[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri May 10 13:54:53 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e10774d2 by Moritz Muehlenhoff at 2024-05-10T14:25:33+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -456,7 +456,7 @@ CVE-2024-29157 (HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read
CVE-2024-28075 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...)
NOT-FOR-US: SolarWinds
CVE-2024-24157 (Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea ...)
- TODO: check
+ NOT-FOR-US: Gnuboard
CVE-2024-23473 (The SolarWinds Access Rights Manager was found to contain a hard-coded ...)
NOT-FOR-US: SolarWinds
CVE-2024-22910 (Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10 ...)
@@ -1209,7 +1209,7 @@ CVE-2024-3755 (The MF Gig Calendar WordPress plugin through 1.2.1 does not sanit
CVE-2024-3752 (The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3661 (DHCP can add routes to a client\u2019s routing table via the classless ...)
- TODO: check
+ NOT-FOR-US: DHCP protocol issue
CVE-2024-3576 (The NPort 5100A Series firmware version v1.6 and prior versions are af ...)
NOT-FOR-US: Moxa
CVE-2024-34538 (Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography.)
@@ -1436,23 +1436,23 @@ CVE-2023-43530 (Memory corruption in HLOS while checking for the storage type.)
CVE-2023-43529 (Transient DOS while processing IKEv2 Informational request messages, w ...)
NOT-FOR-US: Qualcomm
CVE-2023-43528 (Information disclosure when the ADSP payload size received in HLOS in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43527 (Information disclosure while parsing dts header atom in Video.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43526 (Memory corruption while querying module parameters from Listen Sound m ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43525 (Memory corruption while copying the sound model data from user to kern ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43524 (Memory corruption when the bandpass filter order received from AHAL is ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43521 (Memory corruption when multiple listeners are being registered with th ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-33119 (Memory corruption while loading a VM from a signed VM image that is no ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-32873 (In keyInstall, there is a possible out of bounds write due to a missin ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-32871 (In DA, there is a possible permission bypass due to an incorrect statu ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2024-29857 (An issue was discovered in Bouncy Castle Java Cryptography APIs before ...)
- bouncycastle <unfixed> (bug #1070655)
[bookworm] - bouncycastle <no-dsa> (Minor issue)
@@ -2563,13 +2563,13 @@ CVE-2023-42125 (Avast Premium Security Sandbox Protection Link Following Privile
CVE-2023-42124 (Avast Premium Security Sandbox Protection Incorrect Authorization Priv ...)
NOT-FOR-US: Avast Premium Security Sandbox Protection
CVE-2023-42123 (Control Web Panel mysql_manager Command Injection Remote Code Executio ...)
- TODO: check
+ NOT-FOR-US: Control Web Panel
CVE-2023-42122 (Control Web Panel wloggui Command Injection Local Privilege Escalation ...)
- TODO: check
+ NOT-FOR-US: Control Web Panel
CVE-2023-42121 (Control Web Panel Missing Authentication Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Control Web Panel
CVE-2023-42120 (Control Web Panel dns_zone_editor Command Injection Remote Code Execut ...)
- TODO: check
+ NOT-FOR-US: Control Web Panel
CVE-2023-42113 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...)
NOT-FOR-US: PDF-XChange Editor EMF
CVE-2023-42112 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...)
@@ -70814,7 +70814,7 @@ CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-31235 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31234 (Missing Authorization vulnerability in Tilda Publishing.This issue aff ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoq ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31232 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...)
@@ -74831,7 +74831,7 @@ CVE-2023-29883
CVE-2023-29882
RESERVED
CVE-2023-29881 (phpok 6.4.003 is vulnerable to SQL injection in the function index_f() ...)
- TODO: check
+ NOT-FOR-US: phpok
CVE-2023-29880
RESERVED
CVE-2023-29879
@@ -83433,7 +83433,7 @@ CVE-2023-27323 (Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privil
CVE-2023-27322 (Parallels Desktop Service Improper Initialization Local Privilege Esca ...)
NOT-FOR-US: Parallels Desktop
CVE-2023-27321 (OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion D ...)
- TODO: check
+ NOT-FOR-US: OPC Foundation UA .NET
CVE-2023-27320 (Sudo before 1.9.13p2 has a double free in the per-command chroot featu ...)
- sudo 1.9.13p3-1 (bug #1032163)
[bullseye] - sudo <not-affected> (Vulnerable code not present)
@@ -85462,7 +85462,7 @@ CVE-2023-1002 (A vulnerability, which was classified as problematic, has been fo
CVE-2023-1001
RESERVED
CVE-2023-1000 (A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has be ...)
- TODO: check
+ NOT-FOR-US: dcnnt-py
CVE-2023-0999 (A vulnerability classified as problematic was found in SourceCodester ...)
NOT-FOR-US: SourceCodester Sales Tracker Management System
CVE-2023-0998 (A vulnerability classified as critical has been found in SourceCodeste ...)
@@ -116639,17 +116639,17 @@ CVE-2021-46847
CVE-2022-43657
RESERVED
CVE-2022-43656 (Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosur ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-43655 (Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code E ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-43654 (NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2022-43653 (Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Executio ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-43652 (Bentley View SKP File Parsing Use-After-Free Information Disclosure Vu ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-43651 (Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vul ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-43650 (This vulnerability allows remote attackers to disclose sensitive infor ...)
NOT-FOR-US: RARLAB WinRAR
CVE-2022-43649 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -122589,7 +122589,7 @@ CVE-2022-40694 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2022-40311 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analyt ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40218 (Missing Authorization vulnerability in ThemeHunk Advance WordPress Sea ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40216 (Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Mes ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40209 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability inXylus The ...)
@@ -147187,23 +147187,23 @@ CVE-2022-32511 (jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load
NOTE: https://github.com/jmespath/jmespath.rb/pull/55
NOTE: https://github.com/jmespath/jmespath.rb/commit/e8841280053a9d9a0c90f36223f926c8b9e4ec49 (v1.6.1)
CVE-2022-32510 (An issue was discovered on certain Nuki Home Solutions devices. The HT ...)
- TODO: check
+ NOT-FOR-US: Nuki Home Solutions
CVE-2022-32509 (An issue was discovered on certain Nuki Home Solutions devices. Lack o ...)
- TODO: check
+ NOT-FOR-US: Nuki Home Solutions
CVE-2022-32508 (An issue was discovered on certain Nuki Home Solutions devices. By sen ...)
- TODO: check
+ NOT-FOR-US: Nuki Home Solutions
CVE-2022-32507 (An issue was discovered on certain Nuki Home Solutions devices. Some B ...)
- TODO: check
+ NOT-FOR-US: Nuki Home Solutions
CVE-2022-32506 (An issue was discovered on certain Nuki Home Solutions devices. An att ...)
- TODO: check
+ NOT-FOR-US: Nuki Home Solutions
CVE-2022-32505 (An issue was discovered on certain Nuki Home Solutions devices. It is ...)
- TODO: check
+ NOT-FOR-US: Nuki Home Solutions
CVE-2022-32504 (An issue was discovered on certain Nuki Home Solutions devices. The co ...)
- TODO: check
+ NOT-FOR-US: Nuki Home Solutions
CVE-2022-32503 (An issue was discovered on certain Nuki Home Solutions devices. An att ...)
- TODO: check
+ NOT-FOR-US: Nuki Home Solutions
CVE-2022-32502 (An issue was discovered on certain Nuki Home Solutions devices. There ...)
- TODO: check
+ NOT-FOR-US: Nuki Home Solutions
CVE-2022-32501
RESERVED
CVE-2022-32500
@@ -173253,7 +173253,7 @@ CVE-2022-0371 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2022-0370 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
CVE-2022-0369 (Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Tra ...)
- TODO: check
+ NOT-FOR-US: Triangle MicroWorks SCADA
CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...)
NOT-FOR-US: Moxa
CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm ...)
@@ -213680,13 +213680,13 @@ CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary
CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: TP-Link
CVE-2021-35002 (BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: BMC Track-It!
CVE-2021-35001 (BMC Track-It! GetData Missing Authorization Information Disclosure Vul ...)
- TODO: check
+ NOT-FOR-US: BMC Track-It!
CVE-2021-35000 (OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disc ...)
- TODO: check
+ NOT-FOR-US: OpenBSD
CVE-2021-34999 (OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disc ...)
- TODO: check
+ NOT-FOR-US: OpenBSD
CVE-2021-34998 (This vulnerability allows local attackers to escalate privileges on af ...)
NOT-FOR-US: Panda Security Free Antivirus
CVE-2021-34997 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -213718,9 +213718,9 @@ CVE-2021-34985 (This vulnerability allows remote attackers to disclose sensitive
CVE-2021-34984 (This vulnerability allows remote attackers to disclose sensitive infor ...)
NOT-FOR-US: Bentley ContextCapture
CVE-2021-34983 (NETGEAR Multiple Routers httpd Missing Authentication for Critical Fun ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2021-34982 (NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2021-34981 (Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vu ...)
- linux 5.10.46-1
[buster] - linux 4.19.194-1
@@ -213736,65 +213736,65 @@ CVE-2021-34978 (This vulnerability allows network-adjacent attackers to execute
CVE-2021-34977 (This vulnerability allows network-adjacent attackers to bypass authent ...)
NOT-FOR-US: Netgear
CVE-2021-34976 (Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosur ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34975 (Foxit PDF Reader transitionToState Use-After-Free Remote Code Executio ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34974 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34973 (Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosur ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34972 (Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulner ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34971 (Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remot ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34970 (Foxit PDF Reader print Method Use of Externally-Controlled Format Stri ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34969 (Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vuln ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34968 (Foxit PDF Editor transitionToState Use-After-Free Remote Code Executio ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34967 (Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34966 (Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34965 (Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execut ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34964 (Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Executi ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34963 (Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execut ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34962 (Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34961 (Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution V ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34960 (Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Executio ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34959 (Foxit PDF Editor Square Annotation Use-After-Free Remote Code Executio ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34958 (Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34957 (Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execu ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34956 (Foxit PDF Editor Underline Annotation Use-After-Free Remote Code Execu ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34955 (Foxit PDF Editor Stamp Annotation Use-After-Free Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34954 (Foxit PDF Editor StrikeOut Annotation Use-After-Free Remote Code Execu ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34953 (Foxit PDF Reader Annotation Use of Uninitialized Variable Remote Code ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34952 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34951 (Foxit PDF Reader Annotation Use of Uninitialized Variable Information ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34950 (Foxit PDF Reader Annotation Out-Of-Bounds Read Remote Code Execution V ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34949 (Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34948 (Foxit PDF Reader Square Annotation Use-After-Free Remote Code Executio ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34947 (NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-34946 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Bentley View
CVE-2021-34945 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -321232,7 +321232,7 @@ CVE-2019-20326 (A heap-based buffer overflow in _cairo_image_surface_create_from
NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/14860321ce3235d420498c4f81f21003d1fb78f4 (3.8.3)
NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce2358812d23a1147953ee76f59631590ad (master)
CVE-2020-5200 (Minerbabe through V4.16 ships with SSH host keys baked into the instal ...)
- TODO: check
+ NOT-FOR-US: Minerbabe
CVE-2020-5199
RESERVED
CVE-2020-5198
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e10774d26b4ac2ee4e471797041f8f90c6aa4073
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e10774d26b4ac2ee4e471797041f8f90c6aa4073
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240510/280a913f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list