[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 14 21:00:43 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a743d7f1 by Salvatore Bonaccorso at 2024-02-14T22:00:14+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -62,19 +62,19 @@ CVE-2024-23976 (When running in Appliance mode, an authenticated attacker assign
CVE-2024-23805 (Undisclosed requests can cause the Traffic Management Microkernel (TMM ...)
TODO: check
CVE-2024-23789 (Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver. ...)
- TODO: check
+ NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11
CVE-2024-23788 (Server-side request forgery vulnerability in Energy Management Control ...)
- TODO: check
+ NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11
CVE-2024-23787 (Path traversal vulnerability in Energy Management Controller with Clou ...)
- TODO: check
+ NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11
CVE-2024-23786 (Cross-site scripting vulnerability in Energy Management Controller wit ...)
- TODO: check
+ NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11
CVE-2024-23785 (Cross-site request forgery vulnerability in Energy Management Controll ...)
- TODO: check
+ NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11
CVE-2024-23784 (Improper access control vulnerability exists in Energy Management Cont ...)
- TODO: check
+ NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11
CVE-2024-23783 (Improper authentication vulnerability in Energy Management Controller ...)
- TODO: check
+ NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11
CVE-2024-23607 (A directory traversal vulnerability exists in the F5OS QKView utility ...)
TODO: check
CVE-2024-23603 (An SQL injection vulnerability exists in an undisclosed page of the BI ...)
@@ -100,23 +100,23 @@ CVE-2024-21771 (For unspecified traffic patterns, BIG-IP AFM IPS engine may spen
CVE-2024-21763 (When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN ...)
TODO: check
CVE-2024-0568 (CWE-287: Improper Authentication vulnerability exists that could cause ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-0011 (A reflected cross-site scripting (XSS) vulnerability in the Captive Po ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-0010 (A reflected cross-site scripting (XSS) vulnerability in the GlobalProt ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-0009 (An improper verification vulnerability in the GlobalProtect gateway fe ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-0008 (Web sessions in the management interface in Palo Alto Networks PAN-OS ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-0007 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-O ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2023-6441 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2023-6409 (CWE-798: Use of Hard-coded Credentials vulnerability exists that could ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-6408 (CWE-924: Improper Enforcement of Message Integrity During Transmission ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-5123 (The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcu ...)
TODO: check
CVE-2023-5122 (Grafana is an open-source platform for monitoring and observability. T ...)
@@ -136,9 +136,9 @@ CVE-2023-51755
CVE-2023-51754
REJECTED
CVE-2023-50927 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
- TODO: check
+ NOT-FOR-US: Contiki-NG
CVE-2023-50926 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
- TODO: check
+ NOT-FOR-US: Contiki-NG
CVE-2023-50337
REJECTED
CVE-2023-50336
@@ -174,17 +174,17 @@ CVE-2023-49590
CVE-2023-49588
REJECTED
CVE-2023-48987 (Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content ...)
- TODO: check
+ NOT-FOR-US: CU Solutions Group (CUSG) Content Management System (CMS)
CVE-2023-48986 (Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) ...)
- TODO: check
+ NOT-FOR-US: CU Solutions Group (CUSG) Content Management System (CMS)
CVE-2023-48985 (Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) ...)
- TODO: check
+ NOT-FOR-US: CU Solutions Group (CUSG) Content Management System (CMS)
CVE-2023-48734
REJECTED
CVE-2023-48729
REJECTED
CVE-2023-48229 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
- TODO: check
+ NOT-FOR-US: Contiki-NG
CVE-2023-46186 (IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized u ...)
NOT-FOR-US: IBM
CVE-2023-45850
@@ -194,7 +194,7 @@ CVE-2023-45738
CVE-2023-45224
REJECTED
CVE-2023-44294 (In Dell Secure Connect Gateway Application and Secure Connect Gateway ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-43749
REJECTED
CVE-2023-42776 (Improper input validation in some Intel(R) SGX DCAP software for Windo ...)
@@ -591,23 +591,23 @@ CVE-2023-6072 (A cross-site scripting vulnerability in Trellix Central Managemen
CVE-2023-5680 (If a resolver cache has a very large number of ECS records stored for ...)
TODO: check
CVE-2023-51440 (A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-50808 (Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2023-50236 (A vulnerability has been identified in Polarion ALM (All versions). Th ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-49125 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-48432 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2023-48364 (A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-48363 (A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-45207 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2023-45206 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2023-31347 (Due to a code bug in Secure_TSC, SEV firmware may allow an attacker wi ...)
TODO: check
CVE-2023-31346 (Failure to initialize memory in SEV Firmware may allow a privileged at ...)
@@ -710,15 +710,15 @@ CVE-2024-23833 (OpenRefine is a free, open source power tool for working with me
NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-6p92-qfqf-qwx4
NOTE: https://github.com/OpenRefine/OpenRefine/commit/41ccf574847d856e22488a7c0987ad8efa12a84a (3.7.8)
CVE-2024-23763 (SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers ...)
- TODO: check
+ NOT-FOR-US: Gambio
CVE-2024-23762 (Unrestricted File Upload vulnerability in Content Manager feature in G ...)
- TODO: check
+ NOT-FOR-US: Gambio
CVE-2024-23761 (Server Side Template Injection in Gambio 4.9.2.0 allows attackers to r ...)
- TODO: check
+ NOT-FOR-US: Gambio
CVE-2024-23760 (Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows at ...)
- TODO: check
+ NOT-FOR-US: Gambio
CVE-2024-23759 (Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows att ...)
- TODO: check
+ NOT-FOR-US: Gambio
CVE-2024-23512 (Deserialization of Untrusted Data vulnerability in wpxpo ProductX \u20 ...)
NOT-FOR-US: WordPress plugin
CVE-2024-22454 (Dell PowerProtect Data Manager, version 19.15 and prior versions, cont ...)
@@ -808,19 +808,19 @@ CVE-2023-6036 (The Web3 WordPress plugin before 3.0.0 is vulnerable to an authen
CVE-2023-52431 (The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows ...)
TODO: check
CVE-2023-52430 (The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a ...)
- TODO: check
+ NOT-FOR-US: Caddy plugin
CVE-2023-52060 (A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attacker ...)
- TODO: check
+ NOT-FOR-US: Gestsup
CVE-2023-52059 (A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows a ...)
- TODO: check
+ NOT-FOR-US: Gestsup
CVE-2023-50358 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-49339 (Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) vi ...)
- TODO: check
+ NOT-FOR-US: Ellucian Banner
CVE-2023-47218 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-46615 (Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Comin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-42374 (An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote at ...)
TODO: check
CVE-2023-41708 (References to the "app loader" functionality could contain redirects t ...)
@@ -912,13 +912,13 @@ CVE-2023-52429 (dm_table_create in drivers/md/dm-table.c in the Linux kernel thr
- linux <unfixed>
NOTE: https://git.kernel.org/linus/bd504bcfec41a503b32054da5472904b404341a4 (6.8-rc3)
CVE-2023-51403 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51370 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50875 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47526 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25722 (qanything_kernel/connector/database/mysql/mysql_client.py in qanything ...)
NOT-FOR-US: qanything.ai QAnything
CVE-2024-25718 (In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_as ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a743d7f1de244e595467548749f7e3e5ea4472a9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a743d7f1de244e595467548749f7e3e5ea4472a9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240214/c48ae983/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list