[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Feb 16 10:07:15 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9aa4ff3a by Moritz Muehlenhoff at 2024-02-16T11:06:38+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,65 +1,65 @@
CVE-2024-25415 (A remote code execution (RCE) vulnerability in /admin/define_language. ...)
- TODO: check
+ NOT-FOR-US: CE Phoenix
CVE-2024-25414 (An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1 ...)
- TODO: check
+ NOT-FOR-US: CSZ CMS
CVE-2024-25413 (A XSLT Server Side injection vulnerability in the Import Jobs function ...)
- TODO: check
+ NOT-FOR-US: Magento plugin
CVE-2024-25123 (MSS (Mission Support System) is an open source package designed for pl ...)
- TODO: check
+ NOT-FOR-US: MSS (Mission Support System)
CVE-2024-23674 (The Online-Ausweis-Funktion eID scheme in the German National Identity ...)
TODO: check
CVE-2024-23479 (SolarWinds Access Rights Manager (ARM) was found to be susceptible to ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23478 (SolarWinds Access Rights Manager (ARM) was found to be susceptible to ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23477 (The SolarWinds Access Rights Manager (ARM) was found to be susceptible ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-23476 (The SolarWinds Access Rights Manager (ARM) was found to be susceptible ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-21728 (An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTi ...)
- TODO: check
+ NOT-FOR-US: osTicky2
CVE-2024-0622 (Local privilege escalation vulnerabilityaffects OpenText Operations Ag ...)
- TODO: check
+ NOT-FOR-US: OpenText Operations Agent
CVE-2024-0240 (A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products ...)
- TODO: check
+ NOT-FOR-US: Silabs
CVE-2024-0041 (In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-0040 (In setParameter of MtpPacket.cpp, there is a possible out of bounds re ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-0038 (In injectInputEventToInputFilter of AccessibilityManagerService.java, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-0037 (In applyCustomDescription of SaveUi.java, there is a possible way to v ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-0036 (In startNextMatchingActivity of ActivityTaskManagerService.java, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-0035 (In onNullBinding of TileLifecycleManager.java, there is a possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-0034 (In BackgroundLaunchProcessController, there is a possible way to launc ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-0033 (In multiple functions of ashmem-dev.cpp, there is a possible missing s ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-0032 (In queryChildDocuments of FileSystemProvider.java, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-0031 (In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-0030 (In btif_to_bta_response of btif_gatt_util.cc, there is a possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-0029 (In multiple files, there is a possible way to capture the device scree ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-0014 (In startInstall of UpdateFetcher.java, there is a possible way to trig ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-6451 (Publicly known cryptographic machine key in AlayaCare's Procura Portal ...)
- TODO: check
+ NOT-FOR-US: AlayaCare Procura Portal
CVE-2023-6123 (Improper Neutralization vulnerability affects OpenText ALM Octaneversi ...)
- TODO: check
+ NOT-FOR-US: Open Text ALM Octane
CVE-2023-49508 (Directory Traversal vulnerability in YetiForceCompany YetiForceCRM ver ...)
- TODO: check
+ NOT-FOR-US: YetiForceCRM
CVE-2023-40122 (In applyCustomDescription of SaveUi.java, there is a possible way to v ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40093 (In multiple files, there is a possible way that trimmed content could ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40057 (The SolarWinds Access Rights Manager was found to be susceptible to a ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-21890
[experimental] - nodejs <unfixed>
- nodejs <not-affected> (Only affects 20.x and later)
@@ -49410,7 +49410,7 @@ CVE-2023-28715 (Improper access control in some Intel(R) oneAPI Toolkit and comp
CVE-2023-28397 (Improper access control in some Intel(R) Aptio* V UEFI Firmware Integr ...)
NOT-FOR-US: Intel
CVE-2023-28396 (Improper access control in firmware for some Intel(R) Thunderbol(TM) C ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27391 (Improper access control in some Intel(R) oneAPI Toolkit and component ...)
NOT-FOR-US: Intel
CVE-2023-22313 (Improper buffer restrictions in some Intel(R) QAT Library software bef ...)
@@ -50653,7 +50653,7 @@ CVE-2023-27515 (Cross-site scripting (XSS) for the Intel(R) DSA software before
CVE-2023-24592 (Path traversal in the some Intel(R) oneAPI Toolkits and Component soft ...)
NOT-FOR-US: Intel
CVE-2023-24591 (Uncontrolled search path in some Intel(R) Binary Configuration Tool so ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-1789 (Improper Input Validation in GitHub repository firefly-iii/firefly-iii ...)
NOT-FOR-US: firefly-iii
CVE-2023-1788 (Insufficient Session Expiration in GitHub repository firefly-iii/firef ...)
@@ -51359,7 +51359,7 @@ CVE-2023-26589 (Use after free in some Intel(R) Aptio* V UEFI Firmware Integrato
CVE-2023-25949 (Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmw ...)
NOT-FOR-US: Intel
CVE-2023-25945 (Protection mechanism failure in some Intel(R) OFU software before vers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25778
RESERVED
CVE-2023-22305 (Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator To ...)
@@ -56181,7 +56181,7 @@ CVE-2023-25951 (Improper input validation for some Intel(R) PROSet/Wireless and
CVE-2023-25757 (Improper access control in some Intel(R) Unison(TM) software before ve ...)
NOT-FOR-US: Intel
CVE-2023-25174 (Improper access control in some Intel(R) Chipset Driver Software befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-24596
RESERVED
CVE-2023-22437
@@ -56684,21 +56684,21 @@ CVE-2023-27398 (A vulnerability has been identified in Tecnomatix Plant Simulati
CVE-2023-27383 (Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023. ...)
NOT-FOR-US: Intel
CVE-2023-27307 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27303 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-26596 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-26592 (Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-26591 (Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers fo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25080 (Protection mechanism failure in some Intel(R) Distribution of OpenVINO ...)
NOT-FOR-US: Intel
CVE-2023-24478 (Use of insufficiently random values for some Intel Agilex(R) software ...)
NOT-FOR-US: Intel
CVE-2023-24463 (Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22312 (Improper access control for some Intel(R) NUC BIOS firmware may allow ...)
NOT-FOR-US: Intel
CVE-2023-1129 (The WP FEvents Book WordPress plugin through 0.46 does not ensures tha ...)
@@ -56770,13 +56770,13 @@ CVE-2023-27374
CVE-2023-27373 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
NOT-FOR-US: Insyde
CVE-2023-27308 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27302
RESERVED
CVE-2023-27301 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27300 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27299
RESERVED
CVE-2023-27297
@@ -56784,7 +56784,7 @@ CVE-2023-27297
CVE-2023-26597 (Controller DoS due to buffer overflow in the handling of a specially c ...)
NOT-FOR-US: Honeywell
CVE-2023-26585 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25948 (Server information leak of configuration data when an error is generat ...)
NOT-FOR-US: Honeywell
CVE-2023-25770 (Controller DoS may occur due to buffer overflow when an error is gener ...)
@@ -56794,7 +56794,7 @@ CVE-2023-25178 (Controller may be loaded with malicious firmware which could ena
CVE-2023-25078 (Server or Console Station DoS due to heap overflow occurring during th ...)
NOT-FOR-US: Honeywell
CVE-2023-24589 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-24480 (Controller DoS due to stack overflow when decoding a message from the ...)
NOT-FOR-US: Honeywell
CVE-2023-24474 (Experion server may experience a DoS due to a heap overflow which coul ...)
@@ -57023,11 +57023,11 @@ CVE-2023-26594
CVE-2023-25771 (Improper access control for some Intel(R) NUC BIOS firmware may allow ...)
NOT-FOR-US: Intel
CVE-2023-25769 (Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) DCH ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25079
RESERVED
CVE-2023-24481 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-24462
RESERVED
CVE-2023-24017
@@ -57035,9 +57035,9 @@ CVE-2023-24017
CVE-2023-24013
RESERVED
CVE-2023-22848 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22390 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-1081 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
NOT-FOR-US: Microweber
CVE-2023-1080 (The GN Publisher plugin for WordPress is vulnerable to Reflected Cross ...)
@@ -59079,9 +59079,9 @@ CVE-2023-26465 (Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue
CVE-2023-25944 (Uncontrolled search path element in some Intel(R) VCUST Tool software ...)
NOT-FOR-US: Intel
CVE-2023-25779 (Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25777 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25775 (Improper access control in the Intel(R) Ethernet Controller RDMA drive ...)
{DSA-5594-1 DLA-3711-1 DLA-3710-1}
- linux 6.5.3-1
@@ -59091,15 +59091,15 @@ CVE-2023-25775 (Improper access control in the Intel(R) Ethernet Controller RDMA
CVE-2023-25075 (Unquoted search path in the installer for some Intel Server Configurat ...)
NOT-FOR-US: Intel
CVE-2023-25073 (Improper access control in some Intel(R) DSA software before version 2 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-24542 (Unquoted search path or element in some Intel(R) Thunderbolt(TM) DCH d ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-24541
RESERVED
CVE-2023-22342 (Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22293 (Improper access control in the Intel(R) Thunderbolt(TM) DCH drivers fo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-0996 (There is a vulnerability in the strided image data parsing code in the ...)
- libheif 1.15.1-1 (bug #1032101)
[bullseye] - libheif <no-dsa> (Minor issue)
@@ -59865,7 +59865,7 @@ CVE-2023-26208 (A improper restriction of excessive authentication attempts vuln
CVE-2023-26207 (An insertion of sensitive information into log file vulnerability in F ...)
NOT-FOR-US: Fortinet
CVE-2023-26206 (An improper neutralization of input during web page generation ('cross ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-26205 (An improper access control vulnerability[CWE-284] in FortiADC automati ...)
NOT-FOR-US: FortiGuard
CVE-2023-26204 (A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM ...)
@@ -71216,9 +71216,9 @@ CVE-2023-0077 (Integer overflow or wraparound vulnerability in CGI component in
CVE-2022-4877 (A vulnerability has been found in snoyberg keter up to 1.8.1 and class ...)
NOT-FOR-US: snoyberg keter
CVE-2022-48220 (Potential vulnerabilities have been identified in certain HP Desktop P ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-48219 (Potential vulnerabilities have been identified in certain HP Desktop P ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-48218
RESERVED
CVE-2021-4305 (A vulnerability was found in Woorank robots-txt-guard. It has been rat ...)
@@ -150154,25 +150154,25 @@ CVE-2022-23094 (Libreswan 4.2 through 4.5 allows remote attackers to cause a den
NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094-libreswan-4.2-4.3.patch (4.2-4.3)
NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094-libreswan-4.4-4.5.patch (4.4-4.5)
CVE-2022-23093 (ping reads raw IP packets from the network to process responses in the ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2022-23092 (The implementation of lib9p's handling of RWALK messages was missing a ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2022-23091 (A particular case of memory sharing is mishandled in the virtual memor ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2022-23090 (The aio_aqueue function, used by the lio_listio system call, fails to ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2022-23089 (When dumping core and saving process information, proc_getargv() might ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2022-23088 (The 802.11 beacon handling routine failed to validate the length of an ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2022-23087 (The e1000 network adapters permit a variety of modifications to an Eth ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2022-23086 (Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt d ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2022-23085 (A user-provided integer option was passed to nmreq_copyin() without ch ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2022-23084 (The total size of the user-provided nmreq to nmreq_copyin() was first ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2022-23083 (NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transf ...)
NOT-FOR-US: NetMaster
CVE-2022-23082 (In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path trave ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aa4ff3a9362759b534705e0abfa6fa010e55a97
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aa4ff3a9362759b534705e0abfa6fa010e55a97
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240216/4bdd6c20/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list