-FOR-US: Leanote
 CVE-2024-0628 (The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Sid ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-0256 (The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
@@ -161,29 +161,29 @@ CVE-2023-46683 (A  post authentication command injection vulnerability exists wh
 CVE-2023-46183 (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW ...)
 	NOT-FOR-US: IBM
 CVE-2023-45735 (A potential attacker with access to the Westermo Lynx device may be ab ...)
-	TODO: check
+	NOT-FOR-US: Westermo Lynx
 CVE-2023-45227 (An attacker with access to the web application with vulnerable softwar ...)
-	TODO: check
+	NOT-FOR-US: Westermo Lynx
 CVE-2023-45222 (An attacker with access to the web application that has the vulnerable ...)
-	TODO: check
+	NOT-FOR-US: Westermo Lynx
 CVE-2023-45213 (A potential attacker with access to the Westermo Lynx device would be  ...)
-	TODO: check
+	NOT-FOR-US: Westermo Lynx
 CVE-2023-43482 (A command execution vulnerability exists in the guest resource functio ...)
 	NOT-FOR-US: Tp-Link
 CVE-2023-42765 (An attacker with access to the vulnerable software could introduce arb ...)
-	TODO: check
+	NOT-FOR-US: Westermo Lynx
 CVE-2023-42664 (A post authentication command injection vulnerability exists when sett ...)
 	NOT-FOR-US: Tp-Link
 CVE-2023-40545 (Authenticationbypass when an OAuth2 Client is using client_secret_jwt  ...)
-	TODO: check
+	NOT-FOR-US: Ping Identity PingFederate
 CVE-2023-40544 (An attacker with access to the network where the affected devices are  ...)
-	TODO: check
+	NOT-FOR-US: Westermo Lynx
 CVE-2023-40355 (Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 b ...)
 	NOT-FOR-US: Axigen
 CVE-2023-40143 (An attacker with access to the Westermo Lynx web application that has  ...)
-	TODO: check
+	NOT-FOR-US: Westermo Lynx
 CVE-2023-38579 (The cross-site request forgery token in the request may be predictable ...)
-	TODO: check
+	NOT-FOR-US: Westermo Lynx
 CVE-2023-36498 (A post-authentication command injection vulnerability exists in the PP ...)
 	NOT-FOR-US: Tp-Link
 CVE-2023-35188 (SQL Injection Remote Code Execution Vulnerability was found using a cr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1eafc427c1c72d0b0ab2625db8ba87b7e516322

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1eafc427c1c72d0b0ab2625db8ba87b7e516322
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240207/0847fe43/attachment.htm>


More information about the debian-security-tracker-commits mailing list