[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 31 20:49:37 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f361a9bd by Salvatore Bonaccorso at 2024-01-31T21:42:36+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,97 +5,97 @@ CVE-2024-24566 (Lobe Chat is a chatbot framework that supports speech synthesis,
CVE-2024-23637 (OctoPrint is a web interface for 3D printer.s OctoPrint versions up un ...)
TODO: check
CVE-2024-23508 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23507 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23505 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23502 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22310 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22307 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22306 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22305 (Authorization Bypass Through User-Controlled Key vulnerability in ali ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22304 (Cross-Site Request Forgery (CSRF) vulnerability in Borbis Media FreshM ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22302 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22297 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22295 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22293 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22291 (Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browse ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22290 (Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,Uni ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22289 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22287 (Cross-Site Request Forgery (CSRF) vulnerability in Lud\u011bk Melichar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22286 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22285 (Cross-Site Request Forgery (CSRF) vulnerability in Elise Bosse Frontpa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22282 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22163 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22162 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22161 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22160 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22159 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22158 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22153 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22150 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22146 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22143 (Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22140 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22136 (Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-21917 (A vulnerability exists in Rockwell Automation FactoryTalk\xae Service ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-21916 (A denial-of-service vulnerability exists in specific Rockwell Automati ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-21893 (A server-side request forgery vulnerability in the SAML component of I ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-21888 (A privilege escalation vulnerability in web component of Ivanti Connec ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-1116 (A vulnerability was found in openBI up to 1.0.8. It has been classifie ...)
- TODO: check
+ NOT-FOR-US: openBI
CVE-2024-1115 (A vulnerability was found in openBI up to 1.0.8 and classified as crit ...)
- TODO: check
+ NOT-FOR-US: openBI
CVE-2024-1114 (A vulnerability has been found in openBI up to 1.0.8 and classified as ...)
- TODO: check
+ NOT-FOR-US: openBI
CVE-2024-1113 (A vulnerability, which was classified as critical, was found in openBI ...)
- TODO: check
+ NOT-FOR-US: openBI
CVE-2024-1112 (Heap-based buffer overflow vulnerability in Resource Hacker, developed ...)
TODO: check
CVE-2024-1111 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: SourceCodester QR Code Login System
CVE-2024-1103 (A vulnerability was found in CodeAstro Real Estate Management System 1 ...)
TODO: check
CVE-2024-1099 (A vulnerability was found in Rebuild up to 3.5.5. It has been classifi ...)
- TODO: check
+ NOT-FOR-US: Rebuild
CVE-2024-1098 (A vulnerability was found in Rebuild up to 3.5.5 and classified as pro ...)
- TODO: check
+ NOT-FOR-US: Rebuild
CVE-2024-1087
REJECTED
CVE-2024-1086 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
@@ -109,25 +109,25 @@ CVE-2024-1085 (A use-after-free vulnerability in the Linux kernel's netfilter: n
NOTE: https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7
NOTE: https://git.kernel.org/linus/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7 (6.8-rc1)
CVE-2024-0833 (In Telerik Test Studio versions prior to v2023.3.1330, a privilege e ...)
- TODO: check
+ NOT-FOR-US: Telerik
CVE-2024-0832 (In Telerik Reporting versions prior to 2024 R1, a privilege elevation ...)
- TODO: check
+ NOT-FOR-US: Telerik
CVE-2024-0589 (Cross-site scripting (XSS) vulnerability in the entry overview tab in ...)
- TODO: check
+ NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2024-0219 (In Telerik JustDecompile versions prior to 2024 R1, a privilege elevat ...)
- TODO: check
+ NOT-FOR-US: Telerik
CVE-2023-7043 (Unquoted service path in ESET products allows to drop a prepared pro ...)
TODO: check
CVE-2023-5390 (An attacker could potentially exploit this vulnerability, leading to f ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-50357 (A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP webs ...)
- TODO: check
+ NOT-FOR-US: AREAL SAS Websrv1 ASP website
CVE-2023-50356 (SSL connections to NOVELL and Synology LDAP server are vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: AREAL Topkapi Vision (Server)
CVE-2023-50166 (Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2023-50165 (Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Gen ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2023-47116 (Label Studio is a popular open source data labeling tool. The vulnerab ...)
TODO: check
CVE-2023-44313 (Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f361a9bdd74d44b234db2d08293a160734b0750d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f361a9bdd74d44b234db2d08293a160734b0750d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240131/03e13f1d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list