[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Feb 9 10:03:39 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3318b31d by Moritz Muehlenhoff at 2024-02-09T11:03:12+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,101 +1,101 @@
CVE-2024-25107 (WikiDiscover is an extension designed for use with a CreateWiki manage ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension
CVE-2024-25106 (OpenObserve is a observability platform built specifically for logs, m ...)
- TODO: check
+ NOT-FOR-US: OpenObserve
CVE-2024-25004 (KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buf ...)
- TODO: check
+ NOT-FOR-US: KiTTY
CVE-2024-25003 (KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buf ...)
- TODO: check
+ NOT-FOR-US: KiTTY
CVE-2024-24830 (OpenObserve is a observability platform built specifically for logs, m ...)
- TODO: check
+ NOT-FOR-US: OpenObserve
CVE-2024-24829 (Sentry is an error tracking and performance monitoring platform. Sentr ...)
- TODO: check
+ NOT-FOR-US: Sentry
CVE-2024-24825 (DIRAC is a distributed resource framework. In affected versions any us ...)
- TODO: check
+ NOT-FOR-US: DIRAC
CVE-2024-24821 (Composer is a dependency Manager for the PHP language. In affected ver ...)
TODO: check
CVE-2024-24820 (Icinga Director is a tool designed to make Icinga 2 configuration hand ...)
- TODO: check
+ NOT-FOR-US: Icinga Director
CVE-2024-24819 (icingaweb2-module-incubator is a working project of bleeding edge Icin ...)
- TODO: check
+ NOT-FOR-US: icingaweb2-module-incubator
CVE-2024-24499 (SQL Injection vulnerability in Employee Management System v.1.0 allows ...)
- TODO: check
+ NOT-FOR-US: Employee Management System
CVE-2024-24498 (Unrestricted File Upload vulnerability in Employee Management System 1 ...)
- TODO: check
+ NOT-FOR-US: Employee Management System
CVE-2024-24497 (SQL Injection vulnerability in Employee Management System v.1.0 allows ...)
- TODO: check
+ NOT-FOR-US: Employee Management System
CVE-2024-24496 (An issue in Daily Habit Tracker v.1.0 allows a remote attacker to mani ...)
- TODO: check
+ NOT-FOR-US: Daily Habit Tracker
CVE-2024-24495 (SQL Injection vulnerability in delete-tracker.php in Daily Habit Track ...)
- TODO: check
+ NOT-FOR-US: Daily Habit Tracker
CVE-2024-24494 (Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows ...)
- TODO: check
+ NOT-FOR-US: Daily Habit Tracker
CVE-2024-24393 (File Upload vulnerability index.php in Pichome v.1.1.01 allows a remot ...)
- TODO: check
+ NOT-FOR-US: Pichome
CVE-2024-24308 (SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module f ...)
- TODO: check
+ NOT-FOR-US: Boostmyshop
CVE-2024-23756 (The HTTP PUT and DELETE methods are enabled in the Plone official Dock ...)
- TODO: check
+ NOT-FOR-US: Plone Docker image
CVE-2024-23749 (KiTTY versions 0.76.1.13 and before is vulnerable to command injection ...)
- TODO: check
+ NOT-FOR-US: KiTTY
CVE-2024-23639 (Micronaut Framework is a modern, JVM-based, full stack Java framework ...)
- TODO: check
+ NOT-FOR-US: Micronaut Framework
CVE-2024-22332 (The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vul ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-22318 (IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 th ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-1353 (A vulnerability, which was classified as critical, has been found in P ...)
- TODO: check
+ NOT-FOR-US: PHPEMS
CVE-2024-1122 (The Event Manager, Events Calendar, Events Tickets for WooCommerce \u2 ...)
- TODO: check
+ NOT-FOR-US: WooCommerce plugin
CVE-2024-0842 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0657 (The Internal Link Juicer: SEO Auto Linker for WordPress plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51761 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unaut ...)
- TODO: check
+ NOT-FOR-US: Emerson Rosemount
CVE-2023-51630 (Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypa ...)
- TODO: check
+ NOT-FOR-US: Paessler PRTG Network Monitor
CVE-2023-50026 (SQL injection vulnerability in Presta Monster "Multi Accessories Pro" ...)
- TODO: check
+ NOT-FOR-US: Presta
CVE-2023-49716 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authe ...)
- TODO: check
+ NOT-FOR-US: Emerson Rosemount
CVE-2023-49101 (WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and ...)
- TODO: check
+ NOT-FOR-US: Axigen
CVE-2023-47132 (An issue discovered in N-able N-central before 2023.6 and earlier allo ...)
- TODO: check
+ NOT-FOR-US: N-able
CVE-2023-47131 (The N-able PassPortal extension before 3.29.2 for Chrome inserts sensi ...)
- TODO: check
+ NOT-FOR-US: N-able
CVE-2023-46687 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unaut ...)
- TODO: check
+ NOT-FOR-US: Emerson Rosemount
CVE-2023-46350 (SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier ...)
- TODO: check
+ NOT-FOR-US: InnovaDeluxe
CVE-2023-45191 (IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequ ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-45190 (IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-45187 (IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 do ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-43609 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unaut ...)
- TODO: check
+ NOT-FOR-US: Emerson Rosemount
CVE-2023-42016 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-40266 (An issue was discovered in Atos Unify OpenScape Xpressions WebAssistan ...)
- TODO: check
+ NOT-FOR-US: Atos Unify
CVE-2023-40265 (An issue was discovered in Atos Unify OpenScape Xpressions WebAssistan ...)
- TODO: check
+ NOT-FOR-US: Atos Unify
CVE-2023-40264 (An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 ...)
- TODO: check
+ NOT-FOR-US: Atos Unify
CVE-2023-40263 (An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 ...)
- TODO: check
+ NOT-FOR-US: Atos Unify
CVE-2023-40262 (An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 ...)
- TODO: check
+ NOT-FOR-US: Atos Unify
CVE-2023-39683 (Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and bef ...)
- TODO: check
+ NOT-FOR-US: EasyEmail
CVE-2023-32341 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 throug ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-31506 (A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2023-4639 [Cookie Smuggling/Spoofing]
- undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2166022
@@ -109,9 +109,9 @@ CVE-2023-3966 [Invalid memory access in Geneve with HW offload]
NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/b8657dada9641fbd2bd3a3f882e0862448d60910 (v2.17.9)
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2024-February/411702.html
CVE-2024-25191 (php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authe ...)
- TODO: check
+ - php-jwt <removed>
CVE-2024-25190 (l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authe ...)
- TODO: check
+ NOT-FOR-US: l8w8jwt
CVE-2024-25189 (libjwt 1.15.3 uses strcmp (which is not constant time) to verify authe ...)
TODO: check
CVE-2024-24886 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -139,7 +139,7 @@ CVE-2024-24321 (An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker
CVE-2024-24215 (An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web ...)
NOT-FOR-US: Cellinx NVT Web Server
CVE-2024-24213 (Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vu ...)
- TODO: check
+ NOT-FOR-US: Supabase
CVE-2024-24115 (A stored cross-site scripting (XSS) vulnerability in the Edit Page fun ...)
NOT-FOR-US: Cotonti CMS
CVE-2024-24113 (xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerabilit ...)
@@ -151,7 +151,7 @@ CVE-2024-23764 (Certain WithSecure products allow Local Privilege Escalation. Th
CVE-2024-23660 (The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844f ...)
NOT-FOR-US: Binance Trust Wallet app for iOS
CVE-2024-23452 (Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1. ...)
- TODO: check
+ NOT-FOR-US: Apache bRPC
CVE-2024-22836 (An OS command injection vulnerability exists in Akaunting v3.1.3 and e ...)
NOT-FOR-US: Akaunting
CVE-2024-22795 (Insecure Permissions vulnerability in Forescout SecureConnector v.11.3 ...)
@@ -240,7 +240,7 @@ CVE-2024-24014 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 an
CVE-2024-24003 (jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller ...)
NOT-FOR-US: jshERP
CVE-2024-23448 (An issue was discovered whereby APM Server could log at ERROR level, a ...)
- TODO: check
+ NOT-FOR-US: Elastic
CVE-2024-22394 (An improper authentication vulnerability has been identified in SonicW ...)
NOT-FOR-US: SonicWall
CVE-2024-0511 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3318b31d4e27e13f283affe53f96fce7b0684427
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3318b31d4e27e13f283affe53f96fce7b0684427
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240209/ec7f26f8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list