[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 21 14:45:27 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1a268088 by Salvatore Bonaccorso at 2024-05-21T15:42:55+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2024-4289 (The Sailthru Triggermail WordPress plugin through 1.1 does not sa
CVE-2024-4061 (The Survey Maker WordPress plugin before 4.2.9 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3155 (The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Block ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35195 (Requests is a HTTP library. Prior to 2.32.0, when making requests thro ...)
- requests <unfixed>
NOTE: https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
@@ -39,9 +39,9 @@ CVE-2024-33901 (Issue in KeePassXC 2.7.7 allows an attacker to recover some pass
CVE-2024-33900 (KeePassXC 2.7.7 allows attackers to recover cleartext credentials.)
TODO: check
CVE-2024-2189 (The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0816 (The buffer overflow vulnerability in the DX3300-T1 firmware version V5 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-37929 (The buffer overflow vulnerability in the CGI program of the VMG3625-T5 ...)
TODO: check
CVE-2024-5137 (A vulnerability classified as problematic was found in PHPGurukul Dire ...)
@@ -83,15 +83,15 @@ CVE-2024-34947 (Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.
CVE-2024-34193 (smanga 3.2.7 does not filter the file parameter at the PHP/get file fl ...)
NOT-FOR-US: smanga
CVE-2024-31714 (Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows ...)
- TODO: check
+ NOT-FOR-US: Waxlab wax
CVE-2024-2835 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified ...)
TODO: check
CVE-2024-29651 (A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v. ...)
TODO: check
CVE-2024-29000 (The SolarWinds Platform was determined to be affected by a reflected c ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-27312 (Zoho ManageEngine PAM360 version 6601 is vulnerable to authorization v ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2024-24294 (A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 a ...)
TODO: check
CVE-2024-24293 (A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 all ...)
@@ -99,19 +99,19 @@ CVE-2024-24293 (A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0
CVE-2024-1968 (In scrapy/scrapy, an issue was identified where the Authorization head ...)
TODO: check
CVE-2024-0401 (ASUS routers supporting custom OpenVPN profiles are vulnerable to a co ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2023-49335 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2023-49334 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2023-49333 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2023-49332 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2023-49331 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2023-49330 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2024-36009 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
@@ -1024,7 +1024,7 @@ CVE-2024-5064 (A vulnerability was found in PHPGurukul Online Course Registratio
CVE-2024-5063 (A vulnerability was found in PHPGurukul Online Course Registration Sys ...)
NOT-FOR-US: PHPGurukul Online Course Registration System
CVE-2024-5055 (Uncontrolled resource consumption vulnerability in XAMPP Windows, vers ...)
- TODO: check
+ NOT-FOR-US: XAMPP Windows
CVE-2024-5052 (Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 ...)
NOT-FOR-US: Cerberus Enterprise
CVE-2024-5051 (A vulnerability has been found in SourceCodester Gas Agency Management ...)
@@ -1803,7 +1803,7 @@ CVE-2024-22120 (Zabbix server can perform command execution for configured scrip
CVE-2024-21746 (Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate R ...)
NOT-FOR-US: WordPress plugin
CVE-2023-5597 (A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboar ...)
- TODO: check
+ NOT-FOR-US: 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x
CVE-2023-52698 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
@@ -2061,17 +2061,17 @@ CVE-2023-47679 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
CVE-2023-47178 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: WordPress plugin
CVE-2023-46784 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46205 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46197 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46145 (Improper Privilege Management vulnerability in Themify Themify Ultra a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45652 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44478 (Cross-Site Request Forgery (CSRF) vulnerability in WP Hive Events Rich ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4204 (The Bulk Posts Editing For WordPress plugin for WordPress is vulnerabl ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3609 (The ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce plu ...)
@@ -2173,83 +2173,83 @@ CVE-2023-48368 (Improper input validation in Intel(R) Media SDK software all ver
CVE-2023-47859 (Improper access control for some Intel(R) Wireless Bluetooth products ...)
NOT-FOR-US: Intel
CVE-2023-47282 (Out-of-bounds write in Intel(R) Media SDK all versions and some Intel( ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-47210 (Improper input validation for some Intel(R) PROSet/Wireless WiFi softw ...)
TODO: check
CVE-2023-47169 (Improper buffer restrictions in Intel(R) Media SDK software all versio ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-47165 (Improper conditions check in the Intel(R) Data Center GPU Max Series 1 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-46691 (Use after free in Intel(R) Power Gadget software for Windows all versi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-46689 (Improper neutralization in Intel(R) Power Gadget software for macOS al ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-45846 (Incomplete cleanup in Intel(R) Power Gadget software for macOS all ver ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-45845 (Improper conditions check for some Intel(R) Wireless Bluetooth(R) prod ...)
TODO: check
CVE-2023-45743 (Uncontrolled search path in some Intel(R) DSA software uninstallers be ...)
TODO: check
CVE-2023-45736 (Insecure inherited permissions in Intel(R) Power Gadget software for W ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-45320 (Uncontrolled search path element in some Intel(R) VTune(TM) Profiler s ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-45315 (Improper initialization in some Intel(R) Power Gadget software for Win ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-45221 (Improper buffer restrictions in Intel(R) Media SDK all versions may al ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-45217 (Improper access control in Intel(R) Power Gadget software for Windows ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-43751 (Uncontrolled search path in Intel(R) Graphics Command Center Service b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-43748 (Improper access control in some Intel(R) GPA Framework software instal ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-43745 (Improper input validation in some Intel(R) CBI software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-43629 (Incorrect default permissions in some Intel(R) GPA software installers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-43487 (Improper access control in some Intel(R) CST before version 2.1.10300 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-42773 (Improper neutralization in Intel(R) Power Gadget software for Windows ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-42668 (Incorrect default permissions in some onboard video driver software be ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-42433 (Incorrect default permissions in some Endurance Gaming Mode software i ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-41961 (Uncontrolled search path in some Intel(R) GPA software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-41957 (Improper Privilege Management vulnerability in smp7, wp.Insider Simple ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41956 (Improper Authentication vulnerability in smp7, wp.Insider Simple Membe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41955 (Improper Privilege Management vulnerability in WPDeveloper Essential A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41954 (Improper Privilege Management vulnerability in ProfilePress Membership ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41665 (Improper Privilege Management vulnerability in GiveWP allows Privilege ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41243 (Improper Privilege Management vulnerability in WPvivid Team WPvivid Ba ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41234 (NULL pointer dereference in Intel(R) Power Gadget software for Windows ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-41092 (Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-41082 (Null pointer dereference for some Intel(R) CST software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-40536 (Race condition for some some Intel(R) PROSet/Wireless WiFi software fo ...)
TODO: check
CVE-2023-40155 (Uncontrolled search path for some Intel(R) CST software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-40071 (Improper access control in some Intel(R) GPA software installers befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-40070 (Improper access control in some Intel(R) Power Gadget software for mac ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39929 (Uncontrolled search path in some Libva software maintained by Intel(R) ...)
TODO: check
CVE-2023-39433 (Improper access control for some Intel(R) CST software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39163 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-38654 (Improper input validation for some some Intel(R) PROSet/Wireless WiFi ...)
TODO: check
CVE-2023-38581 (Buffer overflow in Intel(R) Power Gadget software for Windows all vers ...)
@@ -2797,7 +2797,7 @@ CVE-2023-5936 (On Unix systems (Linux, MacOS), Arc uses a temporary file with un
CVE-2023-5935 (When configuring Arc (e.g. during the first setup), a local web interf ...)
NOT-FOR-US: Nozomi Networks
CVE-2023-40297 (Stakater Forecastle 1.0.139 and before allows %5C../ directory travers ...)
- TODO: check
+ NOT-FOR-US: Stakater Forecastle
CVE-2024-4894 (ITPison OMICARD EDM fails to properly filter specific URL parameter, ...)
NOT-FOR-US: ITPison OMICARD EDM
CVE-2024-4893 (DigiWin EasyFlow .NET lacks validation for certain input parameters, a ...)
@@ -3309,17 +3309,17 @@ CVE-2024-0762 (Potential buffer overflow in unsafe UEFI variable handling in
CVE-2023-50180 (An exposure of sensitive system information to an unauthorized control ...)
NOT-FOR-US: ForiGuard
CVE-2023-46714 (A stack-based buffer overflow [CWE-121] vulnerability in Fortinet Fort ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-46280 (A vulnerability has been identified in S7-PCT (All versions), Security ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-45586 (An insufficient verification of data authenticity vulnerability [CWE-3 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-45583 (A use of externally-controlled format string in Fortinet FortiProxy ve ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-44247 (A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-40720 (An authorization bypass through user-controlled key vulnerability [CWE ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-36640 (A use of externally-controlled format string in Fortinet FortiProxy ve ...)
TODO: check
CVE-2023-35841 (Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Dri ...)
@@ -3747,7 +3747,7 @@ CVE-2024-27082 (Cacti provides an operational monitoring and fault management fr
- cacti 1.2.27+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h
CVE-2024-25662 (Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 ...)
- TODO: check
+ NOT-FOR-US: Oxygen XML Web Author and Oxygen Content Fusion
CVE-2024-25641 (Cacti provides an operational monitoring and fault management framewor ...)
- cacti 1.2.27+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88
@@ -3762,7 +3762,7 @@ CVE-2023-50717 (NocoDB is software for building databases as spreadsheets. Start
CVE-2023-49781 (NocoDB is software for building databases as spreadsheets. Prior to 0. ...)
NOT-FOR-US: NocoDB
CVE-2023-46870 (extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAP ...)
- TODO: check
+ NOT-FOR-US: Nordic Semiconductor nRF Sniffer for Bluetooth
CVE-2022-4967 (strongSwan versions 5.9.2 through 5.9.5 are affected by authorization ...)
TODO: check
CVE-2024-27401 (In the Linux kernel, the following vulnerability has been resolved: f ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a2680882ddd3a1abf6e58c4308c4a94623c44d7
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a2680882ddd3a1abf6e58c4308c4a94623c44d7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240521/b75e08f9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list