[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 19 21:20:08 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8c7a34ef by Salvatore Bonaccorso at 2024-01-19T22:19:41+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -49,101 +49,101 @@ CVE-2024-22211 (FreeRDP is a set of free and open source remote desktop protocol
NOTE: https://github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff (3.2.0)
NOTE: https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9 (2.11.5)
CVE-2024-0732 (A vulnerability was found in PCMan FTP Server 2.0.7 and classified as ...)
- TODO: check
+ NOT-FOR-US: PCMan FTP Server
CVE-2024-0731 (A vulnerability has been found in PCMan FTP Server 2.0.7 and classifie ...)
- TODO: check
+ NOT-FOR-US: PCMan FTP Server
CVE-2024-0730 (A vulnerability, which was classified as critical, was found in Projec ...)
- TODO: check
+ NOT-FOR-US: Project Worlds Online Time Table Generator
CVE-2024-0729 (A vulnerability, which was classified as critical, has been found in F ...)
- TODO: check
+ NOT-FOR-US: ForU CMS
CVE-2024-0728 (A vulnerability classified as problematic was found in ForU CMS up to ...)
- TODO: check
+ NOT-FOR-US: ForU CMS
CVE-2024-0726 (A vulnerability was found in Project Worlds Student Project Allocation ...)
- TODO: check
+ NOT-FOR-US: Project Worlds Student Project Allocation System
CVE-2024-0725 (A vulnerability was found in ProSSHD 1.2 on Windows. It has been decla ...)
- TODO: check
+ NOT-FOR-US: ProSSHD
CVE-2024-0723 (A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been cl ...)
- TODO: check
+ NOT-FOR-US: freeSSHd
CVE-2024-0722 (A vulnerability was found in code-projects Social Networking Site 1.0 ...)
- TODO: check
+ NOT-FOR-US: code-projects Social Networking Site
CVE-2024-0721 (A vulnerability has been found in Jspxcms 10.2.0 and classified as pro ...)
- TODO: check
+ NOT-FOR-US: Jspxcms
CVE-2024-0720 (A vulnerability, which was classified as problematic, was found in Fac ...)
- TODO: check
+ NOT-FOR-US: FactoMineR FactoInvestigate
CVE-2024-0718 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: liuwy-dlsdys zhglxt
CVE-2024-0717 (A vulnerability classified as critical was found in D-Link DAP-1360, D ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-0716 (A vulnerability classified as problematic has been found in Beijing Ba ...)
- TODO: check
+ NOT-FOR-US: Beijing Baichuo Smart S150 Management Platform
CVE-2024-0714 (A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It ...)
- TODO: check
+ NOT-FOR-US: MiczFlor RPi-Jukebox-RFID
CVE-2024-0713 (A vulnerability was found in Monitorr 1.7.6m. It has been declared as ...)
- TODO: check
+ NOT-FOR-US: Monitorr
CVE-2024-0712 (A vulnerability was found in Beijing Baichuo Smart S150 Management Pla ...)
- TODO: check
+ NOT-FOR-US: Beijing Baichuo Smart S150 Management Platform
CVE-2024-0705 (The Stripe Payment Plugin for WooCommerce plugin for WordPress is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0663
REJECTED
CVE-2023-6450 (An incorrect permissions vulnerability was reported in the Lenovo App ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-6044 (A privilege escalation vulnerability was reported in Lenovo Vantage th ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-6043 (A privilege escalation vulnerability was reported in Lenovo Vantage th ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-5081 (An information disclosure vulnerability was reported in the Lenovo Tab ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-5080 (A privilege escalation vulnerability was reported in some Lenovo table ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-51948 (A Site-wide directory listing vulnerability in /fm in actidata actiNAS ...)
- TODO: check
+ NOT-FOR-US: actidata actiNAS SL 2U-8 RDX
CVE-2023-51947 (Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX ...)
- TODO: check
+ NOT-FOR-US: actidata actiNAS SL 2U-8 RDX
CVE-2023-51946 (Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSv ...)
- TODO: check
+ NOT-FOR-US: actidata actiNAS-SL-2U-8
CVE-2023-50694 (An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacke ...)
- TODO: check
+ NOT-FOR-US: dom96 HTTPbeast
CVE-2023-50693 (An issue in dom96 Jester v.0.6.0 and before allows a remote attacker t ...)
- TODO: check
+ NOT-FOR-US: dom96 Jester
CVE-2023-50447 (Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Executi ...)
TODO: check
CVE-2023-50030 (In the module "Jms Setting" (jmssetting) from Joommasters for PrestaSh ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-50028 (In the module "Sliding cart block" (blockslidingcart) up to version 2. ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-47035 (RPTC 0x3b08c was discovered to not conduct status checks on the parame ...)
TODO: check
CVE-2023-47034 (A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to caus ...)
- TODO: check
+ NOT-FOR-US: UniswapFrontRunBot
CVE-2023-47033 (MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerab ...)
TODO: check
CVE-2023-46351 (In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-45485
REJECTED
CVE-2023-43985 (SunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL inj ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-43956
REJECTED
CVE-2023-42766 (Improper input validation in some Intel NUC 8 Compute Element BIOS fir ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-42429 (Improper buffer restrictions in some Intel NUC BIOS firmware may allow ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38587 (Improper input validation in some Intel NUC BIOS firmware may allow a ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38541 (Insecure inherited permissions in some Intel HID Event Filter drivers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-33295 (Cohesity DataProtect 6.8.1 and 6.6.0d was discovered to have a incorre ...)
- TODO: check
+ NOT-FOR-US: Cohesity DataProtect
CVE-2023-32544 (Improper access control in some Intel HotKey Services for Windows 10 f ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32272 (Uncontrolled search path in some Intel NUC Pro Software Suite Configur ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-29495 (Improper input validation for some Intel NUC BIOS firmware before vers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28743 (Improper input validation for some Intel NUC BIOS firmware before vers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21733 (Generation of Error Message Containing Sensitive Information vulnerabi ...)
- tomcat9 9.0.53-1
NOTE: https://www.openwall.com/lists/oss-security/2024/01/19/2
@@ -41090,7 +41090,7 @@ CVE-2023-29162
CVE-2023-28740 (Uncontrolled search path element in some Intel(R) QAT drivers for Wind ...)
NOT-FOR-US: Intel
CVE-2023-28722 (Improper buffer restrictions for some Intel NUC BIOS firmware before v ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28407
RESERVED
CVE-2023-28388 (Uncontrolled search path element in some Intel(R) Chipset Device Softw ...)
@@ -44016,7 +44016,7 @@ CVE-2023-29465 (SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically
NOTE: https://github.com/sagemath/sage/pull/35419
NOTE: Neutralised by kernel hardening
CVE-2023-29244 (Incorrect default permissions in some Intel Integrated Sensor Hub (ISH ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-29165 (Unquoted search path or element in some Intel(R) Arc(TM) & Iris(R) Xe ...)
NOT-FOR-US: Intel
CVE-2023-28823 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...)
@@ -45959,7 +45959,7 @@ CVE-2023-28939
CVE-2023-28739
RESERVED
CVE-2023-28738 (Improper input validation for some Intel NUC BIOS firmware before vers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28721
RESERVED
CVE-2023-28658 (Insecure inherited permissions in some Intel(R) oneMKL software before ...)
@@ -52000,7 +52000,7 @@ CVE-2023-27170 (Xpand IT Write-back manager v2.3.1 allows attackers to perform a
CVE-2023-27169 (Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license cl ...)
NOT-FOR-US: Xpand IT Write-back manager
CVE-2023-27168 (An arbitrary file upload vulnerability in Xpand IT Write-back Manager ...)
- TODO: check
+ NOT-FOR-US: Xpand IT Write-back Manager
CVE-2023-27167 (Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vu ...)
NOT-FOR-US: Suprema BioStar
CVE-2023-27166
@@ -71553,7 +71553,7 @@ CVE-2022-47162 (Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdya
CVE-2022-47161 (Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org c ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47160 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47159 (Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster L ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakp ...)
@@ -75673,7 +75673,7 @@ CVE-2022-45847
CVE-2022-45846 (Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45845 (Deserialization of Untrusted Data vulnerability in Nextend Smart Slide ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45844
RESERVED
CVE-2022-45843 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Next ...)
@@ -78065,7 +78065,7 @@ CVE-2022-45085 (Server-Side Request Forgery (SSRF) vulnerability in Group Arge E
CVE-2022-45084 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softacul ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45083 (Deserialization of Untrusted Data vulnerability in ProfilePress Member ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45082 (Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45081
@@ -90637,7 +90637,7 @@ CVE-2022-40966 (Authentication bypass vulnerability in multiple Buffalo network
CVE-2022-40702 (Missing Authorization vulnerability in Zorem Advanced Local Pickup for ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40700 (Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40699 (Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr \u2013 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40697 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in3com ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c7a34efa00fab03ec9b9c944475e4b8728795f2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c7a34efa00fab03ec9b9c944475e4b8728795f2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240119/a4d19a78/attachment.htm>
More information about the debian-security-tracker-commits
mailing list