[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 1 22:11:40 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
88197b2c by Salvatore Bonaccorso at 2024-05-01T23:11:19+02:00
Process some NFUs
- - - - -
23a51ae2 by Salvatore Bonaccorso at 2024-05-01T23:11:21+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
CVE-2024-33835 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remo ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-33820 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-33775 (An issue with the Autodiscover component in Nagios XI 2024R1.01 allows ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-33518 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: HPE Aruba Networking
CVE-2024-33517 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: HPE Aruba Networking
CVE-2024-33516 (An unauthenticated Denial of Service (DoS) vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: HPE Aruba Networking
CVE-2024-33515 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...)
- TODO: check
+ NOT-FOR-US: HPE Aruba Networking
CVE-2024-33514 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...)
- TODO: check
+ NOT-FOR-US: HPE Aruba Networking
CVE-2024-33513 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...)
- TODO: check
+ NOT-FOR-US: HPE Aruba Networking
CVE-2024-33512 (There is a buffer overflow vulnerability in the underlying Local User ...)
- TODO: check
+ NOT-FOR-US: HPE Aruba Networking
CVE-2024-33511 (There is a buffer overflow vulnerability in the underlying Automatic R ...)
- TODO: check
+ NOT-FOR-US: HPE Aruba Networking
CVE-2024-33442 (An issue in flusity-CMS v.2.33 allows a remote attacker to execute arb ...)
- TODO: check
+ NOT-FOR-US: flusity-CMS
CVE-2024-33431 (An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a ...)
- TODO: check
+ NOT-FOR-US: phiola
CVE-2024-33430 (An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 a ...)
- TODO: check
+ NOT-FOR-US: phiola
CVE-2024-33429 (Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 ...)
- TODO: check
+ NOT-FOR-US: phiola
CVE-2024-33428 (Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 a ...)
- TODO: check
+ NOT-FOR-US: phiola
CVE-2024-33424 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...)
- TODO: check
+ NOT-FOR-US: CMSimple
CVE-2024-33423 (Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSim ...)
- TODO: check
+ NOT-FOR-US: CMSimple
CVE-2024-33393 (An issue in spidernet-io spiderpool v.0.9.3 and before allows a local ...)
TODO: check
CVE-2024-33307 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Laboratory Management System
CVE-2024-33306 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Laboratory Management System
CVE-2024-33304 (SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scrip ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Product Show Room
CVE-2024-33300 (Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross ...)
- TODO: check
+ NOT-FOR-US: Typora
CVE-2024-33292 (SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote ...)
- TODO: check
+ NOT-FOR-US: Realisation MGSD
CVE-2024-33078 (Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send ...)
TODO: check
CVE-2024-32984 (Yamux is a stream multiplexer over reliable, ordered connections such ...)
@@ -55,13 +55,13 @@ CVE-2024-32979 (Nautobot is a Network Source of Truth and Network Automation Pla
CVE-2024-32973 (Pluto is a superset of Lua 5.4 with a focus on general-purpose program ...)
TODO: check
CVE-2024-32213 (The LoMag WareHouse Management application version 1.0.20.120 and olde ...)
- TODO: check
+ NOT-FOR-US: LoMag WareHouse Management application
CVE-2024-32212 (SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0. ...)
- TODO: check
+ NOT-FOR-US: LOGINT LoMag Inventory Management
CVE-2024-32211 (An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before a ...)
- TODO: check
+ NOT-FOR-US: LOGINT LoMag Inventory Management
CVE-2024-32210 (The LoMag WareHouse Management application version 1.0.20.120 and olde ...)
- TODO: check
+ NOT-FOR-US: LoMag WareHouse Management application
CVE-2024-31413 (Free of pointer not at start of buffer vulnerability exists in CX-One ...)
TODO: check
CVE-2024-31412 (Out-of-bounds read vulnerability exists in CX-Programmer included in C ...)
@@ -73,29 +73,29 @@ CVE-2024-29011 (Use of hard-coded password in the GMS ECM endpoint leading to au
CVE-2024-29010 (The XML document processed in the GMS ECM URL endpoint is vulnerable t ...)
TODO: check
CVE-2024-28893 (Certain HP software packages (SoftPaqs) are potentially vulnerable to ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-28775 (IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-28764 (IBM WebSphere Automation 1.7.0 could allow an attacker with privileged ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-26504 (An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute ...)
TODO: check
CVE-2024-26305 (There is a buffer overflow vulnerability in the underlying Utility dae ...)
- TODO: check
+ NOT-FOR-US: HPE Aruba Networking
CVE-2024-26304 (There is a buffer overflow vulnerability in the underlying L2/L3 Manag ...)
- TODO: check
+ NOT-FOR-US: HPE Aruba Networking
CVE-2024-25676 (An issue was discovered in ViewerJS 0.5.8. A script from the component ...)
TODO: check
CVE-2024-25458 (An issue in CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera (circuit board ident ...)
- TODO: check
+ NOT-FOR-US: CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera firmware
CVE-2024-25355 (s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes ...)
TODO: check
CVE-2024-25015 (IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a r ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-24978 (Denial-of-service (DoS) vulnerability exists in TvRock 0.9t8a. Receivi ...)
- TODO: check
+ NOT-FOR-US: TvRock
CVE-2024-24912 (A local privilege escalation vulnerability has been identified in Harm ...)
- TODO: check
+ NOT-FOR-US: Harmony Endpoint Security Client
CVE-2024-24403
REJECTED
CVE-2024-24313 (An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote att ...)
@@ -103,23 +103,23 @@ CVE-2024-24313 (An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remo
CVE-2024-24312 (SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 ...)
TODO: check
CVE-2024-23597 (Cross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8 ...)
- TODO: check
+ NOT-FOR-US: TvRock
CVE-2024-23480 (A fallback mechanism in code sign checking on macOS may allow arbitrar ...)
TODO: check
CVE-2024-23457 (The anti-tampering functionality of the Zscaler Client Connector can b ...)
- TODO: check
+ NOT-FOR-US: Zscaler
CVE-2024-22830 (Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2 ...)
TODO: check
CVE-2024-20378 (A vulnerability in the web-based management interface of Cisco IP Phon ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20376 (A vulnerability in the web-based management interface of Cisco IP Phon ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20357 (A vulnerability in the XML service of Cisco IP Phone firmware could al ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-0334 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7241 (Privilege Escalationin WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 ...)
- TODO: check
+ NOT-FOR-US: Webroot Antivirus
CVE-2023-49606 (A use-after-free vulnerability exists in the HTTP Connection Headers p ...)
TODO: check
CVE-2023-47212 (A heap-based buffer overflow vulnerability exists in the comment funct ...)
@@ -127,9 +127,9 @@ CVE-2023-47212 (A heap-based buffer overflow vulnerability exists in the comment
CVE-2023-47166 (A firmware update vulnerability exists in the luci2-io file-import fun ...)
TODO: check
CVE-2023-46295 (An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated ...)
- TODO: check
+ NOT-FOR-US: Teledyne FLIR M300
CVE-2023-46294 (An issue was discovered in Teledyne FLIR M300 2.00-19. User account pa ...)
- TODO: check
+ NOT-FOR-US: Teledyne FLIR M300
CVE-2023-40533 (An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 w ...)
TODO: check
CVE-2024-27392 (In the Linux kernel, the following vulnerability has been resolved: n ...)
@@ -91939,13 +91939,13 @@ CVE-2023-23024 (Book Store Management System v1.0 was discovered to contain a cr
CVE-2023-23023
RESERVED
CVE-2023-23022 (Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 e ...)
- TODO: check
+ NOT-FOR-US: sourcecodester oretnom23 employee's payroll management system
CVE-2023-23021 (Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 p ...)
- TODO: check
+ NOT-FOR-US: sourcecodester oretnom23 pos point sale system
CVE-2023-23020
RESERVED
CVE-2023-23019 (Cross site scripting (XSS) vulnerability in file main.php in sourcecod ...)
- TODO: check
+ NOT-FOR-US: sourcecodester oretnom23 Blog Site
CVE-2023-23018
RESERVED
CVE-2023-23017
@@ -127184,7 +127184,7 @@ CVE-2022-38388 (IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow
CVE-2022-38387 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allo ...)
NOT-FOR-US: IBM
CVE-2022-38386 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM Q ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-38385 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allo ...)
NOT-FOR-US: IBM
CVE-2022-38384
@@ -261293,7 +261293,7 @@ CVE-2020-27480
CVE-2020-27479
RESERVED
CVE-2020-27478 (Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0 ...)
- TODO: check
+ NOT-FOR-US: Simplcommerce
CVE-2020-27477
RESERVED
CVE-2020-27476
@@ -322995,11 +322995,11 @@ CVE-2019-19755 (ethOS through 1.3.3 ships with SSH host keys baked into the inst
CVE-2019-19754 (HiveOS through 0.6-102 at 191212 ships with SSH host keys baked into the ...)
TODO: check
CVE-2019-19753 (SimpleMiningOS through v1259 ships with SSH host keys baked into the i ...)
- TODO: check
+ NOT-FOR-US: SimpleMiningOS
CVE-2019-19752 (nvOC through 3.2 ships with SSH host keys baked into the installation ...)
TODO: check
CVE-2019-19751 (easyMINE before 2019-12-05 ships with SSH host keys baked into the ins ...)
- TODO: check
+ NOT-FOR-US: easyMINE
CVE-2019-19750 (minerstat msOS before 2019-10-23 does not have a unique SSH key for ea ...)
NOT-FOR-US: minerstat msOS
CVE-2019-19749
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cd52008d24efac55475b987c00d7e4680aecd366...23a51ae232ecc2209f73b3b5c487f032f69d82d1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cd52008d24efac55475b987c00d7e4680aecd366...23a51ae232ecc2209f73b3b5c487f032f69d82d1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240501/0e90a505/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list