[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Feb 7 09:47:24 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d1eafc42 by Moritz Muehlenhoff at 2024-02-07T10:46:53+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,9 +5,9 @@ CVE-2024-24943 (In JetBrains Toolbox App before 2.2 a DoS attack was possible vi
CVE-2024-24942 (In JetBrains TeamCity before 2023.11.3 path traversal allowed reading ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2024-24941 (In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Spac ...)
- TODO: check
+ - intellij-idea <itp> (bug #747616)
CVE-2024-24940 (In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible ...)
- TODO: check
+ - intellij-idea <itp> (bug #747616)
CVE-2024-24939 (In JetBrains Rider before 2023.3.3 logging of environment variables co ...)
NOT-FOR-US: JetBrains Rider
CVE-2024-24938 (In JetBrains TeamCity before 2023.11.2 limited directory traversal was ...)
@@ -53,21 +53,21 @@ CVE-2024-23917 (In JetBrains TeamCity before 2023.11.3 authentication bypass lea
CVE-2024-23673 (Malicious code execution via path traversal in Apache Software Foundat ...)
NOT-FOR-US: Apache Sling Servlets Resolver
CVE-2024-23447 (An issue was discovered in the Windows Network Drive Connector when us ...)
- TODO: check
+ NOT-FOR-US: Elastic Network Drive Connector
CVE-2024-23446 (An issue was discovered by Elastic, whereby the Detection Engine Searc ...)
- TODO: check
+ - kibana <itp> (bug #700337)
CVE-2024-23344 (Tuleap is an Open Source Suite to improve management of software devel ...)
NOT-FOR-US: Tuleap
CVE-2024-22520 (An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers t ...)
- TODO: check
+ NOT-FOR-US: Dronetag Drone Scanner
CVE-2024-22519 (An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to imper ...)
- TODO: check
+ NOT-FOR-US: OpenDroneID OSM
CVE-2024-22515 (Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5. ...)
NOT-FOR-US: iSpyConnect.com Agent DVR
CVE-2024-22514 (An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attack ...)
NOT-FOR-US: iSpyConnect.com Agent DVR
CVE-2024-22388 (Certain configuration available in the communication channel for encod ...)
- TODO: check
+ NOT-FOR-US: HID Global iCLASS SE CP1000 Encoder
CVE-2024-22331 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, ...)
NOT-FOR-US: IBM
CVE-2024-22241 (Aria Operations for Networks contains a cross site scripting vulnerabi ...)
@@ -133,11 +133,11 @@ CVE-2024-1037 (The All-In-One Security (AIOS) \u2013 Security and Firewall plugi
CVE-2024-0977 (The Timeline Widget For Elementor (Elementor Timeline, Vertical & Hori ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0971 (A SQL injection vulnerability exists where an authenticated, low-privi ...)
- TODO: check
+ NOT-FOR-US: Nessus
CVE-2024-0955 (A stored XSS vulnerability exists where an authenticated, remote attac ...)
- TODO: check
+ NOT-FOR-US: Nessur
CVE-2024-0849 (Leanote version 2.7.0 allows obtaining arbitrary local files. This is ...)
- TODO: check
+ NOT-FOR-US: Leanote
CVE-2024-0628 (The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Sid ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0256 (The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
@@ -161,29 +161,29 @@ CVE-2023-46683 (A post authentication command injection vulnerability exists wh
CVE-2023-46183 (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW ...)
NOT-FOR-US: IBM
CVE-2023-45735 (A potential attacker with access to the Westermo Lynx device may be ab ...)
- TODO: check
+ NOT-FOR-US: Westermo Lynx
CVE-2023-45227 (An attacker with access to the web application with vulnerable softwar ...)
- TODO: check
+ NOT-FOR-US: Westermo Lynx
CVE-2023-45222 (An attacker with access to the web application that has the vulnerable ...)
- TODO: check
+ NOT-FOR-US: Westermo Lynx
CVE-2023-45213 (A potential attacker with access to the Westermo Lynx device would be ...)
- TODO: check
+ NOT-FOR-US: Westermo Lynx
CVE-2023-43482 (A command execution vulnerability exists in the guest resource functio ...)
NOT-FOR-US: Tp-Link
CVE-2023-42765 (An attacker with access to the vulnerable software could introduce arb ...)
- TODO: check
+ NOT-FOR-US: Westermo Lynx
CVE-2023-42664 (A post authentication command injection vulnerability exists when sett ...)
NOT-FOR-US: Tp-Link
CVE-2023-40545 (Authenticationbypass when an OAuth2 Client is using client_secret_jwt ...)
- TODO: check
+ NOT-FOR-US: Ping Identity PingFederate
CVE-2023-40544 (An attacker with access to the network where the affected devices are ...)
- TODO: check
+ NOT-FOR-US: Westermo Lynx
CVE-2023-40355 (Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 b ...)
NOT-FOR-US: Axigen
CVE-2023-40143 (An attacker with access to the Westermo Lynx web application that has ...)
- TODO: check
+ NOT-FOR-US: Westermo Lynx
CVE-2023-38579 (The cross-site request forgery token in the request may be predictable ...)
- TODO: check
+ NOT-FOR-US: Westermo Lynx
CVE-2023-36498 (A post-authentication command injection vulnerability exists in the PP ...)
NOT-FOR-US: Tp-Link
CVE-2023-35188 (SQL Injection Remote Code Execution Vulnerability was found using a cr ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1eafc427c1c72d0b0ab2625db8ba87b7e516322
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1eafc427c1c72d0b0ab2625db8ba87b7e516322
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240207/0847fe43/attachment.htm>
More information about the debian-security-tracker-commits
mailing list