[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 12 20:38:57 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
31bd1304 by Salvatore Bonaccorso at 2024-03-12T21:38:27+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,11 +7,11 @@ CVE-2024-2391 (A vulnerability was found in EVE-NG 5.0.1-13 and classified as pr
CVE-2024-2371 (Information exposure vulnerability in Korenix JetI/O 6550 affecting fi ...)
NOT-FOR-US: Korenix JetI/O 6550
CVE-2024-2130 (The CWW Companion plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2049 (Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium E ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2024-2031 (The Video Conferencing with Zoom plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-28553 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entr ...)
NOT-FOR-US: Tenda
CVE-2024-28535 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitI ...)
@@ -25,7 +25,7 @@ CVE-2024-28338 (A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows a
CVE-2024-28186 (FreeScout is an open source help desk and shared inbox built with PHP. ...)
NOT-FOR-US: FreeScout
CVE-2024-28121 (stimulus_reflex is a system to extend the capabilities of both Rails a ...)
- TODO: check
+ NOT-FOR-US: stimulus_reflex
CVE-2024-28114 (Peering Manager is a BGP session management tool. There is a Server Si ...)
NOT-FOR-US: Peering Manager
CVE-2024-28113 (Peering Manager is a BGP session management tool. In Peering Manager < ...)
@@ -205,75 +205,75 @@ CVE-2024-21334 (Open Management Infrastructure (OMI) Remote Code Execution Vulne
CVE-2024-21330 (Open Management Infrastructure (OMI) Elevation of Privilege Vulnerabil ...)
NOT-FOR-US: Microsoft
CVE-2024-20671 (Microsoft Defender Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-1765 (Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an u ...)
TODO: check
CVE-2024-1618 (A search path or unquoted item vulnerability in Faronics Deep Freeze S ...)
- TODO: check
+ NOT-FOR-US: Faronics Deep Freeze Server Standard
CVE-2024-1529 (Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently e ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2024-1528 (CMS Made Simple version 2.2.14, does not sufficiently encode user-cont ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2024-1527 (Unrestricted file upload vulnerability in CMS Made Simple, affecting v ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2024-1410 (Cloudflare quiche was discovered to be vulnerable to unbounded storage ...)
- TODO: check
+ NOT-FOR-US: Cloudflare quiche
CVE-2024-1328 (The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1304 (Cross-site scripting vulnerability in Badger Meter Monitool that affec ...)
- TODO: check
+ NOT-FOR-US: Badger Meter Monitool
CVE-2024-1303 (Incorrectly limiting the path to a restricted directory vulnerability ...)
- TODO: check
+ NOT-FOR-US: Badger Meter Monitool
CVE-2024-1302 (Information exposure vulnerability in Badger Meter Monitool affecting ...)
- TODO: check
+ NOT-FOR-US: Badger Meter Monitool
CVE-2024-1301 (SQL injection vulnerability in Badger Meter Monitool affecting version ...)
- TODO: check
+ NOT-FOR-US: Badger Meter Monitool
CVE-2024-1227 (An open redirect vulnerability, the exploitation of which could allow ...)
TODO: check
CVE-2024-1226 (The software does not neutralize or incorrectly neutralizes certain ch ...)
TODO: check
CVE-2024-1138 (The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterpri ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2024-1137 (The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveS ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2024-0906 (The f(x) Private Site plugin for WordPress is vulnerable to Sensitive ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5410 (A potential security vulnerability has been reported in the system BIO ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-4780
REJECTED
CVE-2023-4731 (The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4729 (The LadiApp plugin for WordPress is vulnerable to Cross-Site Request F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4728 (The LadiApp plugin for WordPress is vulnerable to unauthorized modific ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4629 (The LadiApp plugin for WordPress is vulnerable to Cross-Site Request F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4628 (The LadiApp plugin for WordPress is vulnerable to Cross-Site Request F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4627 (The LadiApp plugin for WordPress is vulnerable to unauthorized modific ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4626 (The LadiApp plugin for WordPress is vulnerable to unauthorized modific ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48788 (A improper neutralization of special elements used in an sql command ( ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-47534 (A improper neutralization of formula elements in a csv file in Fortine ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-46717 (An improper authentication vulnerability [CWE-287] in FortiOS versions ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-45793 (A vulnerability has been identified in Siveillance Control (All versio ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-42790 (A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-42789 (A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 t ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-41842 (A use of externally-controlled format string vulnerability [CWE-134] i ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-41313 (The authentication method in Apache Doris versions before 2.0.0 was vu ...)
- TODO: check
+ NOT-FOR-US: Apache Doris
CVE-2023-36554 (A improper access control in Fortinet FortiManager version 7.4.0, vers ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-2182 (A flaw was found in the Open Virtual Network (OVN). In OVN clusters wh ...)
- ovn 24.03.1-1
NOTE: https://bugs.launchpad.net/bugs/2053113
@@ -339,7 +339,7 @@ CVE-2024-27297 (Nix is a package manager for Linux and other Unix systems. A fix
- guix <unfixed> (bug #1066113)
NOTE: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=8f4ffb3fae133bb21d7991e97c2f19a7108b1143
CVE-2024-27121 (Path traversal vulnerability exists in Machine Automation Controller N ...)
- TODO: check
+ NOT-FOR-US: Machine Automation Controller
CVE-2024-26521 (HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows ...)
NOT-FOR-US: CE Phoenix
CVE-2024-25854 (Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance M ...)
@@ -122702,7 +122702,7 @@ CVE-2022-34323 (Multiple XSS issues were discovered in Sage XRT Business Exchang
CVE-2022-34322 (Multiple XSS issues were discovered in Sage Enterprise Intelligence 20 ...)
NOT-FOR-US: Sage
CVE-2022-34321 (Improper Authentication vulnerability in Apache Pulsar Proxy allows an ...)
- TODO: check
+ NOT-FOR-US: Apache Pulsar
CVE-2022-34320 (IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms th ...)
NOT-FOR-US: IBM
CVE-2022-34319 (IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms th ...)
@@ -128010,7 +128010,7 @@ CVE-2022-32259 (A vulnerability has been identified in SINEMA Remote Connect Ser
CVE-2022-32258 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
NOT-FOR-US: Siemens
CVE-2022-32257 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-32256 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
NOT-FOR-US: Siemens
CVE-2022-32255 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31bd1304e948b5fdd3bf17855b9df21dce6915c3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31bd1304e948b5fdd3bf17855b9df21dce6915c3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240312/4fe04c5a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list