[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 14 21:34:20 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ed11b07c by Salvatore Bonaccorso at 2024-02-14T22:33:46+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -50,17 +50,17 @@ CVE-2024-24990 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QU
CVE-2024-24989 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
TODO: check
CVE-2024-24966 (When LDAP remote authentication is configured on F5OS, a remote user w ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-24775 (When a virtual server is enabled with VLAN group and SNAT listener is ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23982 (When a BIG-IP PEM classification profile is configured on a UDP virtua ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23979 (When SSL Client Certificate LDAP or Certificate Revocation List Distri ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23976 (When running in Appliance mode, an authenticated attacker assigned the ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23805 (Undisclosed requests can cause the Traffic Management Microkernel (TMM ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23789 (Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver. ...)
NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11
CVE-2024-23788 (Server-side request forgery vulnerability in Energy Management Control ...)
@@ -76,29 +76,29 @@ CVE-2024-23784 (Improper access control vulnerability exists in Energy Managemen
CVE-2024-23783 (Improper authentication vulnerability in Energy Management Controller ...)
NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11
CVE-2024-23607 (A directory traversal vulnerability exists in the F5OS QKView utility ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23603 (An SQL injection vulnerability exists in an undisclosed page of the BI ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23314 (When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisc ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23308 (When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Ha ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23306 (A vulnerability exists in BIG-IP Next CNF and SPK systems that may all ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-22389 (When BIG-IP is deployed in high availability (HA) and an iControl REST ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-22093 (When running in appliance mode, an authenticated remote command inject ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-21849 (When an Advanced WAF/ASM security policy and a Websockets profile are ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-21789 (When a BIG-IP ASM/Advanced WAF security policy is configured on a virt ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-21782 (BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-21771 (For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an e ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-21763 (When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-0568 (CWE-287: Improper Authentication vulnerability exists that could cause ...)
NOT-FOR-US: Schneider Electric
CVE-2024-0011 (A reflected cross-site scripting (XSS) vulnerability in the Captive Po ...)
@@ -112,13 +112,13 @@ CVE-2024-0008 (Web sessions in the management interface in Palo Alto Networks PA
CVE-2024-0007 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-O ...)
NOT-FOR-US: Palo Alto Networks
CVE-2023-6441 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: UNI-PA University Marketing & Computer Internet Trade Inc. University Information System
CVE-2023-6409 (CWE-798: Use of Hard-coded Credentials vulnerability exists that could ...)
NOT-FOR-US: Schneider Electric
CVE-2023-6408 (CWE-924: Improper Enforcement of Message Integrity During Transmission ...)
NOT-FOR-US: Schneider Electric
CVE-2023-5123 (The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcu ...)
- TODO: check
+ NOT-FOR-US: Grafana plugin
CVE-2023-5122 (Grafana is an open-source platform for monitoring and observability. T ...)
TODO: check
CVE-2023-52399
@@ -206,79 +206,79 @@ CVE-2023-42665
CVE-2023-42437
REJECTED
CVE-2023-41252 (Out-of-bounds read in some Intel(R) QAT software drivers for Windows b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-41231 (Incorrect default permissions in some ACAT software maintained by Inte ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-41091 (Uncontrolled search path for some Intel(R) MPI Library Software before ...)
TODO: check
CVE-2023-41090 (Race condition in some Intel(R) MAS software before version 2.3 may al ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-40161 (Improper access control in some Intel Unite(R) Client software before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-40156 (Uncontrolled search path element in some Intel(R) SSU software before ...)
NOT-FOR-US: Intel
CVE-2023-40154 (Incorrect default permissions in the Intel(R) SUR for Gameplay Softwar ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39941 (Improper access control in some Intel(R) SUR software before version 2 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39932 (Uncontrolled search path in the Intel(R) SUR for Gameplay Software bef ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39450
REJECTED
CVE-2023-39432 (Improper access control element in some Intel(R) Ethernet tools and dr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39425 (Improper access control in some Intel(R) DSA software before version 2 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38566 (Uncontrolled search path in some Intel(R) ISPC software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38561 (Improper access control in some Intel(R) XTU software before version 7 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38262
REJECTED
CVE-2023-38137
REJECTED
CVE-2023-38135 (Improper authorization in some Intel(R) PM software may allow a privil ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-36493 (Uncontrolled search path in some Intel(R) SDK for OpenCL(TM) Applicati ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-36490 (Improper initialization in some Intel(R) MAS software before version 2 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-35769 (Uncontrolled search path in some Intel(R) CIP software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-35121 (Improper access control in some Intel(R) oneAPI DPC++/C++ Compiler sof ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-35062 (Improper access control in some Intel(R) DSA software before version 2 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-35061 (Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) ...)
TODO: check
CVE-2023-35060 (Uncontrolled search path in some Intel(R) Battery Life Diagnostic Tool ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-35003 (Path transversal in some Intel(R) VROC software before version 8.0.8.1 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-34983 (Improper input validation for some Intel(R) PROSet/Wireless and Intel( ...)
TODO: check
CVE-2023-34351 (Buffer underflow in some Intel(R) PCM software before version 202307 m ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-34315 (Incorrect default permissions in some Intel(R) VROC software before ve ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-33875 (Improper access control for some Intel(R) PROSet/Wireless and Intel(R) ...)
TODO: check
CVE-2023-33870 (Insecure inherited permissions in some Intel(R) Ethernet tools and dri ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32651 (Improper validation of specified type of input for some Intel(R) PROSe ...)
TODO: check
CVE-2023-32647 (Improper access control in some Intel(R) XTU software before version 7 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32646 (Uncontrolled search path element in some Intel(R) VROC software before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32644 (Protection mechanism failure for some Intel(R) PROSet/Wireless and Int ...)
TODO: check
CVE-2023-32642 (Insufficient adherence to expected conventions for some Intel(R) PROSe ...)
TODO: check
CVE-2023-32618 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32280 (Insufficiently protected credentials in some Intel(R) Server Product O ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-31271 (Improper access control in some Intel(R) VROC software before version ...)
TODO: check
CVE-2023-31189 (Improper authentication in some Intel(R) Server Product OpenBMC firmwa ...)
@@ -343,7 +343,7 @@ CVE-2023-38960 (Insecure Permissions issue in Raiden Professional Server RaidenF
CVE-2024-1342
NOT-FOR-US: Red Hat OpenShift
CVE-2024-25122 (sidekiq-unique-jobs is an open source project which prevents simultane ...)
- TODO: check
+ NOT-FOR-US: sidekiq-unique-jobs
CVE-2024-24925 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
NOT-FOR-US: Siemens
CVE-2024-24924 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
@@ -822,19 +822,19 @@ CVE-2023-47218 (An OS command injection vulnerability has been reported to affec
CVE-2023-46615 (Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Comin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-42374 (An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote at ...)
- TODO: check
+ NOT-FOR-US: mystenlabs Sui Blockchain
CVE-2023-41708 (References to the "app loader" functionality could contain redirects t ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-41707 (Processing of user-defined mail search expressions is not limited. Ava ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-41706 (Processing time of drive search expressions now gets monitored, and th ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-41705 (Processing of user-defined DAV user-agent strings is not limited. Avai ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-41704 (Processing of CID references at E-Mail can be abused to inject malicio ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-41703 (User ID references at mentions in document comments were not correctly ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2022-48623 (The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-boun ...)
TODO: check
CVE-2021-4437 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -935,7 +935,7 @@ CVE-2024-25714 (In Rhonabwy through 1.1.13, HMAC signature verification uses a s
CVE-2024-25713 (yyjson through 0.8.0 has a double free, leading to remote code executi ...)
- yyjson <itp> (bug #972804)
CVE-2024-25712 (http-swagger before 1.2.6 allows XSS via PUT requests, because a file ...)
- TODO: check
+ NOT-FOR-US: http-swagger
CVE-2024-23724 (Ghost through 5.76.0 allows stored XSS, and resultant privilege escala ...)
NOT-FOR-US: Ghost CMS
CVE-2024-21875 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed11b07cc3cd482ed518404a0d65d9395bf3b1a7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed11b07cc3cd482ed518404a0d65d9395bf3b1a7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240214/547d6e93/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list