[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 13 20:48:03 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d4b6d5ad by Salvatore Bonaccorso at 2024-02-13T21:47:04+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,195 +17,195 @@ CVE-2024-24814 (mod_auth_openidc is an OpenID Certified\u2122 authentication and
NOTE: https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv
NOTE: https://github.com/OpenIDC/mod_auth_openidc/commit/4022c12f314bd89d127d1be008b1a80a08e1203d (v2.4.15.2)
CVE-2024-24782 (An unauthenticated attacker can send a ping request from one network t ...)
- TODO: check
+ NOT-FOR-US: VDE
CVE-2024-24781 (An unauthenticated remote attacker can use an uncontrolled resource co ...)
- TODO: check
+ NOT-FOR-US: VDE
CVE-2024-24751 (sf_event_mgt is an event management and registration extension for the ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2024-23816 (A vulnerability has been identified in Location Intelligence Perpetual ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-23813 (A vulnerability has been identified in Polarion ALM (All versions). Th ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-23812 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-23811 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-23810 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-23804 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-23803 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-23802 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-23801 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-23800 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-23799 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-23798 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-23797 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-23796 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-23795 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-23440 (Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vuln ...)
- TODO: check
+ NOT-FOR-US: Vba32 Antivirus
CVE-2024-23439 (Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vuln ...)
- TODO: check
+ NOT-FOR-US: Vba32 Antivirus
CVE-2024-22923 (SQL injection vulnerability in adv radius v.2.2.5 allows a local attac ...)
- TODO: check
+ NOT-FOR-US: adv radius
CVE-2024-22043 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-22042 (A vulnerability has been identified in Unicam FX (All versions). The w ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-21420 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21413 (Microsoft Outlook Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21412 (Internet Shortcut Files Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21410 (Microsoft Exchange Server Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21406 (Windows Printing Service Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21405 (Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21404 (.NET Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21403 (Microsoft Azure Kubernetes Service Confidential Container Elevation of ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21402 (Microsoft Outlook Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21401 (Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vuln ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21397 (Microsoft Azure File Sync Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21396 (Dynamics 365 Sales Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21395 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21394 (Dynamics 365 Field Service Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21393 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21391 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21389 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21386 (.NET Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21384 (Microsoft Office OneNote Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21381 (Microsoft Azure Active Directory B2C Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21380 (Microsoft Dynamics Business Central/NAV Information Disclosure Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21379 (Microsoft Word Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21378 (Microsoft Outlook Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21377 (Windows DNS Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21376 (Microsoft Azure Kubernetes Service Confidential Container Remote Code ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21375 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21374 (Microsoft Teams for Android Information Disclosure)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21372 (Windows OLE Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21371 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21370 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21369 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21368 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21367 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21366 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21365 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21364 (Microsoft Azure Site Recovery Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21363 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21362 (Windows Kernel Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21361 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21360 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21359 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21358 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21357 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21356 (Windows Lightweight Directory Access Protocol (LDAP) Denial of Service ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21355 (Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21354 (Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21353 (Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21352 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21351 (Windows SmartScreen Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21350 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21349 (Microsoft ActiveX Data Objects Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21348 (Internet Connection Sharing (ICS) Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21347 (Microsoft ODBC Driver Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21346 (Win32k Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21345 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21344 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21343 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21342 (Windows DNS Client Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21341 (Windows Kernel Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21340 (Windows Kernel Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21339 (Windows USB Generic Parent Driver Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21338 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21329 (Azure Connected Machine Agent Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21328 (Dynamics 365 Sales Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21327 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21315 (Microsoft Defender for Endpoint Protection Elevation of Privilege Vuln ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21304 (Trusted Compute Base Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-20695 (Skype for Business Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-20684 (Windows Hyper-V Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-20679 (Azure Stack Hub Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-20673 (Microsoft Office Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-20667 (Azure DevOps Server Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-1378 (A command injection vulnerability was identified in GitHub Enterprise ...)
TODO: check
CVE-2024-1374 (A command injection vulnerability was identified in GitHub Enterprise ...)
@@ -221,21 +221,21 @@ CVE-2024-1355 (A command injection vulnerability was identified in GitHub Enterp
CVE-2024-1354 (A command injection vulnerability was identified in GitHub Enterprise ...)
TODO: check
CVE-2024-1309 (Uncontrolled Resource Consumption vulnerability in Honeywell Niagara F ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2024-1216 (Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerabi ...)
TODO: check
CVE-2024-1163 (Path Traversal in GitHub repository mbloch/mapshaper prior to 0.6.44.)
TODO: check
CVE-2024-1160 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1159 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1157 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1140 (Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnera ...)
- TODO: check
+ NOT-FOR-US: Twister Antivirus
CVE-2024-1096 (Twister Antivirus v8.17 allows Elevation of Privileges on the computer ...)
- TODO: check
+ NOT-FOR-US: Twister Antivirus
CVE-2024-1084 (Cross-site Scripting in thetag name pattern field in the tag protectio ...)
TODO: check
CVE-2024-1082 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
@@ -243,7 +243,7 @@ CVE-2024-1082 (A path traversal vulnerability was identified in GitHub Enterpris
CVE-2024-0707
REJECTED
CVE-2023-6072 (A cross-site scripting vulnerability in Trellix Central Management (CM ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2023-5680 (If a resolver cache has a very large number of ECS records stored for ...)
TODO: check
CVE-2023-51440 (A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30 ...)
@@ -403,47 +403,47 @@ CVE-2024-1439 (Inadequate access control in Moodle LMS. This vulnerability could
CVE-2024-1420
REJECTED
CVE-2024-0566 (The Smart Manager WordPress plugin before 8.28.0 does not properly san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0421 (The MapPress Maps for WordPress plugin before 2.88.16 does not ensure ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0420 (The MapPress Maps for WordPress plugin before 2.88.15 does not sanitiz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0250 (The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0248 (The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0170 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-0169 (Dell Unity, versions prior to 5.4, contains a cross-site scripting (XS ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-0168 (Dell Unity, versions prior to 5.4, contains a Command Injection Vulner ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-0167 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-0166 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-0165 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-0164 (Dell Unity, versions prior to 5.4, contain an OS Command Injection Vul ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-7233 (The GigPress WordPress plugin through 2.3.29 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6815 (Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Co ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-6591 (The Popup Box WordPress plugin before 20.9.0 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6501 (The Splashscreen WordPress plugin through 0.20 does not have CSRF chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6499 (The lasTunes WordPress plugin through 3.6.1 does not have CSRF check i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6294 (The Popup Builder WordPress plugin before 4.2.6 does not validate a pa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6082 (The chartjs WordPress plugin through 2023.2 does not sanitise and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6081 (The chartjs WordPress plugin through 2023.2 does not sanitise and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6036 (The Web3 WordPress plugin before 3.0.0 is vulnerable to an authenticat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52431 (The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows ...)
TODO: check
CVE-2023-52430 (The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4b6d5ad2de993e6e648d62c60c82fd609e00f0e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4b6d5ad2de993e6e648d62c60c82fd609e00f0e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240213/9a3885f8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list